Skip to main content
SecureVault is a secure password management application that provides users with a safe, encrypted vault to store, organize, and manage their passwords and sensitive credentials. Built on Next.js 16, it emphasizes zero-knowledge architecture, end-to-end encryption, and an intuitive user interface.

Key Features

Zero-Knowledge Architecture

The server never has access to unencrypted user data. All encryption happens client-side.

AES-256-GCM Encryption

Military-grade encryption using Web Crypto API with authenticated encryption.

Password Generator

Generate cryptographically secure passwords and memorable passphrases.

Password Strength Analysis

Real-time analysis with entropy calculation and security recommendations.

Organization Tools

Categories, tags, favorites, and powerful search capabilities.

Security Dashboard

Track weak, reused, and compromised passwords across your vault.

Architecture

SecureVault follows a zero-knowledge architecture where sensitive data is encrypted on the client before transmission:

Client-Side Security

  • PBKDF2 Key Derivation: 600,000 iterations (OWASP 2023 recommendation)
  • Separate Keys: Authentication and encryption keys derived independently
  • AES-256-GCM: Authenticated encryption with 96-bit IV
  • No Plain Text: Passwords never leave the client in unencrypted form

Server-Side Security

  • Bcrypt Hashing: Additional server-side hashing of authentication hash
  • JWT Tokens: Secure session management with rotation
  • MongoDB Storage: Encrypted vault data stored securely
  • Security Headers: HSTS, CSP, and other protection mechanisms

Technology Stack

Next.js 16

App Router with React Server Components

TypeScript

Type-safe development with Zod validation

MongoDB

Secure document storage with Mongoose ODM

Zustand

Lightweight state management for vault data

TanStack Query

Data fetching and caching layer

Tailwind CSS

Modern, responsive UI design system

Core Principles

Zero-Knowledge Design

The server never receives or stores:
  • Master password in any form
  • Unencrypted vault data
  • Encryption keys
What the Server Stores: Only the authentication hash (bcrypt), encrypted vault data, and encrypted vault key. The encryption key itself is encrypted with the user’s derived encryption key.

End-to-End Encryption

All sensitive data is encrypted client-side before transmission: 
// Client-side encryption example
import { encrypt, deriveKeys } from '@/lib/crypto/client';

// Derive keys from master password
const { encryptionKey, authHash } = await deriveKeys(
  masterPassword,
  salt
);

// Encrypt password entry
const encryptedData = await encrypt(
  JSON.stringify(passwordEntry),
  encryptionKey
);

// Send encrypted data to server
await api.createPassword({ encryptedData, iv });

User Privacy

Minimal data collection with maximum user control:
  • Only email required for account identification
  • Optional profile information
  • No telemetry or tracking
  • User-controlled data export and deletion

Quick Start

1

Install Dependencies

cd apps/secure
npm install
2

Configure Environment

Create .env.local with required variables:
MONGODB_URI=mongodb://localhost:27017/securevault
JWT_SECRET=your-secret-key
JWT_REFRESH_SECRET=your-refresh-secret
3

Run Development Server

npm run dev
Open http://localhost:3000 to access SecureVault.

Security Considerations

Master Password: The master password is the key to everything. If lost, there is no recovery option due to the zero-knowledge architecture. Users should save their recovery key during registration.
Zero-knowledge architecture ensures that even if the server is compromised, user data remains secure because the server never has access to unencrypted data or encryption keys.
Users can generate a recovery key during registration. This key must be stored securely offline. Without the master password or recovery key, data cannot be decrypted.
Password strength is calculated client-side using entropy analysis, pattern detection, and character variety checks. No passwords are sent to external services.

Next Steps

Features

Explore all features including password generation and organization

Password Management

Learn how to manage passwords effectively

Security Details

Deep dive into encryption and security architecture

Categories & Tags

Organize your vault with categories and tags

Build docs developers (and LLMs) love

Get started for freeTalk to us