A password vault the server can never read.
Every secret is encrypted on your device before it ever leaves it. We store ciphertext we cannot decrypt — your master password never touches our servers.
u2secured derives your keys locally with Argon2id and encrypts each vault item with AES-256-GCM. The server only ever sees opaque ciphertext, so a breach of our infrastructure reveals nothing about your secrets.
Share securely with teammates using per-user X25519 key exchange, organise secrets into folders and groups, and keep a full version history of every change.
What you get
Client-side encryption
AES-256-GCM per item, keys derived on-device. We never see plaintext.
Strong key derivation
Argon2id stretches your master password into keys that never leave the device.
Secure sharing
Re-encrypt item keys to a recipient's public key — share without exposing secrets.
Orgs & groups
Bulk access control with per-organisation keys shared safely across members.
Version history
Every change is versioned, so you can recover an earlier value at any time.
Public share links
Send a single secret with an expiring, optionally burn-after-read link.
Security model
- Master password and keys never leave your device
- Row-level tenant isolation in PostgreSQL
- Encrypted item versions and audit logging
Questions before you start?
Our support team is happy to help you evaluate Password Manager.