Hosting
We run it. You own it. Pick your region — your data stays there.
The problem
A password manager that blocks AI agents is useless in 2025. But one that hands them everything is a liability. The question is: how do you give Claude access to your GitHub token without giving it access to your bank password?
Sealed fields
Passwords and private notes are encrypted on your device with a key derived from your fingerprint or hardware token. We store a locked box. No key ever reaches our servers — not a court order, not your AI assistant. Sealed fields require your physical presence to unlock.
Agent fields
Fields you designate as agent-accessible are encrypted on our servers. You issue scoped tokens — Claude gets your GitHub token, nothing else. Revoke at any time. The agent never touches sealed fields, no matter what.
Why Zürich
Sealed fields are protected by math — where the server sits doesn’t matter. But agent fields live on a server in a jurisdiction. A US server is subject to the CLOUD Act. Zürich, Switzerland is subject to Swiss law — which does not cooperate with foreign government data requests. No backdoors. Both layers protected.
Self-hosted · US
Your server, your rules — until a court says otherwise. CLOUD Act applies to US persons regardless of encryption.
Self-hosted · anywhere
Full control. Your infrastructure, your jurisdiction. The right choice if you know what you’re doing.
Hosted · Zürich, Switzerland
Swiss law. Swiss courts. Capital of Privacy. No CLOUD Act. No backdoors. We handle the infrastructure — you get the protection.
Four ways in. Each one designed for a different context. All pointing at the same encrypted store.
Claude, GPT, or any MCP-compatible agent can search credentials, fetch API keys, and generate 2FA codes — scoped to exactly what you allow.
Autofill passwords, generate 2FA codes inline, and unlock L2 fields with Touch ID — without leaving the page you're on.
Pipe credentials directly into scripts and CI pipelines. vault get github.token — done.
REST API with scoped tokens. Give your deployment pipeline read access to staging keys. Nothing else.
The competition
Real complaints from real users — about 1Password, Bitwarden, and LastPass. Pulled from forums, GitHub issues, and Hacker News. Not cherry-picked from our own users.
1PASSWORD — Community Forum
"The web extensions are laughably bad at this point. This has been going on for months. They either won't fill, wont' unlock, or just plain won't do anything (even clicking extension icon). It's so bad"
— notnotjake, April 2024 ↗✓ vault1984: No desktop app dependency. The extension talks directly to the local vault binary — no IPC, no sync, no unlock chains.
BITWARDEN — GitHub Issues
"Every single website loads slower. From Google, up to social media websites like Reddit, Instagram, X up to websites like example.com. Even scrolling and animation stutters sometimes. javascript heavy websites like X, Instagram, Reddit etc. become extremely sluggish when interacting with buttons. So for me the Bitwarden browser extension is unusable. It interferes with my browsing experience like malware."
— julianw1011, 2024 ↗✓ vault1984: Zero content scripts. The extension injects nothing into pages — it fills via the browser autofill API only when you ask.
LASTPASS — Hacker News
"The fact they're drip-feeding how bad this breach actually was is terrible enough... Personally I'm never touching them again."
— intunderflow, January 2023 ↗✓ vault1984: Self-host or use hosted with L2 encryption — we mathematically cannot read your private fields. No vault data to breach.
1PASSWORD — Community Forum
"Since doing so, it asks me to enter my password every 10 minutes or so in the chrome extension"
— Anonymous (Former Member), November 2022 ↗✓ vault1984: WebAuthn-first. Touch ID is the primary unlock. Session lives locally — no server-side expiry forcing re-auth.
BITWARDEN — Community Forums
"the password not only auto-filled in the password field, but also auto-filled in reddit's search box!"
"if autofill has the propensity at times to put an entire password in plain text in a random field, autofill seems like more risk than it's worth."
— xru1nib5 ↗✓ vault1984: LLM field mapping. The extension reads the form, asks the model which field is which — fills by intent, not by CSS selector.
BITWARDEN — Community Forums
"Bitwarden REFUSES to autofill the actual password saved for a given site or app...and instead fills an old password. It simply substitutes the OLD password for the new one that is plainly saved in the vault."
— gentlezacharias ↗✓ vault1984: LLM field mapping matches by intent. Entries are indexed by URL — the right credential for the right site, every time.
All quotes verbatim from public posts. URLs verified. View sources →
No tiers. No per-seat. No "contact sales." Two options.
Forever. MIT license.
One binary, your machine, your data. Full source on GitHub.
We manage it. You use it.
New York, Amsterdam, Frankfurt, Helsinki. Pick your region.