Secrets, safe by design.
SecretPass keeps personal passwords and developer secrets in one workspace — client-side encrypted, role-controlled, and ready to self-host.
Two encryption models, one platform
Because a human's password and a CI pipeline's API key deserve different protection.
Personal vault
Zero-knowledgePasswords, notes and cards encrypted on your device. The server only ever stores ciphertext and wrapped keys — it can never read your data.
Developer secrets
Envelope + KMSAPI keys and env vars protected with envelope encryption, so machines and CI can decrypt without a master password — gated by RBAC and audit.
Workspaces & RBAC
Owner, admin, member and viewer roles, isolated per workspace.
Multi-environment
Organize secrets by project and dev / staging / prod environments.
Audit log
Every change recorded to an append-only, tamper-evident trail.
Secure sharing
Share a vault by re-wrapping its key — items are never re-encrypted.
Self-hostable
Run it yourself with Docker, or use the hosted service.
Themes & i18n
Light, dark and midnight themes; English, German and Persian.