Getting Started

How to store passwords, seed phrases, and 2FA codes in your Vaultr vault

Store passwords, seed phrases, private keys, TOTP 2FA secrets, API keys, and secure notes in Vaultr's secrets manager, all encrypted client-side.

Quick answer: Vaultr’s built-in secrets manager lets each vault slot store passwords, seed phrases, private keys, TOTP 2FA secrets, API keys, and secure notes — all encrypted client-side so the server only ever holds ciphertext. Just unlock a slot, open the secrets manager, choose the secret type, enter the details, and save.

Vaultr is a self-custody crypto super-app where each account can hold up to 16 vault slots, each opened by its own password. Every slot includes a secrets manager, turning your vault into an encrypted store for your most sensitive credentials — not just crypto, but logins and recovery material too.

What can I store in the Vaultr secrets manager?

Each slot’s secrets manager can hold:

Everything you save is encrypted client-side, meaning the encryption happens on your device before anything is sent. The server stores only ciphertext and never sees your plaintext secrets.

How do I add a secret to my vault?

Follow these steps:

  1. Unlock the vault slot you want to store the secret in, using that slot’s password.
  2. Open the secrets manager within that slot.
  3. Choose the secret type — password, seed phrase, private key, TOTP 2FA secret, API key, or secure note.
  4. Enter the details (for example, the password value, the 12/24-word seed phrase, or the TOTP secret).
  5. Save. Vaultr encrypts the secret on your device with AES-256-GCM before storing it; the server receives only ciphertext.

Repeat for each credential you want to keep. Because each slot is a separate profile, you can keep different secrets in different slots.

How do I store a TOTP 2FA secret?

A TOTP (Time-based One-Time Password) secret is the seed behind the rotating 6-digit codes used for two-factor authentication. To store one:

  1. When a service shows you a 2FA setup screen, locate the secret key (often offered as text alongside a QR code).
  2. In Vaultr’s secrets manager, choose the TOTP 2FA secret type.
  3. Enter the secret and label it for the relevant service.
  4. Save — it’s encrypted client-side like every other secret.

Storing the TOTP secret in your vault keeps your 2FA seeds in the same encrypted, client-side-protected place as your other credentials.

Are my secrets safe if the server is breached?

Yes. Vaultr’s secrets are encrypted on your device with AES-256-GCM, and the server stores only ciphertext. A server-side breach exposes encrypted blobs, not your passwords, seed phrases, or keys. Decryption keys are derived from your slot password on your device and never leave it.

Additionally, because the server always reports every slot’s type as “normal,” an attacker can’t even tell which slot is your real one versus a decoy — so your sensitive secrets benefit from the same plausible deniability as the rest of your vault.

Should I use separate slots for different secrets?

You can. Each of your up to 16 vault slots is a fully separate profile with its own secrets manager. For example, you might keep work API keys in one slot and personal seed phrases in another, or place sensitive material in a hidden slot that isn’t even listed. This compartmentalization limits what’s visible if any single password is exposed.

FAQ

Does Vaultr ever see my plaintext secrets?

No. Encryption is client-side with AES-256-GCM, so the server only ever stores ciphertext. Your plaintext exists only on your device after you unlock the slot.

Can I store both crypto material and regular logins?

Yes. The secrets manager handles passwords, seed phrases, private keys, TOTP 2FA secrets, API keys, and secure notes — all in one encrypted place.

What encrypts my secrets?

Data is sealed with AES-256-GCM, with keys derived on your device. The server cannot decrypt your secrets.

Start organizing your passwords, keys, and 2FA seeds securely in the Vaultr vault.

Didn’t find what you needed?

Back to the Knowledge Base

Related reading

Creating your first vault profileSet up your first encrypted profile in Vaultr — choose a password, and you're ready to send, message, and store secrets.How to switch between profiles with long-press and quick-switchSwitch Vaultr profiles fast: long-press your avatar for the profile switcher (haptics on mobile) or double-tap to quick-switch to your last profile.How to manage notifications, quiet hours and webhooksTune Vaultr notifications per profile: push via FCM, APNs and Web Push, timezone-aware quiet hours, category and thread muting, plus signed webhooks.

Every other app asks you to trust it.
Vaultr trusts you.

Your vault. Your keys. Your messages. Your money. Your identity. Your rules. Get it on every platform — and if they’ve blocked the stores where you live, install the PWA and walk right in.

iOSApp StoreAndroidGoogle PlayInstall PWABlocked in your country? Install it anyway.Open on WebUse it in any browser