Everything you need to know — from first login to team collaboration.
Overview
From what you type to what gets stored — see exactly what happens.
How your password travels
You
Type a password
AES-256
Encrypted instantly
Database
Gibberish stored
Only you
Can decrypt it
Core concept
Every secret lives inside an Organization → Vault → Credential hierarchy. Click each level to explore.
Acme Corp
Company vault
Your isolated workspace. Think of it as your own private island — no other user can see in.
Getting started
Follow these steps or click any tab to jump ahead.
After registering, you'll be prompted to create your first organization. This is your private workspace — completely isolated from other users.
New organization
What you can store
Fields are fully flexible — name them anything. Every value is encrypted individually before saving.
Production Server
Every field encrypted with AES-256-GCM
Working with secrets
All interactive — try clicking each action below.
Click the eye to reveal temporarily. Masks again after 3 seconds.
Copies plaintext to clipboard without showing it on screen.
Cryptographically random. Click refresh for a new one.
Roles & permissions
Four roles, precisely scoped. Click each role to compare access.
Click a role above to see what it can do.
Audit logs
An immutable log entry is written for every view, edit, and deletion.
Each entry captures: user, org, action, target, timestamp, IP address.
Encryption
Click each layer to understand the encryption pipeline.
Readable in your browser. Never leaves in this form.
Argon2id password hashing
Login passwords hashed with memory-hard Argon2id. OWASP recommended. GPU-resistant.
httpOnly JWT cookies
Session tokens in httpOnly, Secure, SameSite=Strict cookies. JavaScript cannot read them.
Your vault is waiting. Set up in under two minutes — no credit card required.