Your passkey isn't a login shortcut. It's the encryption key.

Most password managers let you sign in with a passkey but still hold a master-password-derived key that can decrypt your vault. Pass014 doesn't have one. The encryption key is derived directly from your security key or Face ID — no fallback exists, anywhere.

Open source · Self-hosted · Desktop (macOS · Linux · Windows), iOS & Firefox

Two ways to run it: connect to a backend you host, or keep the whole vault on one device with no server at all. Either way the passkey is the key.

No master password — anywhere

Other managers add passkeys as a login shortcut on top of a master-password-derived key. Pass014 derives the encryption key from the passkey's PRF output itself. No password exists to bypass, on the server or on disk.

Hardware-bound, never synced

Register a device-bound Secure Enclave key — Touch ID or Face ID that never leaves the machine and never syncs to iCloud Keychain. Flip on hardware-only mode and the server refuses syncable passkeys outright, so your vault's root key can't leak through someone else's cloud account.

Server can't read your vault

Entries are AEAD-sealed under a per-vault key, which is wrapped under your account key, which is derived from a per-passkey PRF. The backend stores ciphertext + envelopes. Compromise the server and you have a brick.

Or skip the server entirely

Local-only mode keeps the whole vault on one device — no backend, no network, no account anywhere else. On iPhone it's "Set up on this iPhone", unlocked by Face ID; on desktop, a security key or Touch ID. The authenticator is the passkey. Add a recovery security key later — until you do, there's no recovery if you lose the device.

You host it

Single Go binary plus nginx. Default storage is SQLite — no external services, no third-party telemetry, no upstream account. Backup is a GPG-encrypted file you keep wherever you want.

Cross-device, by design

Add a new phone or laptop by scanning a one-shot QR code on your already-signed-in machine. Both sides display an 8-hex code; you compare on screen, the owner taps Approve. No password roams. Reconnect a fresh machine to an existing account with your username and a registered key — no invite needed.

Share without giving up the key

Vaults can be shared by name to other Pass014 users. The vault key is sealed for the recipient via X25519 — your machine never hands it to the server, and the server can't forward it.

Autofill in iOS & Firefox

iOS credential-provider extension fills logins in Safari and any app that publishes its associated domain — from a local AEAD-sealed snapshot, no network needed once the vault is unlocked. The Firefox extension handles desktop-browser login + fill.

More than passwords

Logins, cards, notes, SSH keys, Wi-Fi, and a dozen more entry kinds — plus built-in TOTP two-factor codes and a strong password generator. Show a Wi-Fi network or a stored barcode as a scannable code on screen.

Nothing's gone by accident

Deleting an entry moves it to a Trash you can restore from or empty. Every edit is kept as per-entry version history — reveal an old value or roll the entry back.

Built to live in

Sort and search entries across every unlocked account, rename vaults and devices, and choose how dates display. Sign in with a security key on macOS, Linux, and Windows (no admin rights), or with Touch ID / Face ID.

How a sign-in actually works

1

Passkey ceremony

You tap a security key or Face ID. The authenticator returns an assertion plus a PRF output — a 32-byte secret derived from the passkey and a per-account salt.

2

Local key derivation

PRF output (or a Secure Enclave ECDH) → HKDF → device key. Server hands over your account-key envelope (AEAD-sealed under the device key). Decrypted locally. The server never sees the plaintext key.

3

Vault unlocked

Each vault's encryption key is wrapped under either your account key (private) or sealed for you over X25519 (shared). Both unwrap on-device; entries decrypt one at a time on reveal.

Self-host on a small box

One static Go binary, nginx as TLS terminator, SQLite by default. Small enough to run on a $5 VPS.

# build + install the binary + systemd unit + admin token
curl -L https://github.com/berrabou/pass014/archive/main.tar.gz \
  | tar -xz
cd pass014-main
sudo deploy/install.sh

# then: edit /etc/pass014/config.env, drop in deploy/nginx.conf.example
# template (Let's Encrypt covered in deploy/README §6),
# `systemctl start pass014.service`, and you're up.

Full six-step walk-through in deploy/README.md — config, systemd, nginx, TLS. Single-user, multi-user, family — same setup either way.

Threat model, briefly

What the server learns
Your username, your devices' public WebAuthn credentials, when you signed in, the size of your vault, and audit-log entries for membership changes. It does not learn entry contents, entry names, your account key, vault keys, or anything decryptable.
What a stolen device learns
Nothing without your passkey. The account key envelope is AEAD-sealed under the device key, which is reconstructed from your passkey or Secure Enclave only at unlock time — and no bearer token sits on disk either. No passkey, no device key, no key.
What sharing leaks
Membership rows are visible to vault owners; the recipient's public X25519 key is visible to anyone signed in (it's what sealing-for-recipient needs). Vault contents stay sealed.
What a compromised server can do
Refuse to serve vault payloads (DoS), serve old vault versions (replay), or lie about who's a member of which vault. It cannot decrypt anything — your encryption key never reaches the server. Frontends are bundled with each client binary (Tauri desktop, native iOS, Firefox extension), so the server never gets to serve JavaScript either.
What stays on your device
For offline reads and autofill, the iOS app caches an AEAD-sealed snapshot of each vault on disk and stores the vault key in the biometric-gated Keychain. Lose the phone and bypass Face ID, and the cache is at risk — same posture as any password manager that offers offline mode. See docs/security-model.md for the full breakdown.

Get the code

Pass014 is open-source under the AGPL-3.0 license. Backend (Go), desktop app (Tauri + React), iOS app (SwiftUI + Rust via UniFFI), and Firefox extension all live in one workspace.