End-to-end encrypted, zero-knowledge

The credentials vault built for servers

Server Stash is the encrypted vault for IPs, ports, sub-accounts, and the commands you actually run.

Start for free Live demo

Personal Work Shared Archive

Production server

IP

192.168.1.42

Username

admin

Password

∗∗∗∗∗∗∗∗∗∗

Database

URL

db.example.com…

Username

dbuser

Password

∗∗∗∗∗∗∗∗∗∗

CLI

sudo systemctl status nginx

docker compose restart

git pull origin main

API

Username

apiuser

Password

∗∗∗∗∗∗∗∗∗∗

Port

8080

The problem

A server isn't a login

It's an IP, a port, a database URL, four sub-accounts, three jump hosts, and the six commands you forget every time you SSH in.

Real server fields

IP, port, sub-accounts, jump hosts. The fields you actually need, not just username and password.

Commands at hand

Pin the commands you reach for at 2am. One click to copy, right next to the credentials they need.

One tab per project

Group related credentials by app, environment, or client. Switch context the way you actually work.

We can't read it

Encrypted in your browser before it ever reaches our servers. Even we can't see what's inside.

The encrypted vault for servers

Server Stash is an end-to-end encrypted credentials vault built specifically for servers. Where typical password managers are designed around browser logins, Server Stash organizes the things that actually make up a server: IPs, ports, usernames, passwords, sub-accounts, database URLs, and the CLI commands you run often, all grouped into per-project tabs. Everything sensitive is encrypted in the user's browser before it reaches the server, using AES-256-GCM with a key derived from a master password that never leaves the device. The server stores only ciphertext and cannot decrypt user data. It's build for solo developers and sysadmins.

How it works

How to store your credentials on Server Stash

1 / Set a master password

Your password or key is never saved

We derive your encryption key from it locally, we don't see the password, we don't see the key. Lose it, and your data is unrecoverable. That's the guarantee.

2 / Add a project

One tab per server or app.

Add cards for each role: main server, database, scraper, whatever you've got. Pin the commands you run most, alongside the credentials they need.

3 / Access from anywhere

Sign in from any browser.

Ciphertext syncs from our server, your master password unlocks it locally. Nothing readable ever crosses the wire.