Zecrypt Lab is a zero-knowledge, end-to-end encrypted password manager designed with privacy and user data security as its top priorities. We take security issues seriously and appreciate responsible disclosures that help us improve the application for everyone.
We actively maintain and patch security issues in the following versions:
| Version | Supported |
|---|---|
| Latest | β |
If you're not using the latest version, we recommend upgrading as soon as possible.
If you discover a security vulnerability in Secrets Lab, please do not create a public GitHub issue. Instead, report it privately to ensure the safety of our users:
- Email:
[email protected]
When reporting a vulnerability, please include:
- A clear and concise description of the issue.
- Steps to reproduce (if possible).
- Any potential impact or exploitation scenarios.
- Suggestions for a fix (if applicable).
We aim to respond to security reports within 72 hours and provide updates as we work toward a resolution.
- Initial Acknowledgement (within 48 hours).
- Verification & Impact Analysis.
- Patch Development and coordinated disclosure.
- Security Advisory Release via GitHub and official channels.
Secrets Lab is designed with security at its core:
- Zero-Knowledge Architecture: We do not have access to your passwords or encryption keys.
- End-to-End Encryption: All data is encrypted client-side before being sent to the server.
- No Raw Data Storage: We never log or store unencrypted secrets.
- Automatic Logout & Session Expiry
- Rate Limiting & Brute-force Protection
Weβre currently not offering monetary bounties, but all valid disclosures will be publicly credited (if desired) in our Security Hall of Fame.
We thank all security researchers and ethical hackers who help improve Secrets Lab. Your contributions help us build a safer digital future.
This project is open-source and available under the custom license, restricting commercial use. Please respect its terms when contributing or reusing.
Stay safe,
The Zecrypt Labs Team