A free, open-source password & secrets vault
KeysArk is a free and open-source vault for the secrets you cannot afford to lose: recovery phrases, API keys, passwords, private notes. Everything is encrypted in your browser with a key only you hold — the server only ever stores ciphertext.
Be clear on what it is: KeysArk is an end-to-end encrypted text vault, not an autofill browser extension. If you want a self-custody place to keep secrets that no company — including us — can read, and code you can actually audit, this is built for you.
Why open source matters for a password manager
“We can't read your data” is only a promise until you can verify it. Because KeysArk is open source, anyone can confirm the key is derived in the browser and that plaintext never reaches the server. Security you cannot audit is faith, not proof.
- Free and open source — no paid tier gating your own data.
- End-to-end encrypted with AES-256-GCM; the key is derived from a BIP39 phrase in your browser.
- Your ciphertext lives in your own Google Drive or Baidu netdisk — you can self-host the app.
- A command-line client (ark) for reading and writing your vault from the terminal.
FAQ
Is KeysArk a free password manager?
Yes. KeysArk is free and open source. There is no paid tier and no account fee — you store your encrypted data in your own cloud drive.
Is it a replacement for 1Password or Bitwarden?
Not exactly. KeysArk is an end-to-end encrypted vault for sensitive text and secrets, not an autofill manager. It is for people who want auditable, self-custody encryption rather than browser autofill.
Can anyone at KeysArk read my passwords?
No. Encryption and decryption happen only in your browser. The server and storage backends handle opaque ciphertext only — the master key and plaintext never reach them.
Is the code really open source?
Yes. The code is open so anyone can verify there is no backdoor: that the key is derived client-side and plaintext never leaves your device.