Deterministic Security for Digital Credentials.

Client-side Argon2id key derivation and AES-GCM-256 encryption. A secure, zero-knowledge vault designed for technical integrity.

Initialize Vault Technical Specs
Entrust Key Vault Interface showing encrypted records and security categories
Entrust Key Password Generator with entropy indicators and custom rules

Zero-Knowledge Architecture

Data is encrypted locally using keys that never leave your device.

Client-Side Encryption

Credentials are protected with AES-GCM-256 before being synchronized to the cloud.

Rust & WASM Engine

Core cryptographic operations are executed in a memory-safe Rust environment via WebAssembly.

Native Integration

Full support for Windows, macOS, and Linux with cross-browser extension synchronization.

One Vault. All Platforms.

Seamlessly synchronize your secure environment across desktop and browser.

01

Desktop Primary

The source of truth. Manage high-security assets and generator profiles in a hardened native environment.

02

Browser Bridge

Inject credentials directly into your workflow with the Chrome and Firefox extensions. Zero-copy transfer.

03

Deterministic Sync

Your vault stays updated across devices using an encrypted, deterministic state reconciliation algorithm.

Entrust Key Security Audit Logs and Transaction History

Hardened Security Protocols

We prioritize technical transparency over marketing buzzwords. Our security stack is built on verified cryptographic standards.

Key Derivation Argon2id (64MB, 3 iterations)
Encryption AES-GCM-256
Authentication Biometric / FIDO2

The Deterministic Advantage

How Entrust Key redefines credential management for the technical user.

Feature
Entrust Key
Traditional Managers
Key Derivation
Client-Side Argon2id
Server-Side PBKDF2
Vault Logic
Deterministic WASM Core
Generic JS/JSON
Telemetry
Zero (Strict Opt-Out)
Heavy Analytics
Encryption
AES-GCM-256 + MAC
Varies (Often CBC)

Hardware-Hardened

Our core cryptographic engine is optimized for native hardware. We prioritize technical integrity and verifiable security protocols.

Local-First Architecture

Access your vault offline. No constant pinging to a central server required for basic utility.

Technical FAQ

Your master password never touches our servers. We use Argon2id to derive an encryption key directly on your hardware. This key is used for all AES-GCM-256 operations.

Due to our zero-knowledge architecture, we cannot reset your password. We recommend backing up your encrypted vault export in a secure secondary location.

Currently supporting Windows and macOS with a Linux native build in beta. Browser extensions are available for all Chromium-based browsers and Firefox.

Deploy your secure vault.

Download for Desktop Browser Extension

Designed for security-conscious developers. Last updated: May 7, 2026.

Architected by Entrust Security Team.