Share 2FA codes.
Never the secrets.
OTP Vault lets your team share two-factor codes without exposing the underlying secrets. Everything is encrypted in your browser before it reaches the server.

Features
Built like a bank vault.
Feels like the apps you love.
We can't read your secrets
Your 2FA accounts are encrypted in your browser before they leave your device. Even if someone accessed the database, it would be useless.
Codes stay out of sight
Copy-only by default. The 6-digit code lands in your clipboard and is wiped from memory moments later.
Share by team or project
Organize accounts by team, environment, or vendor. Each device gets its own securely wrapped key so access stays controlled.
Unique keys for every account
Each 2FA account gets its own encryption key, protected by your team's vault key. If one key is ever compromised, the rest stay safe.
Clear, tamper-evident audit log
Every access is recorded in a tamper-evident log. If someone tries to rewrite history, it shows up immediately.
Run it on your own server
Deploy with one command on the server you control. Connect it to your identity provider to manage users and teams.
How it works
Four simple steps. The server never sees a thing.
We wrap each secret in multiple layers of encryption. Even a full database breach would reveal nothing useful.
Start using OTP Vault- 01
Add a 2FA account
In the browser, we create a unique key just for that account and lock the secret with it.
- 02
Lock it with your team's key
That account key is then encrypted with your team's vault key — which only lives on approved devices.
- 03
Store it encrypted
The server receives encrypted data only. No raw secret, no account key, no vault key. It stores what it cannot read.
- 04
Paste the code when you need it
On an approved device, the 6-digit code lands in your clipboard. All keys are wiped from memory moments later.
In use
Teams that stopped
pasting codes into Slack.
“We ripped a shared 2FA spreadsheet out of Notion the day we deployed this. Devs stopped complaining, security stopped losing sleep.”
“Copy-only codes are the killer feature. Nobody types anything, nobody screenshots anything, and secrets never touch the screen.”
“Self-hosted, team-directory sync, and a secure audit log. Our auditors literally said 'oh — good.'”
Ship it today
Stop sharing secrets in plain text.
Start today.
- Free for small teams
- Set up in minutes
- Works with your team directory