A password manager that keeps your secrets on your own devices. No account, no server holding your vault, no company to get breached and leak everything. You hold the vault, you hold the password, and that's it.
Bramble runs where you do:
- Browser extension for Chromium browsers (Brave, Vivaldim Chrome, Arc, and friends). Install it and you're up and running in a minute.
- iOS app with system AutoFill, Face ID / Touch ID unlock, and passkeys.
- Android app with a native autofill service, biometric unlock, and passkeys.
The same encrypted vault and the same Rust crypto core sit behind all three, and your devices can sync to each other directly, peer-to-peer, with no cloud in the middle.
Get Bramble:
Your passwords are encrypted on your device and written to a single vault file, wherever you choose to put it. On desktop, drop it in a Dropbox or Google Drive folder and it syncs across your machines; on mobile it lives on the device's own encrypted storage. Bramble never sees that folder or that file's contents, it just reads and writes one encrypted file. Prefer to keep the cloud out of it entirely? Bramble's own peer-to-peer sync mirrors the vault straight between your devices.
Everything cryptographic happens inside a single Rust core: compiled to WebAssembly in the browser, and to a native library on iOS and Android. Your master password never touches the JavaScript heap.
The mobile apps reuse Bramble's Rust crypto core and vault format, with native OS autofill on top:
- System AutoFill. Bramble registers as a native OS credential provider, so your logins and one-time codes show up in the keyboard and autofill bar across apps and browsers.
- Passkeys. Create and sign in with passkeys, stored as ordinary vault entries so they sync between your devices with everything else.
- Biometric unlock. Unlock with Face ID, Touch ID, or Android biometrics gated by the OS keystore, or fall back to your master password or recovery code.
- On-device storage. The vault lives on the native filesystem, encrypted at rest, not in a webview database the OS might evict.
- Peer-to-peer sync. Pair a phone with your other devices and the vault syncs directly between them, with no relay holding your data.
The iOS and Android apps are versioned and released independently of the extension.
- Local-first, always. One encrypted file on disk, in a location you pick.
- No shortcuts on crypto. Argon2id for your key, AES-256-GCM for the data, envelope encryption so every entry has its own key. Secrets get wiped from memory after use.
- Everything is encrypted. Site names, usernames, notes, all of it. The only readable thing on disk is the file header.
- Smart autofill everywhere.
www.ikea.com,ca.accounts.ikea.com, andikea.comall match the same login. One entry, several URLs. On the browser it's an on-page dropdown; on mobile it's the OS autofill bar across apps and browsers. - Passkeys. Bramble is your own WebAuthn authenticator: create and sign in with passkeys, in the extension and on both mobile apps. Passkeys are stored as vault entries, so they sync across your devices with no vendor cloud.
- More than logins. Logins, payment cards, secure notes, and SSH keys, each with their own fields.
- Built-in password generator. Strong passwords on tap.
- Unlock your way. Master password, a hardware key (YubiKey, Touch ID, Windows Hello via WebAuthn PRF on desktop), biometrics on mobile, or a recovery code. Use them alongside your password, or turn the password off and make one your only way in.
- Recovery codes. Every vault gets a high-entropy recovery code at setup: a printable backup that unlocks it independently of your master password. Shown once, stored offline, never kept in plaintext. Reset it any time.
- TOTP / 2FA codes. Paste an
otpauth://URI or bare secret and Bramble generates the six-digit codes. - Peer-to-peer sync. Mirror your vault directly between your own devices over an end-to-end encrypted connection. No cloud, no relay holding your data.
- Breach checking. Optional Have I Been Pwned lookup using k-anonymity, so nothing about your password leaves your machine.
- Auto-lock. Locks after idle time by default (configurable).
- Import from KeePass. Bring your KDBX4 database over, key files included.
- Multi-key vaults. LUKS-style key slots, so your master password, a security key, biometrics, or your recovery code can each unlock the same vault.
The cloud guys keep everyone's vaults on their servers, one giant target. When one gets popped it's not your vault that leaks, it's millions at once, and you find out from a blog post months later. Looking at you, LastPass and Dashlane 👀
Bramble flips that around:
- No server to breach. Your vault never leaves your control. No central pile of data for anyone to go after.
- No account, no subscription, no telemetry. Nothing to sign up for, nothing phoning home.
- You own the file. Back it up, sync it, or keep it off the internet entirely. Your call.
- Nothing to trust but the code. The crypto is open and runs entirely on your device. You're not taking anyone's word that the server "can't read your data."
The tradeoff is real and worth being honest about: there's no "I forgot my password" button on a server somewhere. But you're not without a safety net: every vault gets a recovery code, and you can register a hardware key as another way in. Save the recovery code and back up your vault file. Lose all of them (password, key, and recovery code) and the vault is gone, because nobody else holds a copy.
Bramble uses LUKS-style key slots and envelope encryption. There's one random Vault Key (VEK) that actually protects your data. Each way of unlocking (master password, security key, biometrics, or recovery code) derives its own Key-Encryption Key (KEK) that unwraps a copy of that same Vault Key, so adding or revoking an unlock method never re-encrypts a single entry. The Vault Key then unwraps a fresh per-entry key for every item, and that key decrypts the entry itself. Everything is AES-256-GCM, all of it inside the same Rust core (compiled to WebAssembly in the browser, a native library on mobile).
flowchart TD
subgraph unlock["Unlock (any one of these)"]
PW["Master password"]
SK["Security key<br/>(WebAuthn PRF)"]
RC["Recovery code"]
end
PW -->|"Argon2id"| KEK["Key-Encryption Key (KEK)<br/>32 bytes, never stored"]
SK -->|"HKDF-SHA256"| KEK
RC -->|"Argon2id"| KEK
subgraph slots["Key slots (on disk)"]
S["wrapped Vault Key<br/>per slot"]
end
KEK -->|"AES-256-GCM unwrap"| VEK["Vault Key (VEK)<br/>random, protects everything"]
S -.->|"one slot per unlock method"| VEK
VEK -->|"decrypt entries blob"| ENTRIES["Encrypted entries"]
VEK -->|"AES-256-GCM unwrap"| DEK["Per-entry key (DEK)<br/>fresh & random per save"]
DEK -->|"AES-256-GCM decrypt"| DATA["Entry data<br/>(passwords, notes, cards, keys)"]
Your master password never leaves the crypto core, and the KEK and decrypted keys are wiped from memory after use. On disk, only the file header is readable, everything else is ciphertext.
If you love KeePass, you'll feel at home: your encrypted database, your control, no cloud middleman. Bramble even imports your KDBX4 files. Where it's different:
- 🌐 It meets you where you are. A browser extension and native iOS and Android apps, all on one vault. No separate desktop app or plugin talking to a local program, and no fiddling to get autofill working on your phone.
- Autofill just works. Domain matching and an on-page dropdown in the browser, plus system autofill and passkeys on mobile, built in rather than bolted on.
- One opinionated, modern build instead of a sprawl of plugins and forks. Argon2id and AES-256-GCM out of the box.
- Modern UI. KeePass looks like it escaped from 2003 (no disrespect). Bramble is clean and fast, with dark mode and a layout that won't make you wince.
The KeePass philosophy with a browser-native and mobile-native coat of paint and autofill that works smoothly.
Parts of Bramble were written with AI assistance (Claude Opus), but every line was directed, reviewed, and shaped by a software engineer with over a decade of experience, the security-critical pieces especially. The AI was a fast typist, not the architect. The codebase is heavily tested, automated and manual, because for security software "it seems to work" isn't good enough.
- Smarter autofill. More form-detection coverage and fixes for the weird checkout and login pages that like to break things.
- Firefox and Safari. Extension support beyond Chromium.
Further out: file attachments and iframe/shadow-DOM autofill.
The core is real and working. The Chromium extension is publicly released, and native iOS and Android apps ship the same vault with system autofill, passkeys, and biometric unlock. Firefox is on the roadmap. Found a bug or have an idea? Open an issue.
Open source and contributions welcome. A few things worth knowing:
- Open an issue first for anything big. Bug reports and small fixes can go straight to a PR.
- Security software has a higher bar. Expect changes to come with tests, and the crypto and vault-format paths to get extra scrutiny.
- Found a security issue? Please don't file it in the public tracker. Report it privately via GitHub Security Advisories or email, so it can be fixed before it's out in the open. See SECURITY.md for details.
PRs that add real-site autofill fixtures or import-format coverage are especially handy.
Bramble is free and open source. If it's useful to you, toss some Monero our way. 💜
4AC3txuTwFm4fkamoYeK47c9EpnPwbreHNxJeKDYHiDNN6weD5vVA4BCH1azQhSxa6JjereuVpt21Pu2MyRDFDNNH6KGnWq
Bramble is free software, released under the GNU General Public License v3.0. See the LICENSE file for the full text. In short: use it, study it, fork it, and share it. If you distribute a modified version, pass the same freedoms along and make your source available under the GPLv3 too.
