Technical Overview

SecureVault

XChaCha20-Poly1305 encryption. Argon2id KDF. Persisted as ciphertext to IndexedDB.

Memory Isolation

Keys exist only in WASM linear memory. Never touch JS heap. Auto-zeroize on lock().

Typed API

vault.put(), vault.get(), vault.delete(). Full TypeScript definitions. No magic.

The Problem

Browsers weren't designed for secrets. localStorage is plaintext. DIY crypto fails audits. Server roundtrips add latency and attack surface.

The Approach

Move cryptography into a WebAssembly sandbox compiled from audited Rust crates.

Intentional Constraints

Not a password manager

No multi-device sync

Not a backend service

Constraints reduce attack surface.

Read the Docs