Encrypt everything. Forget nothing.

Every password. Every account. Encrypted in your browser before anything leaves your device.

Start for free — it's always free
No card needed · Free forever · Cancel anytime
Zero-knowledge  ·  AES-256-GCM  ·  Client-side only
vault.app/dashboard
All Entries · 76 total
79% Health
4 Breached
PayPal
Finance
Instagram
Social
Gmail
Email
Facebook
Social
Spotify
Music
Amazon
Shopping
PayPal
Finance
Email
s••••@syrius.kr
Password
••••••••••••
Phone
+1 ••••••7842
PIN
••••
Recovery
s••••@gmail.com
Added Mar 2023 Strong ↑94
0+
Entries managed
AES-256
Encryption standard
0 bytes
Plaintext on server
0
PBKDF2 iterations
End-to-end encryption

Encrypted before it
touches our servers

Every password, backup code, and recovery email is encrypted with AES-256-GCM in your browser using a key derived from your master password via PBKDF2 — 310,000 iterations of SHA-256. We store ciphertext. Nothing else.

  • AES-256-GCM with unique IV per field
  • PBKDF2 key derivation — 310k iterations
  • Master password never sent to server
  • In-memory key only — wipes on lock
🔑
Master Password
PBKDF2 · SHA-256 · 310k iterations
🗝
AES-256 Key
In memory only
AES-256-GCM · unique IV per field
a3f8…c291
Encrypted Ciphertext
All server ever stores
Transmitted over HTTPS → Neon DB / R2
paypal ⌘K
PayPal PersonalFinance ↵ Open
Coinbase WalletCrypto ↵ Open
Bitcoin WalletCrypto ↵ Open
3 results  ·  76 total entries  ·  esc close
Instant search

Find any account
in milliseconds

Search across site names, URLs, tags, and entry types without ever decrypting anything. Hit ⌘K anywhere in the app to open the command palette — open, copy, reveal, or navigate in one keystroke.

  • Full-text search on unencrypted metadata
  • Command palette with keyboard shortcuts
  • Filter by domain, type, or collection
  • Results in <50ms across 1000+ entries
Pro · Files & Images

Encrypted files,
not just passwords

Attach passport scans, tax documents, screenshots, and certificates to any entry. Files are encrypted client-side before upload — Cloudflare R2 stores only ciphertext. Per-attachment security levels (open, masked, protected) give you granular control.

  • Up to 20 files per entry
  • 25 MB per file (10 MB images)
  • Per-file security level controls
  • Inline preview — PDF, image, text
Pro plan — 100 files · 100 images · Max plan unlimited
Attachments 3 files
📄
passport_scan.pdf
2.4 MB · Protected
🔒
🖼
bank_statement.png
890 KB · Masked
👁
📝
recovery_codes.txt
1.2 KB · Open
+ Add attachment
Zero-knowledge

We built Vault so we
cannot read your data.

Every encryption decision — from the algorithm to the iteration count to where the key lives — was made to ensure that even a full database breach exposes nothing usable. This isn't a feature. It's the architecture.

🔑
PBKDF2 key derivation
Your master password is used once to derive a key, then discarded. The derived key lives in memory only and wipes on lock or page refresh.
🔒
AES-256-GCM, always
Every sensitive field uses authenticated encryption with a unique IV per operation. The authentication tag detects any tampering before decryption.
Auto-lock on inactivity
5 minutes of inactivity wipes the key from memory. Clipboard auto-clears after 30 seconds. Revealed passwords re-mask after 15 seconds.
AES-256
PBKDF2
IV/GCM
0 logs
"Even if our servers are compromised, your passwords remain mathematically unreadable."
Pro & Max — AI Security Intelligence

Your vault. Analyzed.
Never exposed.

AI examines only metadata — site names, strength scores, entry counts. Your actual passwords are never sent to any model. Zero-knowledge remains absolute.

🔴

Breach detection

HaveIBeenPwned checks using k-anonymity. Only the first 5 chars of the SHA-1 hash leave your device.

⚠️

Weak password alerts

Entropy-based strength scoring catches reused, dictionary, and short passwords across your entire vault.

🤖

Auto-categorize

Entries are automatically categorized by URL. Import 200 passwords from Chrome and they're organized instantly.

📊

Vault health score

A real-time security score with an action plan — fix the 4 breached first, then the 11 weak, then duplicates.

AI Security Report 76 entries analyzed
Vault Health Score
79%
4 Breached 11 Weak 3 Duplicates 58 Strong
⚠️
GitHub password reused on 2 other services
Generate unique password →
🔴
Chase Bank found in data breach (Jan 2024)
Update password immediately →

Pricing that respects you

Start free. No credit card. No tricks.

Monthly Yearly Save 17%

All plans include end-to-end encryption  ·  Cancel anytime

Questions

Never. Your master password is used locally to derive the AES-256 encryption key via PBKDF2. It is never transmitted, logged, or stored anywhere — not in memory after key derivation, not in our database, not in any log. If you forget it, your data is permanently unrecoverable. This is by design.
The vault locks. The in-memory encryption key is wiped and you'll need to re-enter your master password to unlock. This is intentional — the key is never written to localStorage, sessionStorage, or IndexedDB. The vault also auto-locks after 5 minutes of inactivity.
Architecturally impossible. All encryption happens in your browser. Our servers store AES-256-GCM ciphertext — random-looking bytes with no decryption capability on our side. Even a complete database breach or a court subpoena gives an attacker nothing usable.
Pro adds encrypted file/image storage (up to 100 each) plus AI security features and breach detection. Max removes all storage limits and adds custom entry types, encrypted export, per-entry activity logs, and priority support. Both maintain the same zero-knowledge guarantee.
Yes. Vault supports CSV import from Chrome, Firefox, Safari, and most password managers including 1Password and Bitwarden. Your imported passwords are encrypted client-side immediately during import — they're never stored in plaintext at any point in the process.

Your passwords deserve better
than browser autofill.

Join developers and everyday users who've moved every credential to one encrypted hub.

Start for free Read the security docs →

Zero-knowledge  ·  AES-256-GCM  ·  Open to audit