Encryption Environments Multi Accounts Passwordless Copy & Reveal File Repo Roles Audit Log
Security Feature

AES-256 Encryption.
Zero knowledge.

Every credential encrypted in your browser before it touches our servers. Even we can't read your secrets.

Start storing securely →
How it works

Encrypted before it leaves your browser

Your credentials never travel unencrypted. The moment you hit Save, AES-256-GCM encrypts your data — before it's sent to our servers.

  • AES-256-GCM on every credential field
  • Unique encryption key per workspace
  • Keys never stored alongside your data
  • Decryption only happens in your browser
  • Database breach = unreadable ciphertext
SAVE FLOW Your input raw AES-256 browser only cipher Database REVEAL FLOW fetch cipher Decrypt browser only key never leaves plaintext Encryption key lives in your server Never stored with your credentials in the database
By the numbers

Why AES-256 is the gold standard

2²⁵⁶
Possible key combinations
256
Bit key length
Years to brute force
0
Known successful attacks
Technical details

How we implement it

GCM mode

Galois/Counter Mode provides both encryption AND authentication. Tampered data is detected before decryption starts.

Random IV per save

Each encryption uses a unique 12-byte nonce. Same value encrypted twice produces completely different ciphertext.

Key separation

Encryption key lives separately from your data. A full database breach = completely unreadable ciphertext.

Browser-side only

Decryption never happens on our servers. Plaintext credentials only exist in your browser's memory.

Your credentials deserve real protection

Not a shared Google Sheet. Not a Slack DM. Real AES-256-GCM encryption.

Start for free →