RU
Download
Password manager and secret vault without cloud storage

Passwords, OTP, notes, and files. Stored locally. Under your control.

ChromVoid keeps secrets on your computer or on your phone, not in someone else's cloud. That gives you a smaller attack surface and a security model that is easier to reason about if you do not want to trust cloud storage with your secrets.

  • One vault for passwords, OTP, notes, and files
  • Secrets stay local or on your phone in Mobile host mode
  • Browser extension stores no secrets and talks to localhost only
Download (Alpha) Threat Model GitHub ↗

No subscription. Public repo, architecture diagrams, protocol specs.

Where secrets live On your device or on your phone. Not in the cloud.
Scroll
Open architecture Architecture diagrams, public repo
Zero-trust transport Noise over all channels
Hardware optional Local / Mobile host
Zero-cache extension No secret storage
Offline-hardening Pepper in OS keystore
What you get

One vault for passwords, OTP, notes, and files — stored locally or on your phone

Deniability-oriented design

Decoy vault for plausible data

Hidden vaults without "talkative" markers

Minimal metadata about vault count

Threat Model

Device-held secrets

Phone can act as the source of truth

Secure Enclave / TEE protects keys

Desktop stays a thin client

Zero-trust transport

Noise over all channels (USB/WebRTC/WSS)

PIN/QR-pairing, then mutual authentication

Capability grants — minimal permissions

Storage engineering

16KB chunk encryption (ChaCha20-Poly1305)

AAD = chunk name (swap protection)

Sharded catalog + delta sync

Offline-hardening

Storage pepper kept separately (OS keystore)

Simply "copying the folder" is not enough

Argon2id memory-hard KDF

No subscription

Free — basic security

Pro = convenience/scale/LDL

Lifetime license per device

Explore workflows
Mounted Vault Browser Extension Crypto Wallet Remote Credential Provider SSH Agent Emergency Access
How it works

Install → pair → vaults → extension

01

Install the app

Desktop or Mobile — the same Rust Core inside.

macOS, Windows, Linux, iOS, Android
02

Choose a mode

Local mode — Core is built-in. Mobile host — phone as source of truth (USB cable or WebRTC/WSS).

Start local, switch to Mobile host later if needed
03

Pairing

PIN or QR code. The device is remembered, a secure channel is activated.

Noise protocol over USB
04

Create vaults

Decoy vault for "regular" accounts. Main vault — under a different password.

Different passwords, separate access
05

Connect the extension

Browser extension communicates only with localhost. No secret storage.

Zero-cache policy

Important: ChromVoid does not "send your vault to the cloud". Secrets stay with you: locally or on your phone.

Modes

Choose a model for your threat model

Both modes use the same Core. The choice depends on where you want the source of truth to live: on this device or on your phone.

Local mode Mobile host

Local mode

No hardware, fast, autonomous

Rust Core built into the app
Maximum access speed
Suitable for most users
All cryptography is local

Mobile host

Phone — source of truth (Secure Enclave / TEE)

Desktop as thin client
USB cable (no network) or WebRTC/WSS
Hardware key protection on phone
Secrets never leave the phone
Security

Security-first by default

Standard cryptographic primitives and documented architecture. No "military-grade" — only verifiable solutions.

At rest
ChaCha20-Poly1305 AEAD data encryption
Argon2id Memory-hard KDF
BLAKE3 Hashing and derivation
In transit
Noise Protocol E2E over all channels
X25519 Key exchange

Protection mechanisms

Zero-cache extension — no secret storage in browser
Auto-lock on timeout and sleep event
Zeroization — zeroing keys in memory
Atomic writes + fsync — crash resilience
Threat Model
Why it is built this way

Why ChromVoid is built
this way

When you're forced to "open everything", cryptography is no longer the only line of defense.

Cloud and accounts expand the attack surface and create risk of centralized incidents.

A wrong password often leaves a clear signal: the system reveals a "marker" about data existence.

Too many solutions are tied to subscriptions and require constant network access.

ChromVoid is opinionated on purpose: local-first storage, less cloud trust, and deniability-oriented UX are responses to real constraints, not marketing decoration.

Architecture

Architecture you can verify

Single Rust Core Cryptography, storage, RPC — identical in Desktop/Mobile
Transport abstraction USB / WebRTC / WSS — all via Noise Protocol
Zero-trust relay Relay sees only encrypted blobs, content is inaccessible
GitHub ↗
Pricing

No subscription

The basic version is free. Pro features are purchased once: LDL — forever for selected devices.

Free
$0

For personal use and most scenarios

Vault: passwords, notes, OTP
Local mode (Desktop/Mobile)
Backup & Restore (encrypted)
Browser extension (localhost-only)
Basic security settings
Get started free
Pro
LDL Lifetime Device License

For high-risk threat model

"Forever per device" license
Up to 3 personal devices
Extended access policies
Extended modes (Mobile host)
Priority support

Why isn't security in Pro?
Encryption, KDF, and basic security architecture are not sold separately. Pro is about scaling and convenience, not "paying for security".

FAQ

Frequently asked questions

What is deniability in ChromVoid?

A "decoy vault + hidden vaults" model. You can show one vault under coercion. ChromVoid minimizes signs that anything else exists. Limitations depend on the threat model — they are described in the Threat Model.

Can I use a phone as the primary device?

Yes. In Mobile host mode, the phone is the source of truth with hardware key protection (Secure Enclave / TEE). Desktop connects as a thin client via USB cable (no network) or via WebRTC/WSS (over network).

Can I keep an Obsidian vault inside ChromVoid?

Yes, if your workflow is folder-based. Mounted Vault is the public path for notes and files on desktop. It is not a first-party Obsidian plugin; it is an encrypted mounted folder workflow.

Open Mounted Vault page
Can I use it without extra hardware?

Yes. Local mode works on Desktop and Mobile. If you want the phone to hold the secrets, use Mobile host mode.

Does ChromVoid support system autofill?

Yes, through Credential Provider integrations on supported platforms. The important limit is that the provider path remains local-only and requires an open vault instead of background cloud access.

Open Credential Provider page
What if the storage files are stolen?

ChromVoid uses memory-hard KDF (Argon2id) and an "offline-hardening" approach: part of the material is stored separately (e.g., in OS keystore). This makes offline brute-force harder even with a data copy.

How does the browser extension work?

The extension connects only to the local Desktop Gateway (127.0.0.1) and communicates via a secure channel (Noise). Secrets are not stored in the extension — this is the zero-cache policy.

Open Browser Extension page
What if I forget the vault password?

Vault password cannot be recovered. This is a "security-first" tradeoff. Use a passphrase (4–5 words) and store the recovery sheet in a safe place.

Does this replace OPSEC?

No. If the device is compromised while the vault is open, any password manager is at risk. ChromVoid reduces risk but does not replace basic security hygiene.

What is LDL?

LDL — Lifetime Device License. The purchase is tied to a device (Core) and is valid "forever for this device". Security updates with no time limit.

Build your threat model — and the vault for it

If your threat model includes coercion, seizures, or high compromise risk — ChromVoid is built exactly for that.

Download (Alpha) Read Threat Model View architecture

No subscription. Deniability depends on the threat model — limitations are publicly described.

Coercion-resistant vault

ChromVoid is a security tool, not legal advice. Deniability depends on the threat model, storage medium, and operational habits.

Current limitations and recommendations are in the Threat Model.

© 2026 ChromVoid. All rights reserved.