Zero-knowledge encryption
Your master key is derived on-device with PBKDF2 (600k iterations). Every item is sealed with its own AES-256-GCM key. The server only ever holds ciphertext.
Logins, passkeys, 2FA codes, SSH keys, API tokens and crypto seeds — encrypted with AES-256-GCM on your device and synced across yours. Your passphrase never leaves the device, so no one — not even Transcenda — can read your vault.
Real end-to-end encryption, a native passkey provider, and every credential type you actually use.
Your master key is derived on-device with PBKDF2 (600k iterations). Every item is sealed with its own AES-256-GCM key. The server only ever holds ciphertext.
Sign in to passkey-enabled sites straight from the system autofill prompt — no copy-paste, no switching apps.
Scan a QR or paste a secret and your TOTP codes live right beside the login they protect — rotating every 30 seconds.
Face ID, Touch ID or fingerprint opens your vault; your master passphrase is always the fallback. Auto-locks when you step away.
Add a credential on your phone, find it on your tablet — encrypted in transit and at rest, in seconds.
Check any saved password against known breaches with a privacy-preserving k-anonymity lookup — your passwords never leave the device.
TranVault is built so that a breach of our servers reveals nothing. Encryption happens before anything is stored — there is no master key on a server to steal.
Because only you hold the key, if you forget your master passphrase your vault cannot be recovered — by you or by us. That's the point.
Free on Google Play and the App Store. Set a passphrase, seal your first credential, and own your keys in under a minute.