A single HTML file. No server. No account. No cloud. Your vault lives on your disk, encrypted with AES-256-GCM. Open it in any browser on any device.
One file. No install. Works on Windows, Mac, Linux, iPhone, Android.
The entire app is one HTML file. Download it, open it, use it. No install, no setup, no dependencies.
Your vault is encrypted with the same standard used by banks and governments. Master password never leaves your device.
No network requests. No telemetry. No analytics. Works on a plane, in a bunker, anywhere.
Your data lives in a .pasamayo file on your disk. Copy it anywhere. Back it up. You own it.
Last 5 snapshots stored inside the encrypted file. Restore any previous state in one click.
Find any entry instantly. Filter by name, username, or month. Paginated for large vaults.
CSPRNG-based generator with configurable charset, length, and ambiguous character exclusion.
Built-in helper for recovery, weak password detection, vault health audits, and feature guidance.
MIT license. Read every line of code. No hidden behaviour. No obfuscation.
One HTML file. ~50KB. No install required.
Set a master password. A .pasamayo file is saved to your disk.
Service, username, password. Saved and encrypted instantly.
Copy the .pasamayo file to any device. Open with any browser. Unlock with your master password.
Built on the browser's native Web Crypto API. No custom crypto. No third-party libraries.
Authenticated encryption. The vault is a single encrypted blob — no partial access possible.
Randomised iteration count per vault. Attacker cannot pre-optimise cracking without reading the file first.
Wrong password fails before decryption is attempted. No decryption oracle exposed.
HMAC verified without short-circuiting. Prevents timing attacks.
File size reveals nothing about entry count or password lengths.
No localStorage. No cookies. No cache. Nothing persists in the browser.