A Secure Password Vault for Everything

PassCryp is an encrypted vault for every secret you care about: website logins, two-factor codes, API keys, SSH keys, secure notes, credit cards. Everything encrypts on your device with AES-256-GCM before syncing — only you can unlock it.

Start your free vault Security model

Every secret type, one vault

Passwords, TOTP, API keys, SSH keys, notes, cards. Provider-aware fields for the structured ones.

AES-256-GCM authenticated encryption

Fresh nonce per item, GCM authentication tag detects tampering, hardware-accelerated via Web Crypto.

Argon2id key derivation

Memory-hard, GPU/ASIC-resistant. OWASP-recommended parameters. Your master password is never sent.

Sync across every device

Same vault on laptop, phone, tablet. Encrypted on the wire, encrypted at rest, encrypted in the database.

Encrypted backups + export

Download an encrypted JSON backup at any time. Restore on any device with your master password.

Why a vault beats a notebook (or your browser)

A paper notebook is single-device, unsearchable, and a security disaster the moment it's lost. A browser-built-in manager (Chrome, Safari) is OK for casual use but lacks strong key derivation, cross-browser sync, and breach monitoring.

A dedicated encrypted vault gives you: cryptographic randomness for password generation, instant cross-device sync, breach monitoring against the HIBP database, and structured fields for non-password secrets (API keys, TOTP, cards). All while keeping the encryption guarantees that browsers don't quite reach.

What encryption layers actually protect you

Transport: TLS protects data between your browser and our servers. Standard, table-stakes.

At-rest in our database: every column with a secret is encrypted with AES-256-GCM. The database operator cannot read your data even with full DB access.

End-to-end: encryption happens in your browser before any sync. The plaintext exists only in the memory of devices you've actively unlocked. Combined with zero-knowledge key derivation, this is the strongest practical model in 2026.

Backups and disaster recovery

PassCryp keeps multiple replicas of your encrypted vault across availability zones. You also get one-click encrypted JSON export — download it, store on an external drive, restore on any device.

For the absolute worst case (forgotten master password, lost devices), the recovery kit you downloaded at signup is the escape hatch. It's a one-page PDF with an encrypted recovery key; print it, store offline, never share it. Without it, the vault is unrecoverable by design — that's the price of true zero-knowledge.

Frequently asked questions

What does PassCryp store in the vault?

Website logins (with TOTP), API keys, SSH keys, credit cards, secure notes, identity records, and file attachments (Premium).

Is the vault encrypted at rest?

Yes — twice. AES-256-GCM client-side (zero-knowledge), and column-level encryption inside our database as defense-in-depth.

Can I export my vault?

Yes — encrypted JSON or unencrypted CSV at any time. Your data is portable to every major password manager.

How big can the vault get?

Free covers 100 items. Premium and Pro are unlimited. Vaults of 10k+ items work fine; sync stays fast.

What happens if PassCryp goes down?

Your locally cached vault stays unlocked for the session, and your encrypted backup restores anywhere. Your data is never trapped on our servers.

Can two people share a vault?

Yes — see password sharing. Per-vault keys wrap to each member's public key for end-to-end shared access.

Ready to take control of your secrets?

Start a free zero-knowledge vault in under 60 seconds.

Start your free vault