Local-first - End-to-end encrypted - Multi-device

Secure passwords.
Private from first unlock
to daily sync.

VaultMesh keeps your vault encrypted on your own devices. Mobile and desktop sync directly, with no required hub and no plaintext exposure to relay transport.

Get VaultMesh How sync works
Encryption XChaCha20-Poly1305
KDF Argon2id
Key Exchange X25519 + SPAKE2
Platforms iOS - Android - Mac - Win - Linux
See It In Action

Three features,
one glance.

Watch how VaultMesh pairs your devices, syncs your vault, and fills in your passwords — all without a cloud middleman.

Paired Paired Paired Paired P2P Mesh
Secure Device Pairing — Direct device-to-device key exchange via SPAKE2. No server involvement. Works over LAN or relay.
Features

Simple workflow,
serious security.

Built so mobile and desktop users can share one encrypted vault without trusting any third-party service with keys or plaintext.

Zero Knowledge
No server can read your vault. Encryption and decryption happen only on your devices. Keys never leave local storage.
Local First
Your vault is stored locally in an encrypted database. VaultMesh remains fully usable offline with zero network dependency.
Conflict-Free Sync
Hybrid logical clock and version vectors merge concurrent edits deterministically with no data loss across devices.
Independent Sync
Mobile and desktop sync without requiring a hub device. Each device is a first-class sync participant.
Secure Pairing
SPAKE2 plus human verification ensures only your trusted physical devices can join your sync domain.
Browser Extension
Extensions connect to the desktop client for secure autofill. Sensitive data stays out of long-term browser storage.
How It Works

Four steps from
first install to daily use.

Start on any device you prefer, then pair more trusted devices when you want shared sync.

01
Install on Any Device
Install VaultMesh on mobile or desktop with no account registration or cloud setup.
02
Create Your Vault
Set your master password. Data is encrypted with Argon2id and XChaCha20 before storage.
03
Pair Trusted Devices
Use QR or pairing code between devices and verify the security string before approving.
04
Use Everywhere
Keep one encrypted vault across mobile and desktop. Add browser extension integration when needed.
Download

Downloads
and store links.

Use official stores for mobile and browser extensions. Direct desktop and relay packages are served from this site.

Mobile Apps
Mobile sync is independent and does not require desktop
iOS App
Apple App Store
App Store
Android App
Google Play
Google Play
Desktop Client
Use App Store for Safari AutoFill; use desktop packages for Chrome/Firefox/Edge AutoFill
Windows
Chrome / Firefox / Edge AutoFill support
Download
macOS App Store
Safari AutoFill support
App Store
macOS Universal DMG
Chrome / Firefox / Edge AutoFill support
Download
Linux
Chrome / Firefox / Edge AutoFill support
Download
Linux (.deb)
Chrome / Firefox / Edge AutoFill support
Download
Browser Extensions + CLI
Extensions require desktop app via native messaging
Chrome Extension
Chrome Web Store
Chrome
Firefox Extension
Firefox Add-ons
Firefox
Edge Extension
Microsoft Edge Add-ons
Edge
CLI Packages
Coming soon in release workflow
Status

Need remote sync across networks?

Use a relay node for NAT traversal. Relay forwards encrypted payloads only and never reads vault plaintext.

View Relay Guide
checksums.txt