V24
VAULT 24

Your zero-knowledge vault.
Secure, private, always yours.

Sign In

Sign in as: Switch Account

Don't have a vault? Create Account

Create Account

Password Strength

Already have a vault? Sign In

Vault24 Client • Self-Hosting Guide

Welcome to Vault24

Where would you like to sync your vault?

You can change this later in Settings.

A new update is available (). View Release Notes
V24
0
Security Alerts
All passwords look healthy!
U
User Free Plan
  • Settings
  • Lock Session
V24
  • Dashboard
  • Passwords
  • Folders
  • Shared Items PRO
  • Audit Log
  • Reports
  • Settings
username
  • Dashboard
  • Passwords
  • Folders
  • Shared Items PRO
  • Audit Log
  • Reports
  • Settings
username Synced
Self-Hosting Guide

Dashboard Summary

0 Total Items
0 Folders
0 Passwords
0 Secure Notes

Usage Frequency (Top Accounts)

Password Health Ratio

0%

Strong & unique credentials

Strong Passwords Ratio

0%

Meet security criteria

Vault Security Status

No security issues detected. Your cryptographic keys are secure.

Passwords

Folder

Shows 50
Folder Name Actions
Folder > Folder Name

Audit Log

A detailed record of all vault activity — passwords, folders, sessions and more.

0 events

No events match your filters

Vault Security Reports

Vault24 Portability & Integrity Report

Generated on: --

Overall Password Health

0%

Percentage of strong and unique passwords

Vault Integrity Breakdown

Total Saved Items 0
Weak Passwords 0
Reused Credentials 0
Breached Passwords 0

Top Accounts Usage Statistics

Account Title Folder Usage Count

Vault Settings

Account Details & Subscription

Username -
Member Since -
Plan Type Check your current plan details and features.

WebAuthn Passwordless Auth

Passkey Key Registration Register a secure biometric/hardware key (WebAuthn/FIDO2) for instant entry.

Registered Keys

CSV Data Import / Export

Import vault records from Bitwarden, 1Password, or Zoho Vault formats, or backup your decrypted database records.

Import CSV Drop Bitwarden/1Password CSV
Export Vault Zeroes plaintext memory after download

Sync Server

—

Point your Vault24 client to a private sync server running locally or globally via Docker.

License Key Activation

Activate premium features for your self-hosted instance using a license key.

Security & Preferences

Auto-Lock Session Timeout Time of inactivity before memory variables are wiped and the screen locks.
Clipboard Clear Timeout Wipe copied credentials from clipboard after selected period.
Default Extension View Choose the default view displayed when opening the extension.
Extension Save Prompt Ask to save new/updated passwords on form submit.

Security Notifications

Compromised Password Checks When enabled, passwords are checked against the HaveIBeenPwned breach database using k-anonymity — only the first 5 characters of a SHA-1 hash are ever sent. Your actual password never leaves this device.
Run a Check Now Manually scan your current vault for breached passwords.

Master Key Management

Update Master Password Requires re-encrypting all entries in memory before syncing.

Add Vault Item

Password Generator
Length: 16
Words: 4
Live Code
------
30s
Encrypting & uploading to R2... 0%

Enter Master Password

To decrypt your vault, please enter your Master Password. This derived key is maintained strictly in-memory.

Update Master Password

Create Folder

Confirm

Move to Folder

Select a target folder to move contents into. Source folders will be removed.

No matching folders found.

Item Details

Change History

Secure Shared Item

Securely share this credential using zero-knowledge end-to-end encryption. Enter the recipient's username below:

Upgrade to Vault24 Premium

Unlock the full capabilities of Vault24. Get access to advanced security tools, end-to-end sharing, and secure file attachments.

Free Plan

$0
  • Max 3 TOTP tokens
  • No file attachments
  • Standard cloud sync
Best Value

Premium Plan

£6.99/mo
  • Unlimited TOTP tokens
  • Secure file attachments
  • RSA end-to-end sharing
  • Priority support & scans
  • Copy Username
  • Copy Password
  • Copy TOTP
  • Edit Item
  • Delete Item

Sovereign Self-Hosting Guide

Vault24 supports 100% offline usage and self-hosted private deployments. Using Docker, you can run your own secure, zero-knowledge credentials sync node with a local SQLite database and local filesystem attachments, keeping your data fully sovereign on your hardware.

Prerequisites

  • A host machine (Home Server, Raspberry Pi, NAS, or private VPS) running Linux, macOS, or Windows.
  • Docker and Docker Compose installed.
  • Ports 8080 (Frontend) and 8000 (Backend) available.

Step 1: Save Docker Compose Configuration

Create a dedicated folder for Vault24 on your hosting device. Save the following as docker-compose.yml:

version: '3.8'

services:
  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: vault24-backend
    ports:
      - "8000:8000"
    environment:
      - JWT_SECRET=change-this-to-a-secure-random-key-for-your-vault
    env_file:
      - .env
    volumes:
      - ./vault.db:/app/vault.db
      - ./vault.db_r2_mock:/app/vault.db_r2_mock
    restart: unless-stopped

  frontend:
    image: nginx:alpine
    container_name: vault24-frontend
    ports:
      - "8080:80"
    volumes:
      - ./frontend:/usr/share/nginx/html:ro
    restart: unless-stopped
          

Step 2: Create Environment File

In the same folder, create a .env file. Leave values empty for a fully local setup (SQLite database, mock file storage):

# Vault24 Environment Configuration
# Copy this to .env and adjust as needed

# Turso (leave empty for local SQLite)
TURSO_DATABASE_URL=
TURSO_AUTH_TOKEN=

# Cloudflare R2 / S3 (leave empty for local mock)
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_ENDPOINT_URL=
BUCKET_NAME=vault24-attachments

# Stripe (optional, falls back to mock checkout)
STRIPE_SECRET_KEY=sk_test_mock_vault24
STRIPE_PUBLISHABLE_KEY=pk_test_mock_vault24
STRIPE_WEBHOOK_SECRET=whsec_mock_vault24
STRIPE_PRICE_ID=price_mock_premium
FRONTEND_URL=http://localhost:8080

# License Server
LICENSE_SERVER_URL=http://localhost:8001
LICENSE_SIGNING_SECRET=change-this-to-a-random-secret
          

Step 3: Deploy and Start Containers

Open a terminal in the folder containing your docker-compose.yml and run:

docker compose up -d --build
          

Step 4: Point Client to Your Server

Launch the Vault24 app at http://localhost:8080. During the setup wizard, select Self-Hosted and enter http://localhost:8000. Or after logging in, go to Settings, find the Sync Server card, enter your server address, and click Save Backend URL.

The app will reload and all vault syncs, authentication, and WebAuthn passkey operations will run against your private server.

Browser extension: The backend URL is automatically synced from the web app. If you change the URL in Settings, the extension picks it up on next unlock.

SSL and Global Access

To access your vault from outside your home network, configure an SSL reverse proxy (Nginx, Caddy, or Cloudflare Tunnel).

Security: Modern browsers require https:// or localhost for Web Crypto APIs. Always use valid SSL certificates when exposing your server globally.