A zero-knowledge password manager built for developers. Keep your test, company, and personal credentials encrypted end-to-end and neatly segregated by type and company — from a web app and a Chrome extension that share one vault.
Test logins, staging accounts, company tools, and personal passwords all pile up. Pyalm Vault holds them securely and keeps them separated so the right credential is always one click away.
Your master passphrase never leaves your device. It derives a key that encrypts every entry client-side with AES-GCM — the server only ever stores ciphertext it cannot read.
Every credential is tagged Test or Real and grouped by Company. Jump to “Acme — Real” or “all Test accounts” in one click, with tabs, a company filter, and instant search.
Spin up unique, disposable test logins on demand — a fresh test+slug@example.com address, a random username, and a crypto-strong password — so throwaway accounts stay out of your head.
A Manifest V3 extension gives you the vault beside your work: quick unlock, filtered lists, and one-click autofill into email/username and password fields on the active tab.
The web app and the extension are both clients of the same encrypted backend. Create an entry on the web and it appears in the extension — and vice-versa — instantly.
The decryption key lives in memory only. After inactivity or when you close the tab or popup, the vault locks and clears itself — re-unlock to continue.
A Bitwarden-style split keeps the server blind: it authenticates you and stores ciphertext, but it never sees your passphrase or your data.
Your master passphrase derives a key on your device. That key unwraps your vault key — held in memory only — so decryption happens entirely in your browser or extension.
Each entry's label, type, company, identity, password, URL, and notes are encrypted before they ever leave you. The server keeps only opaque ciphertext with no readable metadata.
Filtering, Test/Real tabs, company grouping, and search all run client-side after decryption — fast at personal scale, with no plaintext exposed to the backend.