P.S. Vault P.S. Vault
P.S. Vault

Your final message,
safely delivered.

P.S. Vault is a self-hostable dead man's switch. Store encrypted vaults containing passwords, accounts, and documents. If you stop checking in, your vaults are automatically delivered to the people you trust.

Get started View on GitHub

Free and open source — AGPLv3

P.S. Vault is a personal tool for sharing information with loved ones. It is not a substitute for a legal will or estate plan.

Privacy first

Zero-knowledge encryption

Your vault contents are encrypted on your device before they ever leave it. The server stores only ciphertext. Even the person running the server cannot read your data.

  • No cloud accounts required — you host it yourself
  • No telemetry, no analytics, no third-party services
  • All encryption happens in your browser (WebCrypto API)
  • Files encrypted client-side before upload
  • The server never sees your password, your keys, or your vault contents

Key hierarchy

Your Password

→ Argon2id → Master Key

never leaves your device

Per vault:

→ Random Content Key (CEK)

→ CEK encrypted with Master Key

→ Entries encrypted with CEK

Per beneficiary:

→ Access Key from shared secret

→ CEK encrypted with Access Key

wrong secret = decryption fails

How it works

1

Create your vaults

Store passwords, accounts, documents, and anything else your loved ones may need. Everything is encrypted before it leaves your device.

2

Check in regularly

Set a check-in interval — daily, weekly, monthly, up to a year. You'll receive reminders. A simple click or login counts as a check-in.

3

Vaults are delivered

If you stop checking in, your named beneficiaries receive a secure link to access only the vaults you assigned to them.

Features

9 entry types

Logins, secure notes, files, contacts, financial accounts, cards, identity documents, crypto wallets, and custom fields.

Escalating reminders

Three levels of reminders before trigger, plus an abort window after trigger fires — giving you every chance to cancel.

TOTP multi-factor auth

Works with Google Authenticator, Authy, 1Password, and any TOTP app. Eight single-use backup codes included.

Version history

Every entry keeps its last 10 versions. View diffs and restore any version at any time.

Preview as beneficiary

See exactly what your beneficiary will see before any trigger. Verify the experience is right.

Import from password managers

Import from 1Password, Bitwarden, LastPass, KeePass, or any CSV. Processed entirely client-side.

Recovery key

A 24-word BIP39 mnemonic lets you recover your vaults even if you forget your password.

Admin panel

User management, email queue, audit log, SMTP config, storage backends, branding, and invite codes.

S3-compatible storage

Store encrypted files on local disk, AWS S3, Backblaze B2, Cloudflare R2, or MinIO.

Self-host in minutes

A single docker compose up gets you running with PostgreSQL included. All configuration is via environment variables. Migrations run automatically on startup.

Read the docs

P.S. Vault is free, open source software built and maintained by a single developer.

Support development on Ko-fi