Open Source Recovery Guarantee
Your vault survives us.
Even if VaultPass ceases operations tomorrow, your vault is permanently recoverable using a standalone script hosted on GitHub — no VaultPass servers, no login, no subscription required.
How recovery works without VaultPass
Export your encrypted vault
From Settings → export a single .vault file. This is your AES-256-GCM encrypted blob — self-contained, no cloud required.
Download the recovery script
A single JavaScript file hosted permanently on GitHub. It runs entirely in Node.js with zero external dependencies.
Decrypt offline
Run: node recover.js --vault your.vault --password YOUR_MASTER_PASSWORD. Your vault decrypts locally. No internet. No VaultPass.
AES-256-GCM
Public standard. Decryptable by any compliant tool.
Zero dependencies
Recovery script uses only built-in Node.js crypto.
Permanently hosted
GitHub repository is archived and cannot be deleted.
Full Open-Source Release · Q3 2026
The complete VaultPass cryptographic core — key derivation, AES-GCM encryption, and Shamir sharding — will be published under MIT licence with a reproducible build and independent audit report.