The usual way
- Your secrets may sit readable on someone else's server
- You trust a provider to guard them for you
- A breach of their database can expose your accounts
- One central place holds the keys to everything
Zentlock is a zero-knowledge vault for logins, cards, identities, notes, SSH keys and 2FA codes. Everything is encrypted on your device before it is stored or synced, so without your master passphrase, no one — not even us — can read it. Share collections end-to-end, and sync through your own Google Drive.
Zentlock builds a chain of keys from your master passphrase down to each item. Every layer is encrypted, nothing readable is ever stored, and the keys live only in memory on your device after you unlock.
The one secret you remember. It is never sent anywhere and never stored — Zentlock cannot see it or reset it.
Derived from your passphrase with the memory-hard Argon2id algorithm and a unique salt, so guessing is slow and expensive.
A strong random key that protects everything, kept wrapped by your master key and unlocked only in memory on your device.
Each collection has its own key and every item is encrypted, so a single share or revoke never exposes the rest of your vault.
Watch how a secret moves through Zentlock — encrypted on your device, synced as ciphertext, unlocked anywhere, and shared end-to-end. Let it play, or step through it yourself.
Pick a master passphrase. It never leaves your device and is never stored — it's the one secret only you know.
Zentlock is a full password manager — store and organize every kind of credential, generate strong passwords, keep your 2FA codes, and share safely with the people you trust.
Keep every kind of secret together, neatly typed.
Find and tidy items the way you think.
Fast on trusted devices, strict when it matters.
Give the right people access, end-to-end encrypted.
Stronger passwords and your 2FA codes, built in.
Your data, on every device and always yours.
Zentlock runs natively on your computer, in the browser, as an extension that fills logins for you, and on your phone — all sharing the same encrypted vault, synced through your own Google Drive.
A native app for your computer, with secure unlock built in.
Open your vault in any modern browser, nothing to install.
Fill logins where you actually use them.
Your vault in your pocket, with quick unlock.
Zentlock is zero-knowledge from the ground up. Your data is encrypted on your device, the keys are yours alone, and an exposed database — including your Drive copy — reveals only unreadable ciphertext. You can export everything or wipe a device whenever you like.
“Finally a password manager where I genuinely hold the keys. Everything is encrypted on my machine, it syncs through my own Drive, and sharing a collection with my partner took seconds.”
“Zero-knowledge, AES-256, Argon2id, end-to-end sharing with key rotation on revoke — it ticks every box I care about, and it's free and open source. The built-in authenticator means I dropped a second app.”
“I keep the family's logins in one shared collection and the kids get read-only access. The recovery key saved me once already. It just feels safe and simple.”
“We use it across the team for shared service credentials. Per-collection sharing, instant revoke, and nothing readable ever touches a server — it sailed through our review.”
Yes. Zentlock is completely free and open source under the MIT license, for both personal and everyday work use. There is no subscription and no paid tier.
No. Zentlock is zero-knowledge. Your data is encrypted on your device with AES-256-GCM, and the keys are derived from your master passphrase, which never leaves your device. Even if someone obtained the stored database — including the copy in your Google Drive — they would see only unreadable ciphertext.
Your encrypted vault lives on your own device, and you can optionally sync it to your own Google Drive so it is available on every device. Only encrypted data is ever stored or synced — no readable passwords or keys are kept on any server.
At setup Zentlock can generate a one-time recovery key that restores access if you forget your passphrase. Keep it somewhere safe. Without the passphrase or the recovery key, the vault cannot be decrypted — which is exactly what keeps it private.
Zentlock runs as a desktop app on Windows, macOS and Linux, in modern web browsers, as a browser extension that can autofill logins, and on mobile — all sharing one vault. It works offline and syncs your encrypted vault when you are online.
Yes. Zentlock has a built-in authenticator that generates time-based one-time codes. You can add codes by pasting an otpauth link or a secret (or scanning a QR code on devices with a camera), keep them standalone, or attach them to a login. It can fully replace a separate authenticator app.
Yes. You can share a whole collection with someone by email, choosing read-only or read & write access. Sharing is end-to-end encrypted, so only the recipient can decrypt it, and you can revoke access at any time — after which they can no longer see future changes.
Yes. Zentlock imports JSON files, mapping entries to logins, cards, identities and notes. You can also export your vault as plain or encrypted JSON for backups or to move it elsewhere — your data is always yours to take with you.
Zentlock uses AES-256-GCM authenticated encryption for your data and the memory-hard Argon2id algorithm to derive keys from your passphrase, with public-key encryption for sharing. These are widely trusted, industry-standard algorithms, strong enough for organization-level use.
Yes. Zentlock is offline-first — your vault is fully usable with no internet connection. When you reconnect, your encrypted changes sync in the background to your own Google Drive if you have it connected.
Create a vault in a minute, on the device you already use. It's free, your data stays encrypted on your side, and you can take it with you anytime.