End-to-end encrypted · on device

Your secrets,
sealed on this device.

Tieddr Vault keeps your passwords, keys, and codes encrypted on your phone — and syncs them without ever handing the plaintext to a server.

AES-256-GCM PBKDF2 · 210k zero-knowledge sync
9:41LTE ▰
Tieddr Vault
Overview

9 items secured

3
Passwords
4
Secrets
2
Codes
Recent
GitHub sam@tieddr.dev•••••••••
Googlesam@tieddr.dev170 497
OpenAIAPI key•••••••••
// one vault, four kinds of secret

Everything worth keeping quiet, in one place.

Adding anything is the same three steps — a title, the content, and a tag that says what it is. The vault handles the rest.

Passwords

Logins with a built-in generator, ready to autofill in Safari and your apps as a system passkey provider.

Secrets

API keys, cards, seed numbers, IDs — anything that's just a name and a value, tagged so you find it fast.

Key phrases

Recovery phrases, wallet keys, SSH and PGP keys — multi-line secrets kept whole and sealed.

Authenticator

Live one-time codes with a countdown ring. Scan a QR to add an account in a second.

TOTP · RFC 6238

Works offline

Everything lives on the device first. Sync catches up in the background — you're never waiting on the network.

One identity

Sign in once with your Tieddr Account. The same you across Vault, Space, and the rest of the suite.

// the app

Monochrome, with one red that only means "live."

An old-timey recorder, rebuilt in glass. The single accent is reserved for the things that are actually happening — a running code, the add button, a favourite.

9:41LTE ▰

Passwords

GitHub sam@tieddr.dev•••••••••
Netflixsam•••••••••
Figmasam@tieddr.dev•••••••••
Linearsam@tieddr.dev•••••••••
PasswordsFavourites first, search everything, autofill anywhere.
9:41LTE ▰

Authenticator

2 live codes · tap to copy
Google
sam@tieddr.dev
335 587
Coinbase
sam
900 546
AuthenticatorReal RFC-6238 codes, a red ring counting down the window.
9:41LTE ▰

Secrets

OpenAIAPI key•••••••••
Personal mobilePhone number•••••••••
Chase checkingAccount number•••••••••
Main walletSeed phrase•••••••••
Secrets & keysTag it — crypto, API key, wallet key — and it sorts itself.
// sealed, not stored

The server never sees a single secret.

Your PIN derives the key. Everything is encrypted on the device before it leaves it — what syncs is ciphertext nobody but you can open, not even us.

Real cryptography, stated plainly

No hand-waving. The primitives the app actually runs, on every item, every write.

  • Key derivationPBKDF2-HMAC-SHA256 · 210k
  • EncryptionAES-256-GCM (authenticated)
  • Per writerandom 12-byte nonce
  • At restiOS Keychain / Android Keystore
  • Server seesciphertext only

How a secret travels

The same key on every device you own — reproduced from your PIN, never transmitted.

1
Sealed on the phone

The item is AES-GCM encrypted with your PIN-derived key before it touches the network.

2
Mirrored as ciphertext

Only the sealed bytes sync. The mirror is an opaque store — no plaintext, no readable metadata.

3
Opened on your other device

The same account and PIN reproduce the same key, so it decrypts locally. A wrong PIN simply can't.

// part of a suite

One account. The whole Tieddr suite.

Vault signs in through Tieddr Account, the same identity that runs Space. A secret detected in Space can be handed straight to your vault — encrypted end to end on the way.

See the whole Tieddr suite at tieddr.com →
// get the app

One vault, on every device you own.

Free to start, encrypted from the first tap. Sign in once with your Tieddr Account and your sealed vault follows you — phone, desktop, and browser. No account needed to look around; one needed to sync.

iOS 16+ Android 10+ Windows 11 Chrome · Edge · Brave