Secure, Offline, Local Password Manager

OneCritto protects your passwords, files and private notes using strong modern encryption. Completely offline and no cloud sync. Your master password and vault contents stay on your device. Source code publicly auditable — reviewed and cloned by developers worldwide.

View on GitHub Download Free Donate

Free and open source. No license, no subscription, no account required.

Linux Windows
OneCritto vault screenshot

Designed for security. Built for performance.

OneCritto protects your most sensitive information with modern encryption and a focused desktop experience. Everything runs locally on your device.

AES-256-GCM + Argon2id

Every record encrypted with unique IV and salt. Master key derived via Argon2id. Authenticated encryption with HMAC-SHA256 integrity.

One Vault, Everything Protected

Passwords, files, notes and SSH connections in a single portable .onecritto file. Copy it, back it up, carry it anywhere.

Sentinel — Security Engine

Scores every password 0–100, flags weak, common and duplicate credentials, builds a prioritised rotation plan, and coaches you with per-entry tips sorted by severity. Includes a strong (8–40 chars) and mnemonic password generator.

Breach Control

Checks passwords against Have I Been Pwned via k-anonymity. Your passwords never leave the device.

Encrypted File Storage

Store any file inside the vault — IDs, certificates, private keys, contracts. Each file is encrypted with AES-256-GCM streaming, never fully loaded in RAM. Open, export or secure-wipe with one click.

100 % Offline, Zero Cloud

No sync, no telemetry. Clipboard auto-cleared after 20 s, session locks after 3 min.

SSH Connection Manager

Store encrypted SSH keys, configure connections and launch sessions with one click. Keys are securely wiped on exit.

CSV Import

Import from 10 managers (Chrome, Firefox, Bitwarden, KeePass, LastPass, 1Password, Dashlane, NordPass, Proton Pass, Safari) with smart field mapping.

Secure Temp Cleanup

One-click wipe of decrypted temp files. Every file is overwritten with random data before deletion (secure wipe).

Compatibility

Windows 11 and Linux. 64-bit CPU, 8 GB RAM, 200 MB free storage.

Don't trust us — read the code.

Developers clone and audit OneCritto's source before using it. That's exactly how a password manager should work.

Public Source Code

Every line of OneCritto is on GitHub. No obfuscated binaries, no server-side logic you can't inspect.

Build from Source

Clone the repository and run it yourself with a single mvn clean javafx:run. Same result as the official release.

Zero Hidden Telemetry

No analytics SDK, no crash reporters phoning home, no tracking pixels. Verify it in the source — it's all there.

View on GitHub

Free and open source.

OneCritto is completely free and open source. Every download is the full edition.

Download Free Donate

If you find OneCritto useful, you can support the project with an optional donation via PayPal.