IPFS for Security: Why We Don't Use Cloud Servers

When we designed VaultKeepR, one of the first questions was: "Where should encrypted vaults be stored?" The default answer in the industry is "our cloud servers." We chose a fundamentally different path.

The Cloud Problem

Cloud providers like AWS, Azure, and GCP are engineering marvels. They offer 99.99% uptime, automatic scaling, and global distribution. So why not use them?

Because for a password manager, the question isn't just availability — it's trust minimization.

What Cloud Storage Means for Your Passwords

When a password manager uses cloud storage:

1. Your data has a physical address — It lives in specific data centers, subject to the laws of specific jurisdictions
2. One entity controls access — The cloud provider can be compelled to hand over data or shut down accounts
3. Centralized operations — Backup, replication, and access control are managed by the password manager company
4. You can't verify independently — You have to trust that the company stores what they say they store

Past Incidents

The risks aren't theoretical:

• 2022-2023: LastPass breach — Attackers accessed cloud storage containing encrypted vault backups for millions of users
• 2019: AWS S3 misconfigurations — Millions of records exposed through improper bucket settings
• Ongoing: Government data requests — Cloud-hosted data is routinely subpoenaed under various legal frameworks

Enter IPFS: Content-Addressed Storage

IPFS (InterPlanetary File System) is a peer-to-peer protocol where data is identified by what it is, not where it is.

Traditional Storage (Location-Based)

"Give me the file at server-47.company.com/vaults/user-12345"

→ You trust the server to return the correct file
→ If the server is down, the file is unavailable
→ The server operator can modify the file

IPFS (Content-Based)

"Give me the file with hash bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oc..."

→ Any node on the network can serve the file
→ The hash guarantees the file hasn't been modified
→ Multiple nodes can store copies for redundancy

The key insight: with IPFS, the identifier IS the verification. If someone tampers with your encrypted vault, the hash changes, and the CID no longer matches. You get tamper detection for free.

How VaultKeepR Uses IPFS

The Upload Flow

Vault JSON

  → Compress (gzip)
    → Encrypt (XChaCha20-Poly1305)
      → HMAC commitment
        → Upload to IPFS (via Storacha)
          → CID returned
            → wallet address → CID mapping stored

The Retrieval Flow

Wallet address

  → Look up CID
    → Fetch encrypted blob from IPFS
      → Verify HMAC commitment
        → Decrypt (XChaCha20-Poly1305)
          → Decompress
            → Vault JSON

What's Stored Where

Data	Where	Why
Encrypted vault blob	IPFS network	Decentralized, persistent, verifiable
Wallet → CID mapping	VaultKeepR API	Lightweight coordination (not security-critical)
Master password	Nowhere (in your head)	Zero-knowledge
Encryption key	Nowhere (derived on-device)	Ephemeral, wiped after use
Local vault copy	Your device	Offline access, performance

IPFS Benefits for Password Security

1. No Single Point of Failure

Your encrypted vault isn't on one server or in one data center. It exists on the IPFS network, potentially replicated across multiple nodes worldwide. Taking down VaultKeepR's infrastructure doesn't destroy your data.

2. Cryptographic Verification

Every time you retrieve your vault, the CID (a hash) guarantees the content hasn't been altered. No trust required — just math.

3. Censorship Resistance

No single entity can be ordered to delete or withhold your encrypted vault. As long as at least one IPFS node has your data pinned, it remains accessible.

4. Vendor Independence

Your vault is stored using an open protocol, not a proprietary system. You can interact with IPFS directly, without VaultKeepR as an intermediary.

5. Transparent Storage

Unlike a proprietary cloud backend, you can verify exactly what's stored on IPFS. Fetch the CID, and you'll see the exact encrypted blob — no hidden metadata, no surprise data collection.

Addressing Concerns

"Is IPFS fast enough?"

For password manager vaults (typically under 1MB), IPFS retrieval is very fast — usually under 1 second. VaultKeepR also caches your vault locally, so day-to-day usage doesn't depend on network speed.

"What about data availability?"

VaultKeepR uses Storacha, a reliable IPFS pinning service, to ensure your encrypted vault remains available. You also have a local copy on every device where you've unlocked your vault.

"Isn't public IPFS data visible to everyone?"

Yes — anyone can download your encrypted blob if they know the CID. But the vault is encrypted with XChaCha20-Poly1305 using a key derived from your master password and wallet signature. Without those, the data is meaningless noise.

This is actually the correct security model: encryption provides confidentiality, not access control. Security shouldn't depend on hiding the ciphertext.

"Doesn't IPFS make the right to be forgotten difficult?"

You can unpin data from IPFS, which causes it to eventually be garbage-collected from nodes that no longer need it. But the fundamental answer is: encrypted data that you can no longer decrypt is effectively "forgotten" — it's indistinguishable from random bytes.

The Bigger Picture

The choice between cloud servers and IPFS isn't just a technical decision — it's a trust decision.

With cloud storage, you're trusting:

• The password manager company
• Their cloud provider
• The legal jurisdiction where servers reside
• The operational security of all involved parties

With IPFS, you're trusting:

• Mathematics (content-addressed hashing)
• Cryptography (XChaCha20-Poly1305 + Argon2id)
• An open protocol maintained by a global community

We believe the second list is shorter, more verifiable, and more resilient.

Keep Reading

• The Case for Decentralized Password Storage
• Why XChaCha20-Poly1305 Is the Future of Encryption
• What Is a Zero-Knowledge Password Manager?

---

Your encrypted vault shouldn't have a landlord. VaultKeepR stores your passwords on IPFS — open, verifiable, and independent of any company's infrastructure.

Learn more →