Your TOTP secrets encrypted with AES-256-GCM. The key never leaves your device.
Every layer of OtpVault is designed to keep your secrets safe — from encryption to infrastructure.
Your vault is encrypted with AES-256-GCM before leaving your device. The encryption key is derived from your password using Argon2id and is never transmitted to any server.
Your encrypted vault is automatically backed up to the cloud when you sign up or unlock. Sign in with the same email on any device to restore your codes — the server never sees plaintext data.
Built with Rust and Tauri, OtpVault uses a fraction of the RAM of Electron-based apps. It launches instantly, runs efficiently, and stays out of your way.
Get started in three simple steps.
Sign up with your email and password. Your password never leaves your device — it's used to derive your encryption key locally.
Scan QR codes using your camera, upload a QR image, or enter the secret key manually. Supports SHA1/SHA256/SHA512, 6-8 digits, and custom step intervals.
Your encrypted vault syncs automatically with Supabase. No unencrypted data ever touches the cloud — just seamless access across devices.
Transparency you can trust. Every line of code is public and auditable.
OtpVault is open-source software under the MIT license. The entire build pipeline runs on GitHub Actions — from source to signed MSI installer. Anyone can verify that the binary matches the published source code, guaranteeing no hidden backdoors or tampering.
View on GitHub