Assorted changes

1 files changed, 18 insertions, 3 deletions

diff --git a/lockchain-core/src/init.rs b/lockchain-core/src/init.rs
index 1880599..410974a 100644
--- a/lockchain-core/src/init.rs
+++ b/lockchain-core/src/init.rs
@@ -2,16 +2,31 @@ use errors::VaultError;
 use traits::{Body, Vault};
 
 /// Describes the internal permission layout of a vault
+/// 
+/// ---
+/// 
+/// **Important Note** Because lockchain-core doesn't make assumptions about
+/// about the existence of a cryptographic layer, the `UserStore` that
+/// handles these secrets assumes they are **not** secret!
+/// 
+/// This means that only already encrypted keys should be given to the
+/// generator type, because they will be written to disk **as is** by
+/// certain backends!
+/// 
+/// It is in the responsibility of the library user to make sure that all
+/// cryptographic operations are handled on the client side. Clear-text
+/// keys that are given to a generator
+/// should be considered **fully compromised**
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub enum VaultType {
     /// Create an all-powerful root user which can access everything
     Administrated {
-        /// Set a root password
-        secret: String,
+        /// 
+        secret: Vec<u8>,
     },
     /// Similar to `Administrated`
     /// but only allows a single-user for a vault
-    SoloUser { username: String, secret: String },
+    SoloUser { username: String, secret: Vec<u8> },
 }
 
 /// A shared initialisation generator for vaults