Adamant is a specialized storage engine designed for the financial sector's most rigorous requirement: Immutability.
In highly regulated environments (Banking, Trading, Insurance), logs and transaction histories must be stored in a WORM (Write Once, Read Many) format to prevent tampering. Adamant acts as a cryptographic middleware that guarantees data integrity not just through policy, but through mathematical proof.
Core Philosophy: "Trust, but Verify." We trust the storage provider (AWS S3) to hold the bytes, but we verify the integrity of the history using our own cryptographic chain.
Adamant is built in Rust to leverage its memory safety guarantees and prevent buffer overflows that could be exploited to bypass retention checks.
Adamant sits between your application and the raw object storage.
- Write Phase: When a file is uploaded, Adamant calculates its SHA-256 hash and uploads it to S3 with Object Lock (Governance or Compliance mode) enabled.
- Retention Logic: The retention period is embedded in the object's metadata and signed. Attempts to overwrite or delete before expiry are rejected at both the API level and the storage layer.
To prove that no files have been silently deleted by a rogue admin with direct S3 access:
- Every upload is appended to a local Merkle Tree.
- The Root Hash of this tree is periodically anchored to a public ledger (e.g., Ethereum or a private audit log).
- Audit: An auditor can request a
Merkle Proofto verify that a specific document exists in the set and has not been altered since creation.
- All data is encrypted using AES-256-GCM before leaving the memory buffer.
- Keys are managed via a KMS (Key Management System) abstraction, ensuring strictly separated duties.
- Language: Rust (Tokio for async I/O)
- Storage Backend: AWS S3 (with Object Lock enabled) / MinIO (for on-premise)
- Integrity:
rs-merklefor tree construction. - API: gRPC (Protobuf) for strictly typed ingestion.
# Set up credentials and retention policy (e.g., 7 years)
export RETENTION_YEARS=7
cargo run --release