Secure Digital Vault
Your unbreakable cryptographic safe for files, keys, and records. End-to-end encrypted, device-bound, zero-knowledge.
Download Vault
Native apps for desktop. Verify checksums after download.
macOS
Apple Silicon & Intel
Linux
AppImage & CLI
Quickstart
Get up and running in 5 minutes.
- Download & Install Get Vault for your platform above.
- Create Vault Set strong passphrase + save recovery kit.
- Add Devices Link 2+ trusted devices for recovery.
- Store Secrets Files, API keys, documents, passwords.
- ✅ Done! Your vault is secure and backed up.
Ready to start?
Your first vault takes 3 minutes to set up.
Vaults
Encrypted containers for your most sensitive data.
How it works
- 1 Your devices encrypt data with unique keys
- 2 Only your devices can decrypt - zero-knowledge
- 3 Backups stored encrypted across providers
Security model
Keys & Devices
Hardware-backed keys on each trusted device. No central decryption service.
Secure Sharing
Share folders or individual records with other Vault users via encrypted invitations.
Granular permissions
- • Read-only access to specific folders
- • Time-limited sharing links
- • Revoke anytime, instantly
- • Audit trail of all access
Zero trust sharing
Recipients decrypt with their own keys. We never see plaintext.
Command Line Interface
Script everything from backups to secret rotation.
# Login to your vault
Start
Welcome to your first steps with the Vault. Here you’ll learn the basics and get everything ready.
- Step 1: Set up your vault
- Step 2: Add your devices
- Step 3: Securely store your keys and files
- Step 4: Share and verify access safely
vault login
# List all secrets
vault list
# Store API key
vault put api/prod/stripe sk_live_xxxxx
# Retrieve secret
vault get api/prod/stripe
# Rotate secrets
vault rotate api/prod/stripe
# Audit access
vault auditWorks everywhere
CI/CD, cron jobs, SSH sessions, Docker containers.
REST API
Fetch short-lived, scoped secrets for your services without hard-coded keys.
Example
GET /api/vaults/my-vault/secrets/stripe?ttl=300
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
{
"secret": "sk_live_xxxxx",
"ttl": 300,
"expires": "2025-12-23T15:30:00Z"
}Key features
- • TTL-based secret leasing
- • Scoped access control
- • Audit logging
- • Rate limiting