Mythos is a lightweight system that protects text-based secrets with strong cryptography.
Mythos is not an enterprise secrets manager. It is designed to support personal protection use cases (e.g.: protecting a list of passwords or private keys backed up in public cloud storage) with encryption typically used in defense or military environments.
Mythos is designed to be as simple and portable as possible. It does not require external authentication servers or database systems to store or retrieve secrets. But in exchange for this simplicity and portability, Mythos does not support multiple users or fine grained roles/entitlement.
Mythos protects collections of secrets entrusted to it in a Legend, an encrypted file.
Legends are protected at rest with AES-256 GCM encryption. The key for this encryption (i.e.: its Data Encryption Key or DEK) is never stored. Instead it is generated once when a Legend is first initialized and reconstructed every time a permitted user wants to access that Legend.
When a Legend is first initialized, Mythos helps the user create a DEK using Shamir's Secret Sharing Algorithm. Mythos does this by generating Shard Keys, a set of Shamir's keys that reconstruct a Legend's DEK. When a user wants to use Mythos to access a Legend, they load these Shard Keys into Mythos' Keyring. If enough Shard Keys applicable to the Legend are entered into the Keyring, the Legend is unlocked and its secrets are accessable.
Mythos protects its secrets with cryptography and cryptographic security parameters (CSPs) derived from the BouncyCastle libraries.