Secure Password Vault - A Zero-Knowledge Password Manager

Welcome to the Secure Password Vault — a modern, privacy-focused password manager designed for developers, security enthusiasts, and everyday users who want complete control over their personal data. This tool ensures that your passwords never leave your browser in readable form. Every password is encrypted before being sent to the server using AES-256 encryption.

This makes the Password Vault a true Zero-Knowledge Password Manager — meaning even the server cannot decrypt or read your saved passwords. You can use our password-analyzer tool to generate strong passwords.

Support This Free Tool!

I build these tools to give you fast, secure, privacy-friendly utilities—free and signup-free.

Buying me a coffee helps keep the project running and supports new features.

Powered by

Thank you for helping this tool thrive!

We do not store, log any key you enter. This tool runs entirely over a secure HTTPS connection to keep your encryption key safe at all times.

🚀 Key Features

• 🔐 Client-Side Encryption: Your master password never touches the backend.
• 🔒 AES-256-GCM Encryption for every stored password.
• 🧂 scrypt Key Derivation protects your master password from brute force attacks.
• 🧩 Per-Entry Salt for generating unique encryption keys for each password.
• 👁️ On-Demand Decryption Only: Passwords are decrypted only when the user requests it.
• 💻 Server Never Sees Plaintext: Only encrypted ciphertext & metadata are stored.
• 🔐 Secure JWT-based authentication to access your personal vault.

🛡️ Security Architecture

The Password Vault is engineered with a Defense-in-Depth philosophy. Here’s how your data stays safe:

1️⃣ Browser-Side Encryption (Zero Knowledge)

Your master password derives a key using scrypt, which intentionally slows down brute-force attackers.

2️⃣ AES-256-GCM Encryption

Each password entry is encrypted with AES-256 GCM using a unique salt and IV. This ensures even two identical passwords produce different ciphertext.

3️⃣ Server Stores Only Ciphertext

The server stores:

• Ciphertext (encrypted JSON)
• Entry-specific salt
• Timestamps

No master password. No decrypted password. No usable data for attackers.

4️⃣ On-Demand Decryption Flow

To reveal a password:

1. User clicks “Show Password”
2. Backend returns only the encrypted blob
3. User enters master password
4. The browser decrypts it locally

This ensures total end-to-end privacy.

🧭 How to Use the Password Vault (Usage Guide)

1. Create a Master Password

During first use, you will enter a Master Password or Key. This key never leaves your device and is never sent to the server.

2. Add a New Password Entry

1. Enter the website or application name.
2. Enter the password you want to protect.
3. The browser encrypts it automatically using AES-256-GCM.
4. The encrypted cipher is stored in your vault.

3. View a Password

1. Click “Show Password.”
2. The backend sends only the encrypted data.
3. You enter your master password again (for safety).
4. The browser decrypts the password locally and displays it.

4. Delete a Password

A single click removes an entry from your vault.

This tool follows modern cryptographic best practices ensuring maximum privacy, trust, and user confidence.

❓ Frequently Asked Questions

🎯 Final Thoughts

The Secure Password Vault is built for users who care deeply about privacy, security, and full control of their data. With client-side encryption, scrypt-hardened keys, per-entry salts, and a Zero-Knowledge backend, you get the highest possible level of online password security.

You own your data. You control your keys. The server acts only as a secure storage locker for your encrypted vault.