Password & secrets vault
Vaultana
Local-first encrypted storage for passwords, recovery codes, private notes, cards, identities, and sensitive secrets. Everything is encrypted on your device with AES-256-GCM. No account, no sync, no server.
Vault is locked
Enter your master passphrase to unlock. If you forget it, your data cannot be recovered — we never store it.
Minimum 12 characters. Your passphrase derives the encryption key via PBKDF2 (600k iterations). It is never stored — if you forget it, your vault is unrecoverable.
Your passphrase is kept in memory only while deriving the key and is cleared after.
Your passphrase is kept in memory only while deriving the key and is cleared after.
How it works
Encryption
AES-256-GCM
Key derivation
PBKDF2-SHA256, 600k iterations
Storage
localStorage, encrypted at rest
Data leaves device?
Never
Your master passphrase derives an AES-256-GCM encryption key via PBKDF2. All vault data is encrypted before being stored in your browser's localStorage — it is never readable without the passphrase. The vault auto-locks after 5 minutes of inactivity. Your passphrase is cleared from memory after key derivation and is never stored anywhere.