How Vaultr Vault Encryption Works: Argon2id, AES-256-GCM and HKDF
How Vaultr vault encryption works: Argon2id key derivation, HKDF-SHA256 sub-keys, and AES-256-GCM, all client-side so the server holds only ciphertext.
Overview
Vaultr is a self-custody crypto super-app. Its vault uses a layered, client-side cryptographic pipeline so the server only ever stores ciphertext, never your passwords or plaintext secrets.
Every secret you store — across up to 16 vault slots, each with its own password — is protected by the same chain:
- Key derivation (Argon2id): Your password is stretched into high-entropy key material.
- Key expansion (HKDF-SHA256): That material is split into three purpose-specific sub-keys.
- Authenticated encryption (AES-256-GCM): Your data is sealed and integrity-protected.
All of this happens on your device.
Quick answer
Vaultr derives a strong key from your slot password using Argon2id with OWASP-recommended parameters:
- 256 MB memory
- 4 iterations
- 2 parallelism
It then expands that key with HKDF-SHA256 into three sub-keys:
- Encryption key
- Authentication key
- Database key
Your data is sealed with AES-256-GCM using a 12-byte random nonce and a 16-byte authentication tag. All encryption and decryption run client-side, so the server only stores ciphertext.
1. Overall encryption pipeline
When you unlock a vault slot, Vaultr runs three stages locally on your device:
- Key derivation (Argon2id)
- Takes your slot password.
- Produces high-entropy key material using a slow, memory-hard function.
- Key expansion (HKDF-SHA256)
- Takes the Argon2id output.
- Derives three separate sub-keys: encryption, authentication, and database.
- Authenticated encryption (AES-256-GCM)
- Uses the derived keys to encrypt your data.
- Produces ciphertext plus an authentication tag.
Because every stage runs client-side, Vaultr’s servers never see:
- Your slot passwords
- Your derived keys
- Your plaintext vault contents
Didn’t find what you needed?
Back to the Knowledge Base