Skip to content

whizzsfe/PINvault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github
.github
 
 
README.md
README.md
 
 
vault.html
vault.html
 
 

Repository files navigation

🔐 PIN Vault

A zero-dependency, single-file HTML app for securely storing PINs, passcodes, usernames, notes, and TOTP seeds — locally on your machine, with no server, no cloud account, and no install required.

Features

  • AES-GCM 256-bit encryption — every entry is individually encrypted using a key derived from your master password via PBKDF2
  • Windows Hello support — acts as a presence gate on supported origins (HTTPS / localhost); falls back to master password automatically on file://
  • Cross-device sync — point the app at a shared vault file on OneDrive, Dropbox, or a network drive; the same master password decrypts it on every machine
  • Conflict detection — if another machine saves to the vault while you have it open, you're prompted to Reload, Overwrite, or Cancel before any data is lost
  • Auto-lock — vault locks automatically after 5 minutes of inactivity; the derived key is cleared from memory
  • No install, no build — open vault.html directly in your browser from file://

Entry Types

Type What's stored
PIN Numeric code
Password Passphrase or passcode
Username Username + optional associated password
Note Freeform text
TOTP Secret seed (copy into Microsoft Authenticator or similar)

Getting Started

First use

  1. Download vault.html and open it in Microsoft Edge or Chrome
  2. Click New vault and choose where to save your *.vault.json file (e.g. your OneDrive folder)
  3. Enter a strong master password and click Unlock
  4. Click + Add Entry to start adding your secrets

Returning use

  1. Open vault.html
  2. Click Open existing vault and navigate to your *.vault.json
  3. Enter your master password and click Unlock

Using across multiple computers

Save your *.vault.json to a shared location (OneDrive, Dropbox, NAS, etc.). Open the same file from each machine — the master password decrypts it identically everywhere. If both machines have the file open simultaneously and both save, the conflict modal will guide you through resolving it safely.

Security Model

  • Your master password never leaves your machine — it is used only to derive a local AES-GCM key via PBKDF2
  • The derived key exists in memory only while the vault is unlocked; it is cleared on lock or after 5 minutes idle
  • The *.vault.json file contains only ciphertext, a random salt, and per-entry IVs — no plaintext is ever written to disk
  • Windows Hello (where available) adds a local presence check but plays no role in encryption — the same vault decrypts on any machine with the correct password

Browser Compatibility

Browser Works from file:// Windows Hello
Microsoft Edge ✅ (HTTPS / localhost only)
Chrome / Chromium ✅ (HTTPS / localhost only)
Firefox ❌ (no File System Access API)

Note: Windows Hello is automatically disabled when the app is opened from file://. The app falls back to master-password-only mode and tells you why.

Files

vault.html        ← entire app (HTML + CSS + JS, single file)
*.vault.json      ← your encrypted vault data (you choose the location)

No node_modules, no build output, no config files.

Development

No build step. Edit vault.html directly and reload in your browser.

To test Windows Hello locally:

npx serve .
# then open http://localhost:3000/vault.html

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1 Latest
Mar 22, 2026

Packages

 
 
 

Contributors

Languages