Skip to content
LitePassword
Sign in Get started — free
For 1 to 50-person teams

A password manager
that doesn't
overreach.

Encrypted vaults for your logins, cards, and notes. A private vault that's just yours, plus shared vaults with three clear roles. Master password derives the encryption key on your device — we store ciphertext, you keep the only key that opens it.

AES-256 + PBKDF2 key derivation
Recovery key on first setup
No master password reset
Production credentials
SHARED
L
GitHub — engineering org
engineering@nordcraft.studio
LOGIN
P
Stripe — restricted key
rk_live_ •••••••••
PASSWORD
C
Brex — corporate card
5544 •••• •••• 7821
CARD
N
DR — runbook
12 sections · updated 4d ago
NOTE
·
License — Adobe team
Custom · 4 fields
CUSTOM
RMFTIC
5 of 23 · 7 members
VAULT ROLES
Adminmanage all
Manageradd + share
View onlyread
01 — STRUCTURE

Two kinds of vault.
That's the whole model.

Every account starts with a private vault — only you can ever unlock it, even if you're the workspace admin. Shared vaults sit next to it, scoped to a team and gated by role. Each vault gets its own encryption key, wrapped with your master-password-derived key.

PRIVATE

Personal vault

Auto-created the first time you sign in. Holds your own logins, cards, secure notes, and custom secrets. Counts toward your plan's usage limits.

role: owner 1 member
SHARED

Team vault

For credentials a small group needs. Roles control what each member can do. Invitation keys handle key exchange — no plaintext touches our servers.

admin · manager · viewer unlimited members
5 TYPES

Structured secrets

Login, password, credit card, secure note, and custom-fields. Each type ships with a sensible default field set. Custom lets you define your own keys.

AES-256 payload field-level reveal
02 — HOW UNLOCK WORKS

Your master password
never leaves your device.

We use PBKDF2 to derive a 256-bit key from your master password on-device. That key unwraps your per-vault keys, which decrypt secrets in your browser. The server only ever sees ciphertext.

01 · CLIENT
master password →
PBKDF2
salted with user id
02 · CLIENT
derived key →
Unwrap vault key
held in memory only
03 · CLIENT
decrypt secret →
AES-256
in the browser
04 · SERVER
at rest →
Ciphertext only
we can't read it
RECOVERY KEY

When you set up your master password we generate a one-time recovery key and show it to you. Store it somewhere safe — it's the only way to reset your master password later. We never see it.

SHARED VAULT KEYS

When you invite someone, the vault key is wrapped with a one-time invitation key. On their first unlock they re-wrap it with their own derived key. Plaintext keys never hit our disks.

03 — IN THE APP

Built for the boring,
important parts of a team.

F1

Password generator

Length 8 to 100, toggle numbers and symbols. A five-tier strength label tells you when you're in the green. Generate fresh values per field while editing a secret.

F2

Type-aware secrets

Login, password, credit card, and secure note each open with sensible default fields. Custom type lets you define your own field names for anything else.

F3

Role-based access

Admin manages members and account settings. Manager creates and edits vaults. View-only reads secrets without making changes. Per-user vault access — finer-grained than account role.

F4

Reveal-on-click

Secret values stay masked until you choose to reveal or copy. Password fields show a live strength meter when revealed. One click copies the value to your clipboard.

F5

Multiple accounts

Belong to several workspaces with one sign-in. Switch between your personal account and team accounts from the top bar. Each has its own vaults, members, and billing.

F6

Email invites

Invite teammates by email and pick Manager or View-only. They keep their own master password — your account never sees it. Pending invites stay in the Users page until accepted.

Stop sharing passwords in Slack messages.

Create your account in under a minute. Pick a master password. We'll generate your recovery key for you.

Create free account → See how vaults work