Most password managers protect their database. We do too — and then we go further. Here is the same vault, viewed from your laptop and viewed from our servers.
If our database is breached tomorrow, an attacker walks away with the right-hand column. Item names, URLs, notes, and passwords are inside the envelope — and the envelope is sealed with a key we do not have.
§02Threat model
Specific scenarios, specific outcomes.
We will not promise that SafeLane is “secure”. We will tell you what we have engineered for, and what we have explicitly not.
ScenarioMost password managersSafeLane
Our database is breached.
Plaintext passwords exposed
Ciphertext only. Attacker needs every customer’s passphrase to read anything.
A SafeLane employee turns hostile.
Could query the database, read items
Cannot decrypt your vault. KEKs do not exist on our infrastructure.
We receive a subpoena.
Hand over plaintext records
Hand over ciphertext and timestamps. That’s what we have.
Your laptop is compromised.
Vault accessible while unlocked
Same. End-to-end is not magic. We auto-lock after idle and never persist your passphrase.
You forget your passphrase.
Helpdesk reset, email recovery
Vault is unrecoverable. We cannot reset what we cannot read. Print your recovery code.
Four moments. None of them require us to see what's in your vault.
01248 ms
You enter your passphrase
A long phrase you can remember. SafeLane never sees it — not at sign-up, not on sign-in, not ever. It lives in your head and your browser's volatile memory.
0232 + 32 B
Your browser derives two keys
Argon2id stretches the passphrase into an auth key (proves who you are) and a key-encryption key (stays on your device, decrypts your vault).
03AES-GCM
Items are sealed before they leave
Each item is encrypted under a per-vault data-encryption key, itself wrapped by your KEK. We receive envelopes — opaque ciphertext, plus length and timestamp.
0438 ms
You sign in, on any device
The server hands back your wrapped key and your ciphertext. Your browser re-derives the keys, unwraps, decrypts — without telling us what it found.
§04Open by design
Documented. Versioned. Yours to export.
Our envelope format is a single page of specification, not a black box. You can read it, criticise it, fork it, and — if you ever leave us — take your data with you in the same shape we stored it.
What our server stores for a single vault item — after sealing on your device. Every field below is either ciphertext, a public parameter, or authenticated metadata.
version
2
envelope_v2
kdf
Argon2id
t = 3 · m = 64 MiB · p = 4
cipher
AES-256-GCM
authenticated encryption
nonce
12 bytes
random, per item
ciphertext
variable bytes
plaintext payload + auth tag
associated_data
item_id, created_at
authenticated, not encrypted
wrapped_dek
40 bytes
sealed under your KEK
Envelope spec at usesafelane.com/security#envelopeOpen for review · forks welcome
§05Pricing
One plan. One price. No surprises.
We don't have a free tier funded by advertising. We don't have an enterprise tier that gets the real security features. We have one plan, one price, and you can leave whenever you like.