PassCryp shield logoPassCryp
Sign inStart free

A Password Manager for Indie Teams and Startups

Most team password managers charge per-seat and bundle features small teams don't need. PassCryp gives small teams shared vaults, group-based access, and zero-knowledge encryption — without the enterprise sales call.

Start your free vault Security model

Shared vaults with group access

Create vaults for engineering, marketing, ops — invite teammates with read or write access in seconds.

Zero-knowledge for teams too

Shared items use per-group encryption keys derived client-side. We can't read team secrets either.

Audit log included

See who accessed what, when. Critical for compliance and post-incident review.

Automatic key rotation on revoke

When someone leaves, their access is revoked and the shared vault key is rotated client-side — old sessions cannot decrypt new items.

API key vault per project

Group your AWS, Stripe, OpenAI, and GitHub keys per project, with expiry alerts so nothing goes stale.

No per-seat enterprise pricing

Flat, transparent pricing for small teams. No quote-only plans, no minimum seats.

Why small teams need this differently

Enterprise password managers are built for 500-person IT departments. They have SAML, SCIM, on-prem connectors, and a quote-only price tag — none of which a 5-person startup needs. But the underlying problem is the same: shared credentials should be encrypted, access should be auditable, and revoking someone should be instant.

PassCryp solves the small-team problem without the enterprise tax. You create a shared vault, invite teammates by email, and pick read or write. The vault is encrypted with a per-vault key that's wrapped to each member's public key — when someone joins, their device unwraps the key locally; when someone leaves, the key rotates and old sessions go dark.

There's no admin console you have to learn. No SSO contract negotiation. No vendor onboarding call. The team workflow is the same as your personal workflow, just with vaults you share.

How team sharing works under the hood

Each shared vault has a random 256-bit AES key generated client-side. For each member, PassCryp encrypts the vault key with the member's RSA public key (generated and stored locally when they signed up). The server stores N wrapped copies — one per member — and the vault key itself never exists in plaintext on our servers.

When a member opens a shared vault, their device fetches the wrapped key, decrypts it locally using their RSA private key (which never leaves their device), and then decrypts vault items as normal. Adding a member triggers a client-side wrap-and-upload; removing a member triggers a rotate-and-rewrap so the removed member's wrapped key becomes useless.

Audit logs record actions (item viewed, item updated, member added, member removed) but never contents. The log itself is append-only and signed.

When to choose PassCryp over an enterprise tool

Choose PassCryp if your team is under ~25 people, your secrets workflow is more about "don't email API keys" than about SOC2-mandated quarterly access reviews, and you want to onboard a teammate in 60 seconds instead of 60 minutes.

Choose an enterprise tool (1Password Business, Keeper Business) if you need SAML SSO, SCIM provisioning, on-prem secrets gateways, or a vendor contract for compliance. We're honest about where we fit — we'd rather lose a deal than oversell.

Frequently asked questions

How does shared vault encryption work?

Each shared vault has its own key, encrypted to each member's public key. Revoking access rotates the vault key automatically.

What's the minimum team size?

Two people. No minimums, no enterprise gating.

Can I move my personal vault into a team vault?

Yes — share individual items or whole folders into team vaults from the vault UI.

Do you support SSO?

Not yet — SAML SSO is on the roadmap. Today, members sign in with email + master password, with optional TOTP 2FA.

How fast is revoke?

Instant. Revoking a member rotates the vault key client-side on the next admin action; the removed member's wrapped key becomes useless immediately.

Is there a per-seat price?

No. Team plans are flat: one Premium subscription covers up to 5 members; larger teams contact us for a flat-rate plan.

Related reading

PassCryp vs 1Password

How we compare on encryption and price.

PassCryp vs Bitwarden

Open-source comparison.

PassCryp vs LastPass

Migrating away from LastPass.

Ready to take control of your secrets?

Start a free zero-knowledge vault in under 60 seconds.

Start your free vault