CredStore is a military-grade encrypted digital vault for passwords, banking credentials, API keys, recovery codes, and every secret that matters — stored locally, owned entirely by you.
Free forever · No account required · Works offline
Built for individuals who take their privacy seriously. No compromises.
Every entry is individually encrypted with your master key using XChaCha20-Poly1305 AEAD. The SQLCipher database adds a second layer of encryption at rest — two independent keys, defense in depth.
Unlock instantly with Face ID, Touch ID, or Android biometrics. Your master key is wrapped in the Secure Enclave / Android Keystore — it never touches our servers.
Set a 6-digit PIN as a quick unlock alternative. The PIN derives a separate key via Argon2id to wrap your master encryption key — no shortcuts on security.
Generate cryptographically secure passwords with full control over length (8–64 chars), character sets, and entropy. Rejection sampling eliminates modulo bias.
Copied secrets auto-clear after 15, 30, or 60 seconds — configurable in Settings. Clipboard is only wiped if CredStore owns the current value; typing elsewhere is safe.
Vault locks automatically when you leave the app. Configurable timeout from 30 seconds to 1 hour. Locking wipes the in-memory master key and clears the clipboard.
In-memory search index over title, username, URL, tags, and notes. Results appear before you finish typing — faster than any network request.
Export your entire vault as an encrypted backup bundle protected with a passphrase you choose. Import on any device. Your backup works even without a CredStore account.
Active monitoring for jailbroken / rooted devices and debugger attachment. A visible warning banner appears if your device's security integrity is compromised.
Follows your system appearance. Full dark mode support built from the ground up — not an afterthought — with adaptive color tokens throughout every screen.
Every interactive element carries accessibility roles, labels, hints, and state — usable with VoiceOver on iOS and TalkBack on Android without any workarounds.
End-to-end encrypted synchronization across all your devices. The server stores only opaque encrypted blobs — zero-knowledge from end to end.
Every design decision is made with security as the primary constraint, not an afterthought.
Two independent encryption layers: your MEK encrypts each entry payload, and a separate device encryption key (DEK) encrypts the entire SQLCipher database file. Compromising one key is not enough.
CredStore's backend never holds your master password, MEK, or any plaintext secret. Cloud sync stores only opaque encrypted blobs — we mathematically cannot read your data even if compelled.
The MEK lives in memory only while the vault is unlocked. On lock, it is explicitly zeroed from the buffer before garbage collection. Biometric and PIN paths wrap the key before writing it to the OS keychain.
Biometric-wrapped keys are stored in the iOS Secure Enclave (Hardware Security Module) or Android Keystore with BiometryCurrentSet access control — inaccessible without your registered biometric.
Android sets FLAG_SECURE on the window so the vault never appears in screenshots or the recents screen. iOS overlays a blur effect on applicationWillResignActive.
The password generator uses rejection sampling against libsodium's randombytes_buf — every character in the output has exactly equal probability regardless of the character set size.
Type-specific forms with the right fields for every kind of credential — no generic catch-all boxes.
Username · Password · URL
Bank Name · Customer ID · Account Number
Card Holder · Card Number · Expiry
API Key · Secret Key · Environment · Endpoint
Backup Codes · Recovery Phrases · Security Questions
Product Name · License Key · Purchase Date
SSID · Password · SSH credentials
Free-form encrypted content — any length, any structure
Not fitting a template? Use the custom type with user-defined fields — you define the structure, we encrypt it.
Phase 1 is live on iOS and Android. Cross-platform sync, browser extensions, and web vault are in the roadmap.
CredStore is free today — unlimited entries, no account, forever. Premium (encrypted cloud sync, browser extension, web vault) is on the way.
Today CredStore is 100% free with no in-app purchases. Premium plans above are planned for a future release — pricing may change at launch.
No. CredStore uses a zero-knowledge architecture. Your master password is never stored or transmitted anywhere. All encryption and decryption happens on your device. Even if CredStore's servers were seized, there is nothing they could decrypt — they only hold opaque blobs of ciphertext (and only for Premium sync users).
Nobody can recover your vault without the master password — including us. This is a fundamental property of zero-knowledge design. We strongly recommend setting up an encrypted backup export stored in a safe location before this situation arises. The backup is encrypted with a separate passphrase you choose.
Yes, completely. The free plan is entirely local and never requires an internet connection. It works offline permanently. Premium sync is optional and only activates when you explicitly enable it.
CredStore uses XChaCha20-Poly1305 for authenticated encryption via libsodium. This cipher is constant-time on all platforms, uses a 192-bit nonce (vs 96-bit for AES-GCM), and does not require hardware AES acceleration — critical for lower-end Android devices. The security margin is equivalent to or greater than AES-256-GCM. Key derivation uses Argon2id, the winner of the Password Hashing Competition.
CredStore never accesses your fingerprint data. When you enroll biometrics, your master encryption key is wrapped and stored in the iOS Secure Enclave or Android Keystore with BiometryCurrentSet access control. The OS handles biometric verification entirely — CredStore only receives the unwrapped key on success.
Not yet. Family Vault (Phase 6) and Business Edition (Phase 9) are on the roadmap. Business features include shared vaults, teams, role-based access, and audit logs. Sign up to be notified when they launch.
CredStore is completely free today, with no in-app purchases — the entire local vault is yours at no cost, forever. Premium (encrypted cloud sync, browser extension, web vault) is planned for a future release. When it launches it will be available via Apple In-App Purchase, Google Play Billing, Stripe, and Razorpay, with one subscription covering all your devices.
Free, no account, no cloud — just encryption. Launching soon on iOS & Android.