Dotvault
Problem Features Security
Join the beta

A vault for your
project secrets.

Store logins, SSH keys, API tokens, and environment variables by project. Encrypted on your machine with AES-256-GCM. No cloud, no account, no subscription.

Join the beta, free See how it works
Dotvault desktop app

Password managers are built for websites. Your secrets are built for code.

Secrets live in chat history

API keys pasted into Slack DMs stay there forever. Rotating them means asking three people if they still have the old one.

.env files everywhere

A dozen repos, each with its own .env.local, .env.production, and .env.example that nobody keeps in sync.

Prod leaks into dev

Copy DATABASE_URL from the wrong source and suddenly your local build is pointing at production.

Everything in one place.

Dotvault is structured around projects and the credential types developers actually use.

01

By project, not by website

Each project gets its own vault with tabs for Logins, SSH, API keys, Tokens, and Env. STRIPE_SECRET_KEY lives under acme-api, not next to your Netflix password.

Project vault overview
02

Every credential type, organized

Logins, API keys, tokens, and SSH configurations, each with fields that match how you actually use them.

API keys
03

Local and production env, side by side

No more keeping two .env files straight. Switch environments inside the same project and copy the one you need, when you need it.

// local
Local environment
// production
Production environment
04

Generate strong passwords locally

Need a new database password or OAuth secret? Generate it inside the vault and save it in the same place, no browser tab, no clipboard history full of secrets.

Password generator
05

Encrypted export and import

Move your vault to another machine or back it up offline. The file stays encrypted end-to-end. You only need the same master password to unlock it anywhere.

Export encrypted backup

How Dotvault compares.

Not a password manager with a dark mode. Not enterprise infrastructure you have to host.

Feature
Dotvault
Others
Built for code secrets
Yes
Built for websites
Works fully offline
Yes
Needs a connection
No account required
Yes
SSO, billing, admin
Local + prod env per project
Yes
Scattered files
Encrypted backup you control
Yes
Cloud sync only
Reasonable for personal use
One-time
Subscription

Security that stays out of your way.

Your master password never leaves your device. There is no server to breach and no account to hack.

KEY DERIVATION
Argon2id

Memory-hard password hashing tuned to resist GPU and ASIC cracking.

ENCRYPTION
AES-256-GCM

Authenticated encryption with a fresh nonce for every project write.

STORAGE
No plaintext on disk

Decrypted data lives in memory only, and only while the vault is unlocked.

IDLE PROTECTION
Auto-lock

Set a timer and the vault locks itself when you step away. No secret left sitting on screen.

Auto-lock control

Free for the first 50 beta testers.

The desktop app is free during beta in exchange for feedback. After launch, it becomes a one-time purchase. Beta testers keep access.

Operating system

Beta builds are unsigned, your OS may warn on first launch.

Dotvault

A local-first vault for project secrets. Encrypted on your machine, no cloud, no account.

© 2026 Dotvault AES-256-GCM · Argon2id · Local-only