Free Encrypt/Decrypt Vault

A free browser-based password vault plus encryption tools for text, documents, and messages. Your encrypted data stays on your device — export a backup anytime.

Your passwords, your encryption, your backup

Secure Vault runs entirely in your web browser. Nothing is sent to a WheezyDoesit.co.uk database when you save entries or encrypt files — your encrypted vault lives in local storage on your phone, tablet, or computer. Download a JSON backup whenever you make changes you care about.

Testing stage

Secure Vault is in a testing phase at the moment. It is experimental software and has not been professionally security-audited. The site owner may remove Vault from wheezydoesit.co.uk at any time, at their sole discretion, with or without notice. Keep regular encrypted backups and do not rely on Vault as your only copy of important passwords or files. See the free software disclaimer for full legal terms.

What is Secure Vault?

Secure Vault is a free web app at wheezydoesit.co.uk/software/vault. It combines a personal password manager (store website logins, notes, and generated passwords) with standalone encryption tools (encrypt text, Word/PDF/ODT/TXT documents, or short messages with a password you choose). There is no subscription and no charge for any feature.

Everything happens on your device. You create your own sign-in account on each browser — no shared usernames or passwords from the site. When you unlock the vault, your browser encrypts data with AES-GCM before saving it locally. No remote server holds your sign-in details, master password, or decrypted entries.

What is it for?

  • Keeping usernames, passwords, URLs, and notes for sites and services in one encrypted place.
  • Generating strong random passwords when you create or update an account.
  • Encrypting text or a file so only someone with the password can open it.
  • Sending an encrypted message string safe to paste into email or chat (share the password separately).
  • Backing up your encrypted vault to a JSON file you can restore later.

Vault is intended for personal use. It has not been professionally audited. For system-wide autofill across all apps, consider a dedicated password manager and use Vault's backup export if you need to migrate data.

How it works (no server)

When you unlock Vault with your master password, the app derives an encryption key using PBKDF2-SHA256 (25,000 iterations) and encrypts your data with AES-GCM 256-bit encryption. The encrypted blob is stored in your browser's localStorage for this website address only.

Your master password is never stored. If you forget it, there is no recovery — the encrypted data cannot be decrypted without it. Clearing browser data for this site, switching browsers, or using a private window without syncing will not show the same vault unless you import a backup.

Sign-in vs master password

Vault uses two security layers before you reach your saved entries:

Sign-in account

You create your own username and password the first time you use Vault on a browser. It hides the app from casual viewers. Only one-way PBKDF2-SHA256 hashes are saved in this browser's localStorage — never the plain text. There are no pre-set or shared login details.

Master password

Actually protects your vault entries and backups. Derives the AES key. Never stored. You must remember it — this is what keeps your real data safe.

Important

Sign-in is a convenience gate on this device, not server authentication. Short sign-in passwords could be guessed offline if someone copies your browser storage. Make both your sign-in password and your master password strong and unique.

Create your account

On the sign-in screen, click Create account, pick a username (2–64 characters) and password (at least 6 characters), confirm, then set your master password on the unlock screen. Each person on a shared computer creates their own account. Usernames must be unique on that browser.

Accounts do not sync across phones or browsers automatically. On a new device, create an account there and Import a backup JSON if you need the same vault data (you will need the master password from when the backup was exported).

Quick start

  1. Open Secure Vault in a modern browser (Chrome, Firefox, Safari, or Edge).
  2. First visit on this browser: click Create account and choose a username and password. Returning: Sign in with the account you created here.
  3. On the unlock screen: first time — set a strong master password (twice if prompted); returning — enter your master password and click Unlock. To add another encrypted vault under the same account, tick Create a new vault.
  4. Use the Vault tab to add your first entry with + New.
  5. Go to Backup and download a JSON backup file. Save it on your computer or phone — you need it if you change browsers or clear site data.
  6. See the full Vault help guide for Documents, Encrypt/Decrypt, and troubleshooting.

What you can do in the app

Vault tab

Password entries with label, URL, username, password, and notes. Search, show/hide, copy, generate strong passwords, add, edit, and delete. Vault does not auto-fill other sites — copy and paste where needed.

Encrypt / Decrypt

Quick text encryption: enter a password, paste plaintext, encrypt to a base64 blob, or paste a blob and decrypt. Uses single-round encryption; use Documents for multi-round files.

Documents

Document mode: encrypt Word, PDF, ODT, or TXT with password and round count (1–20), download encrypted file, decrypt later with same password and count.
Message mode: encrypt short messages for email or chat.

Backup & Settings

Export/import encrypted vault JSON. Change master password (type new password twice). Lock returns to unlock screen; Sign out returns to sign-in so you can switch accounts. Auto-locks after 5 minutes of inactivity.

Count must match on decrypt

If document encryption used Count 5, decryption must also use 5. The encrypted file exposes only the round count externally; filename and type stay hidden inside the ciphertext until decrypted.

Why it is safe to use

Your vault is not stored on the WheezyDoesit.co.uk server.

WheezyDoesit.co.uk delivers the app page to your browser. After that, your encrypted vault lives on your device — not on our servers. We cannot view, recover, or restore your entries if you lose your master password.

  • Encryption in the browser — AES-GCM 256 with PBKDF2-SHA256 key derivation via the Web Crypto API.
  • No cloud sync — we do not upload or backup your vault or sign-in accounts for you.
  • Sign-in accounts are browser-local — only one-way hashes are stored on your device; clearing site data removes them.
  • Master password never stored — only you can decrypt your data.
  • Works offline after loading — on HTTPS, the service worker caches the app for offline use after your first visit.

Multiple accounts and vaults on one browser

Sign-in accounts: each person clicks Create account and picks their own username and password. Sign out, then sign in as someone else to switch. Each account keeps its own vault data separate in localStorage.

Encrypted vaults (same account): one signed-in user can also keep more than one vault, each with its own master password. Tick Create a new vault on the unlock screen to add another, or use Delete this vault to remove one without affecting others.

Important: export your vault for a backup

Because nothing is saved on the WheezyDoesit.co.uk server, you are responsible for your own backup.

Whenever you have made changes you care about, open the Backup tab and click Download backup. Your browser saves a JSON file containing only encrypted data. Keep it somewhere safe — it is useless without your master password, but you need both if you lose browser data.

How to export (backup)

  1. Unlock Secure Vault with your master password.
  2. Open the Backup tab and click Download backup.
  3. Save the JSON file somewhere you will find again (Documents, USB drive, trusted cloud storage, etc.).

How to import on another browser, computer, or phone

  1. Open Secure Vault on the new device or browser (from this guide or the Free Software menu).
  2. Click Create account (or sign in if you already created one on that browser), then unlock or create a vault with your master password.
  3. Open Backup, choose your .json file, and click Import.
  4. Confirm when asked — import replaces the currently unlocked vault. Use the master password from when that backup was created on the next unlock.
Remember your master password — there is no forgot-password flow.

Lose the master password and you lose access to the vault and any backups encrypted with it. Sign-in passwords are also not recoverable (only hashes are stored). After changing the master password in Settings, make a fresh backup.

Install on your phone (PWA)

On the live HTTPS site, Vault can be added to your home screen and works offline after the first visit.

  • iPhone (Safari): Share → Add to Home Screen → Add.
  • Android (Chrome): Menu → Install app or Add to Home screen.
iOS limitation

A home-screen PWA cannot act as system-wide password autofill in Safari or other apps. Open Vault, copy the password, then paste it where needed.

Quick summary
  • Secure Vault runs in your browser — offline-friendly on HTTPS after the first load.
  • You create your own sign-in account on each browser; vault data stays on your device.
  • WheezyDoesit.co.uk does not store your vault or sign-in details on its servers.
  • Use Download backup regularly so you always have your own copy.
  • Use Import to restore or move your vault to another browser, computer, or phone.

Frequently asked questions

Quick answers about the free Encrypt/Decrypt Vault

Is Secure Vault free?

Yes — completely free. No subscription, app-store purchase, or premium tier. All features run in your browser at no charge.

Where is my vault data stored?

Your encrypted vault is saved in your browser's local storage on your device for this website address only. WheezyDoesit.co.uk does not store your passwords or entries on its servers.

What is the difference between sign-in and the master password?

Sign-in is a username and password you create on your browser — stored only as one-way hashes. It opens the app on that device. The master password derives the encryption key and protects your vault data. The master password is never stored anywhere.

How do I create a Vault account?

Open Secure Vault, click Create account, choose a username and password, then set a master password on the unlock screen. Accounts exist only in that browser unless you export a backup JSON to move your vault elsewhere.

How do I back up my vault?

Unlock the vault, open the Backup tab, and click Download backup. Your browser saves a JSON file with encrypted data only. Keep it safe — it needs your master password to be useful.

Can I encrypt a Word or PDF file?

Yes. Open the Documents tab, choose Encrypt / Decrypt Document, select your file, set password and round count, then Encrypt & Download. Decrypt later with the same password and count.

Sign-in not accepted — what should I do?

Use the username and password you created on this browser. First visit? Click Create account instead. Cleared site data? Your old account is gone — create a new one and import a backup if you have one. Vault cannot recover a forgotten sign-in password.

Decrypt failed — what went wrong?

Password must match exactly. Count must match the value used when encrypting. For messages, paste the full encrypted string with no missing characters. Check Caps Lock and keyboard layout for master password issues.

More on WheezyDoesit

Secure Vault is one of the free tools from WheezyDoesit.co.uk. See also the Pothole App and Wheezy Projects guides from the Free Software menu.

Connect With Us

Have suggestions for resources you'd like to see? Email us at support@wheezydoesit.co.uk