Introduction

The Armory Stack is an open-source access management system tailored for uses-case that need strong authentication and fine-grained authorization. It is designed to secure the usage of private keys, wallets, and web3 applications.

It's a web3-native policy engine combined with a highly customizable next-gen auth system, able to be deployed in a variety of secure configurations.

Decoupling access management from key storage provides a number of benefits, including:

• Unified access controls for wallet & non-wallet actions

• Reduce vendor lock-in at the key management layer

• Create a common interface for wallet access across custodial & non-custodial wallets

Policy Engine

The core of the Armory system is the auth service and policy engine.

It takes authorization requests from the Client, enforces policy rules, and grants access tokens that are used to protect downstream resources (such as a wallet).

The types of permissions that can be modeled are wide-ranging, from granular transaction policies with quorum approval rules, to broad role-based user scopes.

Access Tokens are client-bound. Unlike a Bearer token (such as in OAuth 2.0), the token alone is not sufficient to access protected resources; http request signatures ensure only the intended client is able to use the token.

Armory Vault

Any application, wallet provider, or other resource server can be protected by Armory Auth. However, for many common scenarios, the Armory Vault can be used in order to avoid custom integration work.

It has two core capabilities

• Act as a Key Vault for secure key generation, import, and storage

• Securely sign blockchain transactions using stored keys