Security
Moraya is designed with security as a priority. This page describes the key security measures built into the application.
API Key Storage (OS Keychain)
API keys are encrypted and stored in the operating system’s native credential manager:
| Platform | Storage |
|---|---|
| macOS | Keychain Access |
| Windows | Credential Manager |
| Linux | libsecret / Secret Service |
Keys are never stored in plain text files or exposed in the frontend JavaScript.
Rust AI Proxy
All LLM API calls are routed through the Rust backend:
- The frontend sends a request to Rust via Tauri IPC
- Rust retrieves the API key from the OS Keychain
- Rust adds authentication headers and forwards the request to the provider
- The response is streamed back to the frontend
This prevents API keys from appearing in browser devtools, network inspection, or WebView memory.
Content Security Policy (CSP)
Tauri’s CSP configuration restricts what the WebView can load and execute:
script-src 'self'— Only scripts from the application bundleconnect-src ipc:— Network requests only through Tauri IPC
This prevents cross-site scripting (XSS) and unauthorized external connections.
MCP Security
MCP server processes are protected by multiple layers:
- Startup confirmation — User approval required before connecting to new servers
- Command validation — Shell metacharacters are rejected to prevent injection
- Zombie process cleanup — Orphaned MCP processes are automatically terminated
- Response buffer limits — 64KB per line, 1000 iterations maximum
- Environment variable filtering — Dangerous variables (
LD_PRELOAD,DYLD_*, etc.) are blocked - Dynamic service code confirmation — AI-generated MCP code requires user approval before execution
Path Traversal Protection
File operations validate all paths to prevent directory traversal attacks:
- Paths are canonicalized before access
- Traversal patterns (
../) are rejected - Access is restricted to the user’s home directory and configured knowledge base directories
HTML Sanitization
User-generated and imported HTML content is sanitized before rendering:
- Script tags and event handler attributes are removed
- Iframes and embedded objects are stripped
- URL schemes are validated (only
http:,https:,mailto:allowed) - Safe rendering of pasted and imported Markdown content