ToolBelt

Password Vault

Encrypted credential storage with reveal, copy and search.

Open tool

Overview

The Password Vault is an encrypted credential store with the basic operations you actually need every day, save a login, reveal it briefly, copy the password to the clipboard, and search across hundreds of entries quickly. It is unlocked with a single passphrase you choose, and the data on disk is ciphertext. Without the passphrase the vault is a useless blob, including to anyone with full access to the device.

This is not a replacement for a dedicated cross-device password manager with browser auto-fill, secure sharing, and recovery codes. It is a focused, single-device, no-account vault for the realistic case where you want strong local encryption without trusting a third-party cloud, and you are happy to type or copy-paste rather than auto-fill. It is also useful as a secondary store for backup codes, recovery keys, and the long-tail accounts your main manager hasn't yet swallowed.

How it works

On first use you set a passphrase. Each credential entry has a service, a username or email, the password itself, an optional URL, and free-form notes. Saved entries are encrypted before they touch local storage. The unlocked view masks passwords by default with one-click reveal and copy actions, and a search bar filters across services, usernames, and notes.

Because there is no server, there is no breach to worry about beyond your own device. Locking the vault clears the decrypted state; re-entering the passphrase decrypts again. Forgetting the passphrase means the data is unreadable.

Examples

  • Storing a long, generated password for an obscure forum login that your main manager never imported.
  • Keeping backup recovery codes for accounts that issued them, with the issuing service in notes.
  • Saving SSH passphrase reminders for a personal server, with the host name in the URL field.
  • Holding a shared streaming account password where a family member only needs the password copy/paste flow.

FAQ

How is the data encrypted?
A key derived from your passphrase encrypts every entry before it is written to local storage.

Can I recover a forgotten passphrase?
No. The vault is unrecoverable without it. Treat the passphrase as a master credential.

Does it auto-fill browser logins?
No. The vault is reveal-and-copy. Auto-fill requires a browser extension which is out of scope here.

Can I sync between laptop and phone?
Not automatically. Each browser holds its own encrypted copy. Export and import is the supported manual path.

Is this safer than a paper notebook?
For most threat models, yes. A passphrase-encrypted local store resists casual access; a notebook does not.

Try Password Vault

An unhandled error has occurred. Reload ×