Windows · Native · Local-First

VAULT

.OI

Encrypted secrets. Your machine. Zero cloud.

Vault.oi is a Windows-native secrets manager that stores, encrypts, and injects your API keys, tokens, and credentials locally —without ever touching a third-party server.

Download for WindowsSee Features
vault.oi — cmd
add to path%LOCALAPPDATA%\Programs\Vault.oi\
clivault.oi.exe --cli keys list
clivault.oi.exe --cli keys reveal --id 1 --yes true

CLICK TO CRACK

VAULT.OIUNLOCKED⌕ Search secrets...default.vlt ▾+ NEWNAMETYPELAST USEDGITHUB_TOKEN••••••••••••••••••••API Key2m agoAWS_SECRET_ACCESS_KEY••••••••••••••••••••Cloud1h agoSTRIPE_SECRET_KEY••••••••••••••••••••Payment4h agoJWT_SECRET••••••••••••••••••••Auth12h agoDATABASE_URL••••••••••••••••••••Database1d agoSSH_PRIVATE_KEY••••••••••••••••••••SSH3d agoGATEWAY: ACTIVE6 secrets · default.vlt · AES-2560102030405060708090------LOCKED VAULT.OI
01 / Features

Built Different.

01/06

Local-First Encrypted Storage

AES-256 encryption at rest. Your vault file lives on your disk. No sync, no cloud, no exposure.

02/06

Port Gateway Monitor

Watch for suspicious outbound connections. Know when your secrets are in use.

03/06

CLI + ENV Injection

Inject secrets into any process environment at runtime. No .env files left on disk.

04/06

Universal Secret Types

API keys, SSH keys, database URLs, certificates, tokens — every secret type supported.

05/06

Zero-Cloud Architecture

We have no servers to breach. No accounts. No telemetry. Nothing leaves your machine.

06/06

Local Audit Log

Every access, every unlock, every injection — logged locally. Full accountability with zero exposure.

Vault.oi
Search secrets...
API KeyGITHUB_TOKEN
ghp_••••••••••••••
CloudAWS_SECRET_ACCESS_KEY
AKIA••••••••••••••••
PaymentSTRIPE_SECRET_KEY
sk_live_••••••••••••
AuthJWT_SECRET
••••••••••••••••••••
DatabaseDATABASE_URL
postgres://••••••••
SSHSSH_PRIVATE_KEY
-----BEGIN ••••••••
GATEWAY: ACTIVE·6 secrets · vault default.vlt
02 / Architecture

YOUR MACHINE.
YOUR RULES.

  • No sync daemon. Vault.oi reads your encrypted vault file directly from disk. No background process polling cloud APIs.
  • Memory-safe injection. Secrets are decrypted in-process and injected into child process environments. They never hit the filesystem unencrypted.
  • Audited locally. Every operation is logged to a tamper-evident local audit trail. You own the logs.
03 / Philosophy
"If your secrets touch a third-party server, they're not your secrets anymore."

We built Vault.oi because every alternative requires trust — trust in a vendor, a cloud provider, a sync service. Vault.oi requires trust in no one but yourself. Your vault is a file on your drive. Your key never leaves your machine. That's not a feature. That's the architecture.

04 / Download

SEAL YOUR SECRETS.

Windows 10+ · Native Application · No Account Required

Download Vault.oi — Free
AES-256 Encrypted100% LocalNo TelemetryNo Accounts