🔐
Zero-Knowledge Vault
AES-256-GCM encryption with PBKDF2 key derivation. Your master password is never transmitted or stored on the server.
>
>
Zero-knowledge vault with client-side AES-256-GCM encryption. Your master password never leaves your device.
Encryption Standard
PBKDF2 Iterations
Item Types
Browser Extensions
CEOTS Pass runs on your own Cloudflare account. Every secret is encrypted client-side before it ever leaves the browser. The server never sees your master password or plaintext data.
AES-256-GCM encryption with PBKDF2 key derivation. Your master password is never transmitted or stored on the server.
Autofill credentials across Chrome, Firefox, Safari, and Edge. Auto-save new logins and generate passwords inline.
Native app for Windows, macOS, and Linux. System tray, global shortcuts, biometric unlock, and offline access.
Terminal-native password access. Copy to clipboard with auto-clear, generate passwords, and manage your vault from the command line.
Site credentials with autofill, password history, and strength scoring.
Card details encrypted at rest. Autofill checkout forms across the web.
Encrypted freeform text for API keys, recovery phrases, or any sensitive data.
Store personal details for form autofill — name, address, phone, email.
FIDO2 passkey storage for passwordless authentication on supported sites.
Seven layers of defense protect your vault from compromise, from OAuth authentication through real-time breach monitoring.
Auth0 integration via auth.ceots.io with session-based access control.
Time-based one-time passwords with backup recovery codes.
AES-256-GCM — data is encrypted before it leaves the browser.
PBKDF2 with 100,000 iterations and unique per-user salt.
Every action scored for risk (0-100) with anomaly detection.
Location and device anomaly detection with brute-force lockout.
Have I Been Pwned integration checks credentials against known breaches.
Three modes — random, pronounceable, and memorable. Configurable length, symbols, and complexity.
Unlimited folder hierarchy with drag-and-drop organization. Tags for cross-cutting categories.
Strength analysis, duplicate detection, weak password identification, and reuse alerts.
Attach encrypted files up to 5MB per item. Documents, keys, and certificates stored securely.
Generate disposable email aliases that forward to your real address. Revoke anytime.
Share items with time limits and one-click revocation. Recipients decrypt with their own key.
Migrate from 1Password, LastPass, Bitwarden, or browser-saved passwords in one step.
Built-in authenticator codes. No need for a separate 2FA app — your vault handles it.
CEOTS Pass ships as part of the core package. No extra cost, no per-seat pricing.
VIEW PRICING