Source Code
Privault is fully open source. Every cryptographic operation, every security policy, every line of code is available for public inspection and audit.
View on GitHubCore Modules
crypto-engine
/lib/crypto
AES-256-GCM encryption/decryption, PBKDF2 key derivation, and IV generation using the Web Crypto API.
vault-manager
/services/vault
Client-side vault CRUD operations, encrypted payload serialization, and Supabase sync layer.
auth-module
/components/auth
Authentication flows, session management, and master password verification without server exposure.
entropy-generator
/lib/password-gen
CSPRNG-based password generation with configurable entropy, character class selection, and strength analysis.
rls-policies
/database/migrations
Row-Level Security schemas ensuring per-user data isolation at the PostgreSQL layer.
middleware
/middleware.ts
Security headers, CSP nonce injection, route protection, and request validation pipeline.
Why Open Source
Security through obscurity is not security. By making our entire codebase publicly auditable, we invite the global security community to verify our claims. Every cryptographic operation, every data flow, every server interaction can be independently inspected. Trust is not demanded — it is mathematically verifiable.