Everything you need, nothing you don't.
Strong by default, private by design, and pleasant to use every day.
Privacy by design
Zero-knowledge encryption
Vault items are encrypted with AES-256-GCM on your device. The server stores only opaque ciphertext.
Passphrase accounts
Sign up with a generated 12-word passphrase. No email, no phone number, no personal data.
Blinded identity
Even your login handle is stored only as a salted hash, so the server can't enumerate or identify its users.
No tracking
No analytics, no third-party scripts, no telemetry. Nothing to leak.
Security
Argon2id key derivation
Your master password is stretched with a memory-hard KDF, making brute-force attacks impractical.
Two-factor (TOTP)
Turn on app-based 2FA in a click; logins then require a one-time code.
Auto-lock
The vault locks itself after inactivity, clearing your keys from memory.
Open source and auditable
The full client and server are public, so you can verify the cryptography yourself.
Everyday use
Browser extension
A popup vault for Chrome and Firefox that stays unlocked between uses.
Autofill with domain matching
Fill credentials on the right site only, with strict host matching that helps resist phishing.
Password generator
Create strong, unique passwords for every account.
Self-hostable
Run the whole thing yourself from a single static Go binary with SQLite.