feat(matrix): add SecretStorage API and implementation

Adds SecretStorage interface and RustSecretStorage implementation for accessing Matrix SSSS (Secure Secret Storage and Sharing). This enables storing and retrieving encrypted secrets using the user's recovery key. Also fixes SDK compatibility issues: - Remove deprecated Sentry configuration from TracingService - Make analytics SDK enableSentryLogging a no-op Requires updated Rust SDK with SecretStoreWrapper FFI.
2026-03-28 17:18:05 -07:00 · 2026-03-28 17:18:05 -07:00 · 86d6686aee
commit 86d6686aee
parent f56f124a39
6 changed files with 122 additions and 17 deletions
--- a/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/MatrixClient.kt
+++ b/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/MatrixClient.kt
@ -20,6 +20,7 @@ import io.element.android.libraries.matrix.api.core.SessionId
 import io.element.android.libraries.matrix.api.core.UserId
 import io.element.android.libraries.matrix.api.createroom.CreateRoomParameters
 import io.element.android.libraries.matrix.api.encryption.EncryptionService
+import io.element.android.libraries.matrix.api.secretstorage.SecretStorage
 import io.element.android.libraries.matrix.api.linknewdevice.LinkDesktopHandler
 import io.element.android.libraries.matrix.api.linknewdevice.LinkMobileHandler
 import io.element.android.libraries.matrix.api.media.MatrixMediaLoader
@ -61,6 +62,7 @@ interface MatrixClient {
    val notificationService: NotificationService
    val notificationSettingsService: NotificationSettingsService
    val encryptionService: EncryptionService
+    val secretStorage: SecretStorage
    val roomDirectoryService: RoomDirectoryService
    val mediaPreviewService: MediaPreviewService
    val matrixMediaLoader: MatrixMediaLoader
--- a/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/secretstorage/SecretStorage.kt
+++ b/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/secretstorage/SecretStorage.kt
@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2026 Sulkta Coop.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package io.element.android.libraries.matrix.api.secretstorage
+
+/**
+ * Interface for accessing Matrix SSSS (Secure Secret Storage and Sharing).
+ *
+ * This allows storing and retrieving encrypted secrets in the user's
+ * Matrix account data, using their recovery key for encryption.
+ */
+interface SecretStorage {
+    /**
+     * Open the secret store with a recovery key.
+     *
+     * @param recoveryKey The Matrix recovery key (base58 encoded, 48 characters)
+     *                    or passphrase that was used to set up SSSS
+     * @return SecretStore instance if key is valid, null if invalid or SSSS not set up
+     */
+    suspend fun openSecretStore(recoveryKey: String): SecretStore?
+}
+
+/**
+ * An opened secret store that can read and write secrets.
+ *
+ * Secrets are encrypted with the recovery key and stored in the user's
+ * account data on the homeserver.
+ */
+interface SecretStore {
+    /**
+     * Store a secret encrypted with SSSS.
+     *
+     * @param secretName The secret identifier (e.g., "com.sulkta.cardano.wallet_seed")
+     * @param secret The secret value to store
+     */
+    suspend fun putSecret(secretName: String, secret: String): Result<Unit>
+
+    /**
+     * Retrieve a secret from SSSS.
+     *
+     * @param secretName The secret identifier
+     * @return The decrypted secret, or null if not found
+     */
+    suspend fun getSecret(secretName: String): Result<String?>
+
+    /**
+     * Export the recovery key as a base58-encoded string.
+     *
+     * This is useful for displaying the key to the user for verification.
+     */
+    fun exportRecoveryKey(): String
+}