Zero-knowledge credential vault

Everything you protect.
Sealed in one vault.

Logins, passkeys, 2FA codes, SSH keys, API tokens and crypto seeds — encrypted with AES-256-GCM on your device and synced across yours. Your passphrase never leaves the device, so no one — not even Transcenda — can read your vault.

Live on Google Play & the App Store
AES-256-GCM PBKDF2 · 600k iterations Zero-knowledge Open-source crypto
TranVault 2FA codes screen
TranVault credential types — logins, cards, crypto, SSH, 2FA and more
TranVault vault screen
2FA · codes beside logins 14 types · passwords, TOTP, crypto, SSH Vault · everything sealed
Built for what matters

A vault that earns the name.

Real end-to-end encryption, a native passkey provider, and every credential type you actually use.

Zero-knowledge encryption

Your master key is derived on-device with PBKDF2 (600k iterations). Every item is sealed with its own AES-256-GCM key. The server only ever holds ciphertext.

Native passkey provider

Sign in to passkey-enabled sites straight from the system autofill prompt — no copy-paste, no switching apps.

2FA codes built in

Scan a QR or paste a secret and your TOTP codes live right beside the login they protect — rotating every 30 seconds.

Biometric unlock

Face ID, Touch ID or fingerprint opens your vault; your master passphrase is always the fallback. Auto-locks when you step away.

Synced across your devices

Add a credential on your phone, find it on your tablet — encrypted in transit and at rest, in seconds.

Breach monitoring

Check any saved password against known breaches with a privacy-preserving k-anonymity lookup — your passwords never leave the device.

How your vault stays yours

The key is yours.
Only yours.

TranVault is built so that a breach of our servers reveals nothing. Encryption happens before anything is stored — there is no master key on a server to steal.

Because only you hold the key, if you forget your master passphrase your vault cannot be recovered — by you or by us. That's the point.

  1. 01
    Derive on devicePBKDF2-HMAC-SHA256, 600,000 iterations, from a passphrase that never leaves your phone.
  2. 02
    Encrypt per itemEach entry gets its own AES-256-GCM data key, wrapped by your master key.
  3. 03
    Store ciphertext onlySync carries sealed envelopes. The server can't read names, secrets, or seeds.
  4. 04
    Unlock with you presentBiometric or passphrase decrypts in memory; the vault auto-locks and wipes the key when idle.
One home for all of it

Fourteen kinds of secret. One vault.

Login Passkey TOTP / 2FA API Key Secret Key Token SSH Key Server Database Crypto Wallet Certificate Wi-Fi Credit Card Secure Note

Your secrets deserve a real vault.

Free on Google Play and the App Store. Set a passphrase, seal your first credential, and own your keys in under a minute.