# Vault

> Zero-knowledge password manager with passkey authentication, E2E encryption, and secure vault sharing

## Docs

- [Architecture](/architecture): Vault is built as a monorepo with multiple packages that work together to deliver a secure, cross-platform password management solution.
- [Features](/features): Vault is packed with features to keep your passwords secure and accessible.
- [Quick Start](/getting-started): Get up and running with Vault in just a few minutes.
- [Importing Passwords](/web/import): Import your existing passwords into Vault.
- [Web App](/web): Vault's web application is a full-featured Progressive Web App (PWA) with offline support.
- [PWA & Offline](/web/pwa): Vault is a Progressive Web App that works offline.
- [Keyboard Shortcuts](/web/shortcuts): Vault is designed for keyboard-first navigation.
- [Encryption](/security/encryption): Vault uses industry-standard encryption to protect your passwords. All cryptographic operations use the Web Crypto API.
- [Zero-Knowledge Security](/security): Vault implements a zero-knowledge architecture where your data remains encrypted end-to-end. The server never has access to your plaintext passwords.
- [Passkeys](/security/passkeys): Vault uses passkeys (WebAuthn) for authentication, providing phishing-resistant, passwordless login.
- [ECDH Vault Sharing](/security/sharing): Vault sharing uses Elliptic-curve Diffie-Hellman (ECDH) key exchange to securely transfer vault keys without the server ever seeing them.
- [Configuration](/getting-started/configuration): Configure Vault for development and production environments.
- [Installation](/getting-started/installation): Detailed installation instructions for all platforms.
- [Deployment](/development/deployment): Vault uses Cloudflare for all deployments: Workers for the API, Pages for the web app, and Workers Assets for static sites.
- [Contributing](/development): Vault is open source and welcomes contributions. This guide covers development setup, coding standards, and the contribution workflow.
- [Terminal Recordings](/development/recordings): Create terminal recordings for CLI demos using [VHS](https://github.com/charmbracelet/vhs).
- [Project Structure](/development/structure): Vault is a monorepo managed with pnpm workspaces and Turborepo.
- [Testing Guide](/development/testing): Vault uses Vitest for unit tests, Playwright for web E2E tests, and Detox for mobile E2E tests.
- [CLI Authentication](/cli/authentication): The CLI uses browser delegation for passkey authentication since terminals can't handle WebAuthn directly.
- [Entry Commands](/cli/entries): Manage vault entries from the command line.
- [Password Generator](/cli/generator): Generate cryptographically secure passwords and passphrases.
- [CLI Overview](/cli): The Vault CLI (`pwm`) brings password management to your terminal with Touch ID support, secret injection, and scriptable output.
- [Vault Sharing](/cli/sharing): Share your vault with other users using end-to-end encrypted ECDH key exchange.
- [Touch ID](/cli/touch-id): The Vault CLI supports Touch ID on macOS for quick vault access.
- [Secret Injection](/cli/use): The `pwm use` command runs programs with vault secrets injected as environment variables.
- [Authentication API](/api/auth): WebAuthn/Passkey authentication endpoints for secure passwordless login.
- [API Reference](/api): Vault's backend API is built with [Hono](https://hono.dev/) and runs on Cloudflare Workers, providing a fast, globally distributed API.
- [Sharing API](/api/sharing): Endpoints for vault sharing, invitations, and shared vault access.
- [Vaults API](/api/vaults): CRUD operations for encrypted password vaults.