KeyMask is an end-to-end encrypted text vault. Guard everything with one recovery phrase, with ciphertext stored in your own Google Drive — no one but you can read what's inside.
Content is sealed with AES-256-GCM in your browser before it leaves the device; Google Drive and our servers only ever see ciphertext — a breach reveals nothing.
Ciphertext goes straight into your own Google Drive, using free space you already have — we never touch your storage or charge you.
The whole stack is public and auditable — verify the end-to-end crypto line by line, no backdoors. No account, no subscription, and self-hostable.
Your plaintext and key stay in your browser. Only ciphertext ever leaves the device.
Generate or enter a BIP39 recovery phrase — that's your master key.
The phrase derives an AES-256 key, right in the browser.
Plaintext is sealed with AES-256-GCM.
Your phrase, derived key and plaintext live only here — never uploaded.
Only your recovery phrase can unlock it.
ark is the KeyMask command-line client. Log in and import your phrase, then read and write your vault from the terminal — pull .env files, API keys and configs in and out. Just like the web app, all encryption and decryption happen on your device; the cloud only ever sees ciphertext. Built for developers and scripts / CI.
# One line, cross-platform:
$ npm install -g @keymask/cli
$ ark login
$ ark import
$ ark get github.com/me/app/.env .env
Yes. KeyMask is free and open source — an end-to-end encrypted vault for passwords, keys, and secrets. You store the encrypted data in your own cloud drive, with no paid tier.
No. Encryption and decryption happen only in your browser, using a key derived from a BIP39 phrase you control. The server only handles ciphertext it cannot read.
KeyMask is an end-to-end encrypted vault for sensitive text and secrets, not an autofill manager. It is built for people who want auditable, self-custody encryption.
Yes. The app is open source and self-hostable, and your encrypted data lives in your own Google Drive or Baidu netdisk.