Open Source · AGPL-3.0

Your Vault.
Your Rules.

The privacy-first password manager that keeps your data exactly where it belongs — on your device. Zero backend. No telemetry. Every line auditable.

Download Free See Pricing
0
KeyArmor servers
AES‑256
-GCM encryption
19
Languages supported
15
Free entries · unlimited with Premium
Local-first by default
AES-256-GCM encryption
Fully open source
Breach monitoring (HIBP)
19 languages
Biometric unlock
Native Android Autofill
Unlimited entries with Premium

Why KeyArmor

Built different.
By design.

Most password managers store your data on their servers. KeyArmor doesn't have servers. That's not a limitation — it's the entire point.

Local-First. Your Terms.

All your data lives on your device, encrypted with AES-256-GCM. There are no KeyArmor servers to breach. When you optionally enable Google Drive backup, your vault is encrypted with an additional password you control before it ever leaves your device — Google receives a file it cannot read. Your data, your rules, always.

One Vault for Everything

Passwords, credit cards, bank accounts, crypto wallets, secure notes, two-factor codes and custom entries with any fields you need — all secured, organized and accessible from a single place. Plus proactive breach monitoring to tell you when a password has been exposed, before attackers use it.

Trust Through Transparency

Every line of code is public and auditable under AGPL-3.0. You don't have to take our word for it — you can verify it yourself. That's what open source means. No proprietary black boxes. No hidden telemetry. No surprises.

Features

Everything you need.
Nothing you don't.

Powerful features built with privacy at the core — not bolted on as an afterthought.

Passwords

Store logins with username, password, URL and notes. One-tap copy for any field. Sensitive fields hidden by default, revealed on demand.

Two-Factor Authentication (TOTP)

Built-in 2FA/TOTP code generation. Scan QR codes to register secrets. Time-based codes generated fully offline, on-device.

Credit Cards

Store card numbers, expiry dates, CVV and billing info with an integrated phone dialer shortcut for quick bank contact.

Bank Accounts

Dedicated fields for bank name, account type, IBAN, routing number and more. All encrypted at rest.

Crypto Wallets + Live Balance

Store seed phrases, wallet addresses and private keys. Live balance for BTC, ETH, SOL, BNB, MATIC, LTC, DOGE — no API key required.

Secure Notes

Encrypted free-text notes for recovery codes, licenses, private thoughts. Fully local, fully encrypted.

Custom Entries

Create entries with any fields you need — text, passwords, phone numbers. Define your own structure for any credential type.

Attachments Premium

Attach up to 5 files per entry (max 5 MB each), all encrypted with AES-256-GCM on-device. Images, PDFs and any file type.

Security Audit Premium

Scores your vault health 0–100 and surfaces Top 5 urgent issues: weak, duplicate, breached, pattern-based or expiring passwords.

Breach Monitoring Premium

Checks passwords against 14B+ breached credentials via haveibeenpwned.com. Only the first 5 SHA-1 chars sent — match evaluated locally.

Panic PIN

Decoy PIN that instantly wipes or hides sensitive vault data under duress. Configurable wipe scope for emergency protection.

Travel Safe Mode

Mark entries as travel-safe. Activate Travel Mode to hide everything else — border searches see only what you allow.

P2P Sharing — No Server Premium

Share vault entries directly via QR code or encrypted text. No cloud, no middleman — end-to-end encrypted, peer to peer.

Google Drive Backup Premium

Manual on demand (Premium) or automatic on every app open (Lifetime). Vault encrypted before leaving your device — Google can't read it.

Biometric Unlock

Fingerprint and face unlock via Android BiometricPrompt. KeyArmor never stores biometric data — handled entirely by the device OS.

Biometric Gates Premium

Require biometric re-auth before revealing sensitive fields. Per-session or per-access mode — configurable timeout.

Native Android Autofill

Detects login fields in any app or browser and suggests credentials instantly. Enable once in Settings → Autofill.

Auto-Lock

Vault locks after configurable idle timeout: immediately, 30 s, 1–30 min, or never. Timer resets with any interaction.

Clipboard Auto-Clear

Copied sensitive fields are auto-wiped after 15–120 seconds. Prevents clipboard sniffing by other apps.

Password History Premium

Local encrypted history of previous passwords per entry. Never transmitted. Recover past passwords when needed.

Expiry Alerts Premium

Get notified before passwords expire. One or multiple warning thresholds — 1, 3, 7, 14 or 30 days before expiry, per entry.

Security Notifications

Automatic alerts for expiring passwords and detected breaches. Stored locally, auto-deleted after 30 days, dismissible with a swipe.

Global Search

Real-time search across every section from a single screen. Results update instantly matching titles, usernames, URLs and custom fields.

Categories & Tags

Organize with 8 categories and unlimited custom tags. Filter and search instantly. Assign in bulk with a single action.

Pinned Entries

Pin up to 3 entries to always appear at the top of your vault. One tap to your most critical credentials without scrolling.

Favorites

Mark any entry as a favorite. Access all starred entries instantly from the dedicated Favorites section — always one tap away.

Bulk Actions

Select multiple entries and apply actions at once — assign tags, change category, archive, or delete across vault, archive and trash.

Archive & Trash

Archive entries you no longer use — never auto-deleted. Trash allows final review before permanent deletion.

Password Generator

Classic, pronounceable and passphrase modes. Configure length, symbols, digits. Ambiguous characters excluded on demand.

Import & Export

Import from other managers (CSV, JSON). Export your full vault. Duplicate detection ensures re-importing never creates redundant entries.

Preventive Backup Premium

Auto-triggers a Drive backup before any master password change. Your data stays recoverable from the last known-good snapshot.

Themes & Accents

6 themes (Cream & Navy free). 11 WCAG accent colors (Premium). Follows system dark/light mode automatically.

Home Screen Widget

2×1 Android widget showing total entry count. Auto-updates on vault changes. Supports light/dark mode. Tap to open vault.

19 Languages

Full UI and legal docs in English, Spanish, French, German, Italian, Portuguese, Polish, Russian, Japanese, Chinese and more.

App Screenshots

See it in action

A modern, polished interface designed for daily use — beautiful and fast.

KeyArmor Vault Hub
KeyArmor Passwords
KeyArmor Settings
KeyArmor Security Audit
KeyArmor Crypto Wallet

Security Architecture

Paranoid-level security. By default.

We don't ask you to trust us. We built KeyArmor so you don't have to.

  • AES-256-GCM Encryption

    Every entry, attachment and backup is encrypted with AES-256-GCM — the same standard used by governments and financial institutions worldwide.

  • Android Keystore

    Encryption keys are stored in hardware-backed secure storage, isolated from the OS and inaccessible to other apps — even with root access.

  • PBKDF2 Key Derivation

    Your master password is never stored. It's used to derive the vault key via PBKDF2. Without your password, the vault is mathematically unbreakable.

  • Zero Knowledge — Literally

    We can't reset your password because we don't know it. We can't access your data because we don't have it. This is a feature, not a bug.

  • Breach Monitoring with k-Anonymity

    KeyArmor sends only the first 5 characters of a SHA-1 hash to Have I Been Pwned. The full match is evaluated locally. Responses are padded with fake hashes — 100% private.

Encryption Stack
Your Master Password
Never stored, never transmitted
PBKDF2 Key Derivation
Derives vault encryption key
Android Keystore (Hardware)
Keys secured in TEE / StrongBox
AES-256-GCM Encryption
All vault data encrypted at rest
Local Device Storage Only
Data never leaves without your explicit consent
AGPL-3.0 No Telemetry No Analytics No Ads HIBP k-Anonymity

Pricing

Simple, honest pricing.

The core vault is free, forever. No trials. No feature walls. No gotchas.
Upgrade only when you want the extras.

Free
$0 / forever
No account. No tracking.
Everything essential to secure your digital life, completely local.
  • Up to 15 entries total across all sections
  • 7 types: passwords, 2FA/TOTP, cards, bank, crypto, notes, custom
  • Local AES-256-GCM encryption
  • Biometric and PIN unlock
  • Advanced password generator (3 modes)
  • Configurable auto-lock — immediate to 30 min
  • Clipboard auto-clear — configurable timeout
  • Travel Safe Mode
  • Panic PIN (emergency protection)
  • Tags and categories
  • Native Android Autofill
  • Home screen widget
  • 19 languages · 2 themes (Cream & Navy)
Download free
Premium
14-day free trial available
$1.79 / month
or $16.99/year — save 21%
Automatic backups, full security audit and encrypted sharing between users. All without compromising your privacy.
Everything in Free, plus:
  • Unlimited vault entries
  • Breach monitoring (HIBP) — automatic background checks, configurable frequency: daily, every 3 days or weekly
  • Configurable expiry alerts — 1, 3, 7, 14 or 30 days before expiry, multiple thresholds per entry
  • Google Drive backup (manual on demand + automatic daily)
  • Preventive backup before changing master password
  • Encrypted entry sharing (QR + text, peer-to-peer)
  • Attachments per entry (up to 5 files, 5 MB each)
  • Password history per entry
  • Full security audit
  • 4 additional themes (Dark, Forest, Graphite, Wine) + 11 accent colors
  • Priority support
  • Per-session or per-access biometric gates on sensitive sections
Start Premium
Lifetime
14-day free trial available
$39.99 one-time
Launch price · Regular price $49.99 soon
Equivalent to ~22 months of Premium — then yours forever
Premium forever. No renewals, no price surprises, no losing access.
Everything in Premium, plus:
  • Automatic sync on every app open
  • One-time payment — no subscriptions ever again
  • All future features included
  • No price increases. Ever.
  • Lifetime priority support
Get Lifetime Access

Prices may vary by region · 14-day trial unlocks all Premium features (15-entry limit applies) · AGPL-3.0 open source

FAQ

Common questions

What happens if I forget my master password?
Unfortunately, there is no recovery mechanism — and that's intentional. Your master password is never stored anywhere; it's used only to derive the vault encryption key via PBKDF2. If lost, the vault data is mathematically inaccessible to anyone, including us. This is the cost of true zero-knowledge security. We strongly recommend maintaining an up-to-date Drive backup and storing your master password somewhere safe.
Is my data safe if my phone is lost or stolen?
Yes. All vault data is encrypted with AES-256-GCM using keys stored in your device's hardware-backed Android Keystore. Without your master password (or your biometric), nobody can access the vault — not the thief, not law enforcement, not us. For additional safety, enable your device's screen lock and consider enabling Drive backup so your data isn't lost with the phone.
How does Google Drive backup work?
When you enable Drive sync, KeyArmor encrypts your vault with an additional backup password you choose (separate from your master password) before uploading it to your Google Drive. Google only receives an encrypted blob — they cannot read its contents. The developer also has zero access. Premium users can trigger sync manually and it also runs automatically every day. Lifetime users get automatic sync on every app open, plus a precautionary backup before any master password change.
How does breach monitoring work? Is it safe?
KeyArmor checks only your passwords — no usernames, no email addresses, no account associations. Each password is checked independently and anonymously against haveibeenpwned.com. KeyArmor computes a SHA-1 hash locally, sends only the first 5 characters to the API, and the server returns hundreds of matching prefixes. KeyArmor then checks locally whether your full hash is among them — your password never leaves your device. KeyArmor also sends the Add-Padding header, which instructs HIBP to pad every response with random fake hashes, making all responses look identical in size so even traffic analysis reveals nothing.
Does KeyArmor have autofill?
Yes. KeyArmor includes a native Android Autofill Service — enable it once in Settings → Autofill, and KeyArmor will automatically detect login fields in any app or browser and suggest the right credentials. You can also copy any field with a single tap; the clipboard is automatically cleared after a configurable timeout for security.
Can I use KeyArmor on multiple devices?
Yes, via Google Drive backup. Export your vault from one device (or let Drive sync do it automatically), then restore on another device using the same backup password. Full cross-device real-time sync is not currently supported, as it would require our own servers — which goes against KeyArmor's core privacy philosophy.
What does the 14-day trial include?
The free trial gives you full access to all Lifetime features for 14 days — breach monitoring, expiry alerts, Drive backup, security audit, attachments, password history, P2P sharing, all themes and accent colors. The one thing that remains limited during trial is the entry count: the 15-entry limit still applies. This means the trial is ideal for evaluating all features before committing. No credit card required to activate the trial.
Why AGPL-3.0 and not MIT or Apache?
AGPL-3.0 is the strongest copyleft license — it ensures that if anyone builds on KeyArmor (including as a web service), they must also release their modifications as open source. For a security tool, this matters: it prevents proprietary forks that could hide malicious changes, and guarantees the community can always audit what's running.

Get KeyArmor

Your passwords. Under your control. Starting now.

Free forever. No account required. No email. No tracking. Just install and go.

Download on Google Play

No personal data collected during installation or use.