
A security-first password and secrets manager built with a strict zero-knowledge architecture. All sensitive data is encrypted client-side before storage, ensuring the backend never has access to plaintext credentials. Designed with a strong focus on cryptography, authentication security, and long-term maintainability.
Why this project exists
This project started as an attempt to understand what zero-knowledge actually means in practice. I wanted to design a system where the server is deliberately untrusted, encryption happens entirely on the client, and security depends on clear threat boundaries rather than assumptions. Vaultr was built to reason about key derivation, encryption flows, and authentication from first principles, not frameworks.



