Security is not just a selling point.

It's our culture. Keyport is the most secure password manager on the planet. No matter who you are, we've got you covered. Here's how we make our secret security sauce.

Learn more

Join the Waitlist

Picture of woman with child on countertop with Surface Pro laptop

Picture of teenage girl in bedroom with laptop

Picture of two women in an office setting with a laptop

Picture of man in cafe on laptop and talking on phone

Encryption at every step.

Rest assured knowing that your data is safeguarded by unparalleled security measures when stored in your Keyport Vault. Keyport uses only the most cutting-edge encryption technology, ensuring that your data is encrypted at-rest, in-transit, and on your devices.

Your data is always private: No one (including us) can see your websites or passwords. We don't read your data, use it, or sell it. You're the customer, not the product.
Two locks, for good measure: Data in transit to or from your device gets it's own special transport. We sign all payloads and then double encrypt them for transport.
Authenticated, encrypted storage: Data stored in our secure data centers is fully encrypted, both in it's at-rest form, and with robust on-disk encryption.
The good kind of zero trust: We utilise a zero-trust model for all data. Keyport doesn't even trust the data in it's own internal application stores, decrypting and authenticating it every time it's used.

Datacenters, locked down.

The physical security of your data is of paramount importance to us. We work with our infrastructure partners to ensure the most stringent measures are implemented and observed. Access to datacenters is controlled, with buildings and physical machines monitored 24/7.

High security sites.: Video surveillance, security patrols, ballistic panels, electronic access control, and precise environmental management all contribute to a tightly controlled security ecosystem in each site.
Fully compliant datacenter partners.: ISO/IEC 27001, 27017, 27018, and 27701, SOC 1, SOC2, SOC3, and CSA STAR certified.

Photo of Advena datacenter where Keyport data is stored

You're in full control.

Your data is always yours. We don't access, share, or sell your data, ever. It's always easy to switch.

Switch whenever you want.: You can export your accounts and passwords out of Keyport at any time.
Two-factor authentication secrets, exportable.: Easily move your two-factor authentication secrets to another app.
GDPR compliant.: Keyport is GDPR compliant, so you're always in the driver's seat when it comes to your information.

TL;DR: Keyport is super secure.

We prioritize the security of your data above all else. Our advanced encryption and rigorous access controls ensure your information is safe both physically and digitally. With our commitment to security and compliance, you can rest easy knowing your data is in good hands.

Join the waitlist.

Like a fresh batch of hot cakes, interest in Keyport is selling like.. well, you get the idea.

Join the waitlist today for the chance to be selected for our alpha and beta testing programs, which comes with a whole year of Keyport for free! Even if you aren't able to join us in alpha or beta, you'll still get 2 months of free Keyport when we launch, just by joining the waitlist

Technical details.

Hi there, fellow nerd. We're super proud of Keyport's security stack, so we've made some technical information available about how we lock down data.

Can't find what the answer you're looking for? Customer Relationship Team

Transport layer security: Application data moving in and out of our network externally is encrypted using TLS 1.3. Keyport's public authentication, assertion, and data exchange endpoints, and APIs do not support any version of TLS older than TLS 1.3.
Data at rest: Customer data is encrypted and authenticated at rest using AEAD-XChaCha20-Poly1305-IETF. It is stored on dedicated, highly-available database servers in our Sydney (Australia) datacenters, which are physically secure. When data is retrieved from storage, it is authenticated before being processed for delivery to Keyport applications/clients.
Disk encryption: We use LUKS2 (AES-XTS-Plain64:SHA256 with a 512-bit key) for full disk encryption. All sensitive customer data is encrypted at Layer 7 in addition to FDE.
Device/client authentication: During initial device/client setup, Keyport clients provide a public key to the Keyport attestation service. The attestation service uses this public key to encrypt a challenge token which is sent to the client for authentication. The device/client private key never leaves the client and is stored in a secure application scope. The client will use the keypair in all subsequent communications with Keyport web services.
Tripple-wrapped transport encryption: Vault data, including encrypted passwords, are RSA-encrypted prior to being transported via HTTPS (TLS 1.3). This is done using the public key provided by the client during the authentication process. This way, all communication from Keyport's data exchange services to Keyport clients are tripple-encrypted.
Data on devices: All Keyport data remains encrypted on your device/client, and is stored in a secure application scope which is inaccessible by other apps, websites, and extensions.
Datacenter security: If you need more information regarding the physical security of our datacenters, please refer to Equinix's documentation (scroll down to IBX Data Center Physical Security).
Employee access to data: Advena (Keyport's parent company) maintains a strict Protective Security Policy Framework (PSPF) which, in conjunction with other internal policies, data controls, and monitoring surfaces, tightly regulates employee access to customer data. Except in limited, function-critical cases, Advena employees cannot access customer data, including data related to Keyport customers.