pack 04 · plumo vault

secrets, kept softly.

a password manager and secrets vault for you and your team — shared credentials, ssh keys, api tokens, 2fa codes. end-to-end encrypted. think 1password, but quieter and more thoughtful.

vaults

a quiet keyring for you and your team.

your personal vault for your own passwords. shared team vaults for the credentials that belong to a project. nothing crosses without a deliberate choice — and the blob is always asleep, so you know your secrets are safe.

  • personal vaults — never visible to anyone else
  • shared team vaults, scoped to projects
  • family vault for the home stuff that's not work
  • quiet, sortable views — no dashboard pressure
shared credentials

share without sharing the password.

teammates get access, not the plaintext. revoke instantly. soft access trails show who used what, when — never as surveillance, only as memory. integrated with plumo HR so when someone offboards, their access does too.

  • per-item permissions: read, fill, edit, manage
  • soft access trails — quiet, never weaponized
  • instant revoke + automatic on offboarding
  • biometric unlock on mac & iphone
secrets & keys

api tokens, ssh keys, the whole technical kit.

not just passwords. plumo vault holds the things developers actually need shared — api tokens, ssh private keys, certificate bundles, database urls. typed and structured, never just a sticky note.

  • typed entries: password, ssh, api, token, env, note
  • CLI for piping secrets into your shell scripts
  • browser autofill for the web logins
  • password generator with sensible defaults
end-to-end encryption

we can't read your vault. we don't want to.

everything in plumo vault is encrypted on your device before it touches our servers. we don't hold the keys. if someone breaches plumo tomorrow, your secrets are still secrets — we can't decrypt them either.

  • client-side AES-256-GCM with per-vault keys
  • zero-knowledge architecture — plumo never sees plaintext
  • master password never leaves your device
  • recovery kit you store yourself — we don't keep one
read the trust page
your secrets next

a keyring you'll actually use.

free forever for one person. $6/mo for your team. e2e from the first password to the last. start importing from 1password, lastpass, or a csv — plumo doesn't care where you came from.

migration from 1password / lastpass · one-click import.
hello.