Plugs into the stack
you already run.

React 19 SPA. Works in any modern browser. The primary surface for managing items, teams, and policies.

MV3-native. One-click autofill, quick item search, password generator inline. Locked to your Vault domain.

Desktop process for biometric unlock. Touch ID, Face ID, Windows Hello. Seals KEK in OS keychain.

Native mobile clients with face/fingerprint unlock. On the roadmap behind a tested API surface.

Add a TOTP factor on the vault itself. Works with Google Authenticator, Authy, 1Password, anything compliant.

Hardware key (YubiKey, Titan) and platform passkey support. Phishing-resistant by construction.

Bounce login through your IdP — Okta, Azure AD, Google Workspace, OneLogin. Keeps the vault inside your existing access policies.

Auto-provision and deprovision users from your IdP. Off-boarding revokes vault access immediately.

Bring vaults across in one upload. Categories, custom fields, attachments, all preserved.

CSV import with auto-detection of categories. Test it locally before the cutover.

JSON / KDBX import. Same field model — minimal mapping needed.

Pull your data anytime. Plain export shows you exactly what we hold.

Stream the append-only audit log to your SIEM (Splunk, Datadog, Sumo, ELK).

Get notified on item creation, share, unshare, MFA events. Push to Slack, PagerDuty, custom endpoints.

Tamper-evident log — any modification breaks the chain. Target for next quarter.

Public API for items, orgs, sharing. JWT-authed. OpenAPI spec in the repo.

centilio vault — script secret retrieval into CI/CD without baking credentials into images.

Manage orgs, policies, and shared items as code. Roadmap.