Secrets, without the museum glass.
Salattu is a zero-knowledge password manager for passwords, one-time passwords, secure notes, SSH keys and passkeys: built to feel fast, inspectable and alive on every platform.
Rust where the vault gets serious.
vault preview
Credential cockpit
github.com
password
T3 Cloud
passkey
prod-ed25519
ssh key
Recovery codes
secure note
Bank TOTP
mfa
Feels like a product, not a settings page.
A vault for the things passwords became.
Modern credential management is no longer just username combined with a password. Salattu gives every secret a clear place and purpose.
Passwords
MFA
Secure notes
SSH keys
Passkeys
Useful infrastructure. Useless to attackers.
The backend can sync, route, authenticate and scale without becoming the owner of user secrets. That boundary is the product.
Encrypt locally
Secrets are encrypted on the client before sync begins.
Sync ciphertext
The backend coordinates encrypted vault state, not readable records.
Verify in public
Open source makes the security boundary inspectable instead of decorative.
Trust is better when people can inspect it.
Salattu's open-source model makes its security claims reviewable while leaving room for hosted sync, support and team features.
View on GitHubexport async function deriveAesKeyFromPassword(password: string, saltB64: string): Promise<Uint8Array> {
const salt: Uint8Array = b64decode(saltB64)
return argon2idAsync(enc(password), salt, {
t: 3,
m: 512 * 1024,
p: 1,
dkLen: 32,
version: 0x13
})
}
export async function aesGcmEncrypt(plainText: string, key: Uint8Array): Promise<Wrapped> {
const iv = randomBytes(12)
const plainBytes = enc(plainText)
const cipher = gcm(key, iv).encrypt(plainBytes)
return { cipherB64: b64encode(cipher), nonceB64: b64encode(iv) }
}A vault that feels fast before it explains why.
Start with the web vault today. Native apps, mobile clients and browser extensions can slot naturally into the same product language.