Security & architecture

Designed so the server can’t decrypt your vault.

Vestyn encrypts vault contents on your devices. The server stores ciphertext, account records, and sync metadata — enough to keep devices in step, not enough to read secrets.

The short version

Your master password never leaves your device. It is stretched locally into key material, then each vault item is sealed before upload. The server receives authenticated ciphertext plus the metadata needed for login, sharing, and sync.

Key derivation

On unlock, your master password and a per-account salt are processed locally with Argon2id. The derived key unwraps your account key, which in turn unlocks vault keys. Keys are held in memory only while needed; on macOS, Touch ID can release a Keychain-protected restore key without exposing biometric data to Vestyn.

# on your device, never sent rootKey = argon2id(masterPassword, salt, memory = 256 MiB, iterations = 3, parallelism = 4) # the server only gets a one-way verifier authVerifier = HKDF(rootKey, "vestyn-auth")

Encryption

Each item is serialized to JSON and sealed individually. Names, usernames, URLs, notes, and TOTP secrets live inside the encrypted payload. The server sees ids, vault membership, timestamps, nonces, and authenticated blobs; it does not receive the plaintext item fields.

Vaults & sharing

Every vault has its own symmetric key. To share a vault, that key is wrapped to each member’s public key, so access is tied to cryptographic material as well as server-side membership. Revoking access should be paired with key rotation for future secrecy.

Authentication & Touch ID

The server authenticates you with a verifier it cannot reverse into your password. Biometric unlock is handled by the operating system: Vestyn asks macOS to authorize access to Keychain-protected material after Touch ID succeeds. Vestyn never sees your fingerprint.

What the server can and cannot see

The server seesThe server never sees
Encrypted item blobs
Authenticated ciphertext and nonces
Master password
Never transmitted, in any form
Item & vault ids
Random identifiers for sync
Item contents
Names, usernames, passwords, URLs, notes
Timestamps & sizes
For sync and conflict handling
Decryption keys
Derived and held on client devices
Account email
For login and invites
TOTP secrets
Sealed inside item ciphertext

Transport & storage

All client traffic should run over TLS to your instance — there is no Vestyn-operated cloud in the vault data path. At rest, the database stores ciphertext and operational metadata; encrypting volumes and backups is still recommended defense in depth.

Open source

The protocol and clients are open source under the AGPL-3.0 license. You can inspect the implementation, run your own server, and compare release notes and checksums before installing updates.

Set up your own instance →