Even our engineers cannot read your passwords. No tech degree required to understand why — we explain it all right here.
See how it worksStep by step
Before anything leaves your browser, your password is transformed into unreadable code. What lands on our servers looks like complete nonsense.
Your password
hunter2
Stored in database
—
You enter a credential in the app. At this moment it's readable — but it never leaves your browser in this form.
Using AES-256-GCM — the same encryption standard governments and banks use — your password is scrambled into unreadable code using a key derived from your master password.
Our servers receive and store only the encrypted blob. Without your unique key, it's completely useless to anyone — including us.
The key concept
Think of it like a safe deposit box at a bank. The bank stores your box — but only you have the key. Without your key, the bank itself cannot open it.
SecureVault servers
Store your encrypted data
Your master password
The only key that works
Your readable passwords
Only when combined
⚠️ This is a feature, not a bug
Because your master password never leaves your device, if you forget it, we genuinely cannot recover your data. This is exactly what makes the system so secure. Always store your master password in a safe place.
Worst case scenario
We design the system to assume the worst. Even if an attacker gained complete access to our database, here's what they'd find:
← Just an email address
← Not reversible
← Encrypted gibberish
← Encrypted gibberish
To read a single password, a hacker would additionally need:
Never stored anywhere. Lives only in your memory. Cannot be retrieved from our servers under any circumstances.
The decryption key is generated at runtime and exists only in memory. It's never written to disk.
Brute-forcing AES-256 would take longer than the age of the universe, even using every computer on Earth.
By the numbers
Here's a comparison that puts things in perspective.
A padlock
Seconds
Can be cut with basic tools
A bank vault
Hours to days
Requires heavy equipment and experts
AES-256-GCM
Longer than the universe
No known attack exists. Not now, not ever.
AES-256-GCM is approved by the US NSA for protecting top-secret government information. Your passwords use the same level of protection.
For everyone
Give team members access to exactly the passwords they need — nothing more. A contractor gets the dev server credentials. Your admin gets everything.
Every view, edit, and deletion is logged with who did it and when. If someone leaves the team, revoke their access in one click.
One click creates a cryptographically secure password. No more 'password123' — every new account gets a unique, unguessable password.
Every password for every service, securely stored and accessible from any device. Just remember one master password.
API keys, SSH keys, database credentials, secret notes — any sensitive information can be stored with flexible custom fields.
Self-host on your own server. Your data lives in your infrastructure. No third party ever has access to it — not even us.
Getting started
No technical knowledge required.
Sign up with your email. Choose a strong master password — this is the key to your vault. Write it down somewhere safe.
Create vaults to organize your credentials — Work, Personal, Family. Invite team members and assign them roles.
Start adding passwords, API keys, and notes. Use the built-in password generator for anything new.
Join teams and individuals who trust SecureVault with their most sensitive credentials — secured with the same encryption governments use.