Prism is a local-first, end-to-end encrypted security manager. Keep your passwords, credit cards, secret notes, and developer secrets in one encrypted file on your device — no account, no server, no telemetry.
On a phone? Prism is free on Mac, Windows & Linux — a great place to start.
The cryptography is the cold engineering reason to use Prism. Here are the warmer ones — what it actually feels like, day to day, to stop carrying your passwords around in your head.
You stop running through old variations in your head at the login screen. You stop worrying about which version you used where. Prism keeps every account, every weird security question, every odd email alias — and hands you the right one when you need it.
The post-it under the keyboard. The same password on six sites. The list living in your phone's Notes. None of it was your fault — you just didn't have a better option. Prism is that better option, quiet enough that the old habits fall away on their own.
Export an encrypted copy to a USB stick, an external drive, or a friend's cloud account — it's still unreadable without your master password. Prefer something physical? Print a PDF of your passwords for a fireproof box at home (Prism asks twice before doing anything in cleartext).
Most security tools ask you to trust them. Prism is designed so you don't have to — because there's nothing to trust us with.
Your vault lives on your device as a single encrypted file. No accounts to create. Nothing to host. Nothing for anyone to lose.
Your master password derives the key on your device. It never crosses a network. We literally cannot decrypt, recover, or reset your vault.
Cloud sync, breach checking, site icons — every network request is a toggle. No analytics, no crash reports, no identifiers. Period.
Save your passwords, generate strong new ones, spot the weak or leaked ones, and sync between your devices when you want to. Then keep the rest of your sensitive bits in there too — Prism is built for all of it.
Prism started as a password manager. It now holds anything else you'd rather not leave on a sticky note, in a Notes app, or in a half-shared spreadsheet.
Save card numbers, expiry dates, security codes, and billing addresses — all encrypted the same way as your passwords. One tap to copy a number into a checkout form. Nothing stored in cleartext on disk.
A safe place for anything you'd otherwise leave in a Notes app — recovery codes, account hints, contract numbers, that wifi password the landlord scribbled on a napkin. With sync on, a note saved on your laptop is on your phone moments later — still end-to-end encrypted the whole way.
API keys, database URLs, deploy tokens, .env entries — store them with a name, a value, and an optional project tag. Copy any value with one click. Sync them across the machines you actually code on, without leaving them lying in your home directory.
Generate something random and impenetrable — or switch on pronounceable mode and get a phrase you can actually dictate over the phone. Seven languages of wordlists, your choice of separators.
Prism scans your vault locally for weak, short, and reused passwords. Turn on breach checking and it'll also tell you which entries have shown up in known data leaks — using a hash technique that never sends your actual password anywhere.
Prism can run fully offline. If you turn on sync, your already-encrypted vault file is uploaded to a hidden, app-private folder on your Drive — Prism cannot see or touch the rest of it. Disconnect any time.
Unlock with Face ID or your fingerprint. The biometric never reaches Prism — the OS keychain stores a wrapped key on the device. Lose the phone, lose nothing (as long as cloud sync is enabled).
Four steps. No magic. The same cryptography banks and governments rely on — running entirely on the device in your hand.
Typed only on your device. Never sent anywhere — not to us, not to a server. It exists only in memory while the vault is open.
in your head A modern, memory-hard function turns your password into a 32-byte key. Salt and parameters are stored in the vault file so they can rotate.
Argon2id The key encrypts your entries with authenticated encryption. Anyone reading the file without the key sees noise — and can't tamper with it undetected.
XChaCha20-Poly1305 Atomic writes mean a crash can't corrupt it. If sync is on, this same encrypted blob (and only this blob) is what gets uploaded.
.prism file Two parts of Prism are worth a quick mention — not because you need them to use the app, but because they're the reason it stays small, fast, and hard to break.
Instead of bundling an entire mini-browser inside the app — the way many cross-platform tools do — Tauri lets Prism use the one already built into your operating system. The result: a smaller download, less memory used while it runs, and a window that opens almost instantly.
All the parts that touch your master password and your vault are written in Rust. Rust catches a whole family of subtle mistakes — like accidentally leaving a secret in memory after it's been used — before the app is even built. That means fewer cracks for an attacker to slip through, and less surface area for the kind of bugs that turn into security incidents elsewhere.
Prism's interface, password generator wordlists, and security advice are all fully localized. Switch any time from the top of the app.
Including the one about forgetting your master password — which we get a lot.
You lose access to the vault. This isn't a missing feature — it's the whole point. Because we never receive your password and never hold a recovery key, there's nothing for anyone to steal, subpoena, or accidentally leak. Choose a master password you can remember, and write it down somewhere physically safe if you need to.
Completely. The vault is a file on your device — encrypting, decrypting, generating passwords, and running the security audit all happen locally. Only three things ever touch the network, and all three are opt-in: cloud sync, fetching site icons, and breach checking.
Prism hashes your password locally, sends only the first 5 characters of that hash to Have I Been Pwned, and checks the response on your device. Your actual password — and even your full hash — never leaves the machine.
In a hidden, app-private folder on your own Google Drive. Prism is sandboxed to that folder by Google's API — it can't see or touch the rest of your Drive. You can revoke access in your Google account settings any time.
Yes. Turn on Google Drive sync and Prism keeps the encrypted file in step across your machines. When two devices edit at once, Prism shows an explicit conflict banner — no silent overwrites.
No. No usage stats, no crash reports, no identifiers, not even anonymized.
The desktop app — macOS, Windows, and Linux — is free, with no account and no subscription. The iOS and Android apps are a one-time 4.99 € purchase on their app stores: you pay once, there's nothing recurring, and your data is never sold or monetized either way.
The desktop apps are almost ready — the first releases are landing very soon. Check back shortly, they'll be free and need no account.