A password manager whose server knows nothing.
HypeCreds is a zero-knowledge, end-to-end encrypted password manager you run on your own infrastructure. Every secret is encrypted on your device before it leaves; the sync server stores only opaque ciphertext. Not even the operator can read your vault.
Request pilot access HypeCreds is currently in a private pilot. There is no public signup or download yet.The desktop app
How your secrets stay yours
- Your master password never leaves your device. It is stretched with Argon2id (64 MiB memory-hard by default) into a master key that exists only in client memory.
- The server authenticates a derivative, not the password. Login uses a one-way HKDF-derived auth hash, which the server hashes again before storing.
- Every item is sealed individually. Vault entries are encrypted client-side with XChaCha20-Poly1305 under a random vault key, itself wrapped by your master key — so a password change never re-encrypts your data.
- Sharing is public-key, end to end. Shared-collection keys are sealed to each member device with X25519 and signed with Ed25519. Administrators manage membership without ever holding a decryption key.
What's in the box
Self-hosted sync server
A single container plus PostgreSQL. Your data lives where you decide, under keys only your devices hold.
Desktop app, CLI & extension
An Electron desktop app, a hype command-line tool, and a browser extension with autofill — all speaking the same audited crypto core.
Team sharing
Organizations, collections, roles, and invitations — with cryptographic membership, key rotation on removal, and no admin backdoor.
Enterprise sign-in
OIDC single sign-on with PKCE for authentication. SSO signs you in; it never decrypts — vault keys stay client-side.
Everyday essentials
Password & passphrase generator, TOTP codes, breach checks via the HIBP k-anonymity API, trash & soft delete.
Bring your vault with you
Importers for Bitwarden, 1Password, LastPass, and Chrome; encrypted JSON export you can restore anywhere.
Honest by construction
The cryptography is boring on purpose: Argon2id, HKDF-SHA256, XChaCha20-Poly1305, X25519 and Ed25519 from audited open-source libraries, with fresh random nonces and context-bound authenticated data on every envelope. The server API accepts ciphertext and returns ciphertext. If our database leaked tomorrow, your secrets would remain sealed behind your master password's memory-hard key derivation.