HypeCreds · self-hosted credentials

A password manager whose server knows nothing.

HypeCreds is a zero-knowledge, end-to-end encrypted password manager you run on your own infrastructure. Every secret is encrypted on your device before it leaves; the sync server stores only opaque ciphertext. Not even the operator can read your vault.

Request pilot access HypeCreds is currently in a private pilot. There is no public signup or download yet.

The desktop app

HypeCreds desktop app showing a vault with folders, tags, and a GitHub login open in the detail pane with username, hidden password, a live one-time password code, website, and notes.
Everything in one vault — logins with rolling one-time passwords, SSH keys, API credentials, cards, and secure notes, organized by folder and tag. Decrypted only on your machine.
HypeCreds lock screen asking for the master password to unlock the vault.
Walk away and it locks. Your master password is the only way back in — there is no admin reset, because no one else holds a key.

How your secrets stay yours

  1. Your master password never leaves your device. It is stretched with Argon2id (64 MiB memory-hard by default) into a master key that exists only in client memory.
  2. The server authenticates a derivative, not the password. Login uses a one-way HKDF-derived auth hash, which the server hashes again before storing.
  3. Every item is sealed individually. Vault entries are encrypted client-side with XChaCha20-Poly1305 under a random vault key, itself wrapped by your master key — so a password change never re-encrypts your data.
  4. Sharing is public-key, end to end. Shared-collection keys are sealed to each member device with X25519 and signed with Ed25519. Administrators manage membership without ever holding a decryption key.

What's in the box

Self-hosted sync server

A single container plus PostgreSQL. Your data lives where you decide, under keys only your devices hold.

Desktop app, CLI & extension

An Electron desktop app, a hype command-line tool, and a browser extension with autofill — all speaking the same audited crypto core.

Team sharing

Organizations, collections, roles, and invitations — with cryptographic membership, key rotation on removal, and no admin backdoor.

Enterprise sign-in

OIDC single sign-on with PKCE for authentication. SSO signs you in; it never decrypts — vault keys stay client-side.

Everyday essentials

Password & passphrase generator, TOTP codes, breach checks via the HIBP k-anonymity API, trash & soft delete.

Bring your vault with you

Importers for Bitwarden, 1Password, LastPass, and Chrome; encrypted JSON export you can restore anywhere.

Honest by construction

The cryptography is boring on purpose: Argon2id, HKDF-SHA256, XChaCha20-Poly1305, X25519 and Ed25519 from audited open-source libraries, with fresh random nonces and context-bound authenticated data on every envelope. The server API accepts ciphertext and returns ciphertext. If our database leaked tomorrow, your secrets would remain sealed behind your master password's memory-hard key derivation.