Welcome to the Secure Password Vault - a modern, privacy-focused password manager designed for developers, security enthusiasts, and everyday users who want complete control over their personal data. This tool ensures that your passwords never leave your browser in readable form. Every password is encrypted before being sent to the server using AES-256 encryption.
This makes the Password Vault a true Zero-Knowledge Password Manager - meaning even the server cannot decrypt or read your saved passwords. You can use our password-analyzer tool to generate strong passwords.
π Secure Password Vault
Add a New Password
Master Key
Your encryption password - never leaves your browserYour Saved Passwords
| App / Site | Saved On | Actions |
|---|---|---|
|
|
||
|
No passwords saved yet. Add your first entry above to get started. |
||
Privacy Guarantee: We do not store, log, or transmit any master key or password you enter. All encryption and decryption happens entirely within your browser using your device's processing power. This tool is provided for personal use - please use it responsibly.
π Key Features
- π Client-Side Encryption: Your master password never touches the backend.
- π AES-256-GCM Encryption for every stored password.
- π§ scrypt Key Derivation protects your master password from brute force attacks.
- 𧩠Per-Entry Salt for generating unique encryption keys for each password.
- ποΈ On-Demand Decryption Only: Passwords are decrypted only when the user requests it.
- π» Server Never Sees Plaintext: Only encrypted ciphertext & metadata are stored.
- π Secure JWT-based authentication to access your personal vault.
π‘οΈ Security Architecture
The Password Vault is engineered with a Defense-in-Depth philosophy. Hereβs how your data stays safe:
1οΈβ£ Browser-Side Encryption (Zero Knowledge)
Your master password derives a key using scrypt, which intentionally slows down brute-force attackers.
2οΈβ£ AES-256-GCM Encryption
Each password entry is encrypted with AES-256 GCM using a unique salt and IV. This ensures even two identical passwords produce different ciphertext.
3οΈβ£ Server Stores Only Ciphertext
The server stores:
- Ciphertext (encrypted JSON)
- Entry-specific salt
- Timestamps
No master password. No decrypted password. No usable data for attackers.
4οΈβ£ On-Demand Decryption Flow
To reveal a password:
- User clicks "Show Password"
- Backend returns only the encrypted blob
- User enters master password
- The browser decrypts it locally
This ensures total end-to-end privacy.
π§ How to Use the Password Vault (Usage Guide)
1. Create a Master Password
During first use, you will enter a Master Password or Key. This key never leaves your device and is never sent to the server.
2. Add a New Password Entry
- Enter the website or application name.
- Enter the password you want to protect.
- The browser encrypts it automatically using AES-256-GCM.
- The encrypted cipher is stored in your vault.
3. View a Password
- Click "Show Password."
- The backend sends only the encrypted data.
- You enter your master password again (for safety).
- The browser decrypts the password locally and displays it.
4. Delete a Password
A single click removes an entry from your vault.
This tool follows modern cryptographic best practices ensuring maximum privacy, trust, and user confidence.
β Frequently Asked Questions
π― Final Thoughts
The Secure Password Vault is built for users who care deeply about privacy, security, and full control of their data. With client-side encryption, scrypt-hardened keys, per-entry salts, and a Zero-Knowledge backend, you get the highest possible level of online password security.
You own your data. You control your keys. The server acts only as a secure storage locker for your encrypted vault.
β€οΈ Liked this tool?
If it saved you time, consider buying me a coffee to support future improvements.