Every feature, none of the snooping.
Native macOS and Linux headless workflows are the first v0.1 target surfaces, sealed with encryption we built so we can't read it. Here is what is being prepared first and what graduates next.
Native from the first supported surface
v0.1 targets a native macOS app and Linux headless workflows first. iOS, Android, Windows, and browser extension clients are planned as separate platform-native surfaces instead of a single wrapped web view.
Zero-knowledge by design
Your vault is encrypted on your device with a key only you can derive. We never receive your master password or plaintext data. Even a full breach of our servers exposes nothing but ciphertext.
Encrypted sync
Changes are sealed locally and synced as opaque payloads. The relay routes and stores ciphertext it cannot read. Sync is an optimization, never a dependency — the local vault works offline.
Encryption & keys
Argon2id key derivation
Memory-hard password stretching (Argon2 v1.3) — the gold-standard defense against offline brute-force.
XChaCha20-Poly1305 items
Authenticated encryption with a 256-bit key and a fresh 192-bit nonce per field. Tampering is always detected.
Per-field integrity binding
Each ciphertext is bound to its item, field, and scheme — secrets cannot be silently swapped between fields.
Secret Key hardening
A ~165-bit device-stored Secret Key acts as a second factor in key derivation, blocking offline attacks on weak passwords.
Sync & devices
Encrypted cloud sync
Sealed payloads sync across enrolled devices as each platform surface graduates. The server stores ciphertext, never plaintext.
Offline-first vault
Your vault unlocks and works without the network. If sync is down, nothing breaks.
Per-device key wrap
The daily-unlock key wrap lives in the OS keychain of each device and never syncs.
Device revocation
Remove sync access from a lost device without re-encrypting your vault.
Recovery & control
Emergency Kit
A practical recovery path that never hands Vardra your master password or plaintext vault.
24-word recovery phrase
A BIP-39 mnemonic with a built-in checksum that catches transcription errors and can rebuild your keys.
No operator backdoor
No key that opens your vault exists on our servers. No employee or court order can decrypt it.
You hold the keys
Recovery is something you control, not something we grant. That is the whole point.
Migration & workflow
1Password / CSV / KeePass import
Bring your existing logins across without manual re-entry.
Browser autofill
Safari, Chrome, and Firefox extension distribution is planned; local bringup already proves the origin-matched fill model.
Terminal access
A first-class CLI for developers and automation on macOS and Linux, with Windows planned after signing and package validation.
Cards, notes & fields
Store more than passwords — payment cards, secure notes, and custom fields, all sealed the same way.
Platform coverage
Want the cryptographic detail?
Every claim on this page is backed by the same Rust crypto core that ships in our clients. Read the exact key derivation, encryption, and recovery model.