Secure, Offline, Local Password Manager

AES-256-GCM + Argon2id

Every record encrypted with unique IV and salt. Master key derived via Argon2id. Authenticated encryption with HMAC-SHA256 integrity.

One Vault, Everything Protected

Passwords, files, notes and SSH connections in a single portable .onecritto file. Copy it, back it up, carry it anywhere.

Sentinel — Security Engine

Scores every password 0–100, flags weak, common and duplicate credentials, builds a prioritised rotation plan, and coaches you with per-entry tips sorted by severity. Includes a strong (8–40 chars) and mnemonic password generator.

Breach Control

Checks passwords against Have I Been Pwned via k-anonymity. Your passwords never leave the device.

Encrypted File Storage

Store any file inside the vault — IDs, certificates, private keys, contracts. Each file is encrypted with AES-256-GCM streaming, never fully loaded in RAM. Open, export or secure-wipe with one click.

100 % Offline, Zero Cloud

No sync, no telemetry. Clipboard auto-cleared after 20 s, session locks after 3 min.

SSH Connection Manager

Store encrypted SSH keys, configure connections and launch sessions with one click. Keys are securely wiped on exit.

CSV Import

Import from 10 managers (Chrome, Firefox, Bitwarden, KeePass, LastPass, 1Password, Dashlane, NordPass, Proton Pass, Safari) with smart field mapping.

CSV Export

Export selected entries to a UTF-8 CSV (name,url,username,password,note) via a checkbox picker. Round-trip compatible with the import flow.

Note: the file contains plain-text credentials — store it safely and delete it when no longer needed.

Secure Temp Cleanup

One-click wipe of decrypted temp files. Every file is overwritten with random data before deletion (secure wipe).

Compatibility

Windows 11 and Linux. 64-bit CPU, 8 GB RAM, 200 MB free storage.