How it works (no server)
When you unlock Vault with your master password, the app derives an encryption key using PBKDF2-SHA256 (25,000 iterations) and encrypts your data with AES-GCM 256-bit encryption. The encrypted blob is stored in your browser's localStorage for this website address only.
Your master password is never stored. If you forget it, there is no recovery — the encrypted data cannot be decrypted without it. Clearing browser data for this site, switching browsers, or using a private window without syncing will not show the same vault unless you import a backup.
Sign-in vs master password
Vault uses two security layers before you reach your saved entries:
Sign-in account
You create your own username and password the first time you use Vault on a browser. It hides the app from casual viewers. Only one-way PBKDF2-SHA256 hashes are saved in this browser's localStorage — never the plain text. There are no pre-set or shared login details.
Master password
Actually protects your vault entries and backups. Derives the AES key. Never stored. You must remember it — this is what keeps your real data safe.
Sign-in is a convenience gate on this device, not server authentication. Short sign-in passwords could be guessed offline if someone copies your browser storage. Make both your sign-in password and your master password strong and unique.
Create your account
On the sign-in screen, click Create account, pick a username (2–64 characters) and password (at least 6 characters), confirm, then set your master password on the unlock screen. Each person on a shared computer creates their own account. Usernames must be unique on that browser.
Accounts do not sync across phones or browsers automatically. On a new device, create an account there and Import a backup JSON if you need the same vault data (you will need the master password from when the backup was exported).
Quick start
- Open Secure Vault in a modern browser (Chrome, Firefox, Safari, or Edge).
- First visit on this browser: click Create account and choose a username and password. Returning: Sign in with the account you created here.
- On the unlock screen: first time — set a strong master password (twice if prompted); returning — enter your master password and click Unlock. To add another encrypted vault under the same account, tick Create a new vault.
- Use the Vault tab to add your first entry with + New.
- Go to Backup and download a JSON backup file. Save it on your computer or phone — you need it if you change browsers or clear site data.
- See the full Vault help guide for Documents, Encrypt/Decrypt, and troubleshooting.