TVault is a cross-platform desktop application for creating secure encrypted vaults. A vault is essentially an encrypted folder (or container) that you can lock and unlock on demand to protect your sensitive files. When locked, all data inside the vault is encrypted and inaccessible. When unlocked, the vault behaves like a normal folder on your system, allowing you to add, remove, or edit files easily. TVault is designed with a focus on strong security, privacy, and ease of use on Windows and macOS.
-
Secure Storage: Protect your files with AES-256 encryption – a strong, industry-standard cipher. You can choose one of several methods to secure your vault’s encryption key:
- Password: Use a password or passphrase you create.
- Master Key: Let the app generate a random master key for you.
- Shamir’s Secret Sharing: Split the vault’s master key into multiple parts using Shamir’s Secret Sharing (SSS). This method allows you to require N out of M key “shares” to unlock the vault – adding an extra layer of security for collaborative or distributed scenarios.
Additionally, TVault employs an HMAC-based integrity check on the vault data. This means any unauthorized modification of the encrypted vault file can be detected, ensuring that your data hasn’t been tampered with.
-
Cross-Platform Desktop App: TVault runs natively on Windows and macOS, with a consistent user interface across both. The app is built with a lightweight stack (powered by Tauri) that integrates with your operating system’s native webview. This results in a small bundle size and minimal resource usage, while still providing a modern, responsive UI.
-
Open Source & Privacy-Focused: The source code is available for review, and the application is local-first. All vault data is stored locally on your machine – TVault does not upload or sync your files to any cloud service. Your secrets stay with you. (See License for details on the source-available license.) The project welcomes community contributions and operates with transparency in mind.
TVault is available for both Windows and macOS:
-
Windows: Download the latest Windows installer (.exe) from our releases and run it. The installer will guide you through setup. Note: TVault for Windows requires the Microsoft Edge WebView2 runtime (used by the Tauri framework). On Windows 11 (and most up-to-date Windows 10 systems), WebView2 is already installed. If your system doesn’t have it, the TVault installer will automatically download and install WebView2 for you. No additional setup is needed — just follow the prompts.
-
macOS: Download the latest macOS app (.dmg) from our releases. Open the downloaded file and drag TVault into your Applications folder.
TVault follows a simple flow: Create → Unlock → Work with files → Reseal/Close. A vault is just an encrypted container that, when unlocked, is exposed as a normal folder in your system’s temporary directory. You work with your files using the OS file manager; the app itself doesn’t edit files.
-
Name & location. Pick a vault name and where to store the encrypted container file.
-
Provide the secret (two ways):
- Manual input — you type a password or paste/import an existing key.
- Mouse-entropy generator — open the entropy window and move the cursor.
-
Integrity. HMAC integrity is enabled by default to detect tampering of the encrypted container.
-
Choose key type.
- Password — unlock with a password.
- Master key — unlock with a generated 256-bit key.
- Shamir’s Secret Sharing — split a master key into M shares with an N-of-M threshold.
-
Finish. The encrypted container file is created at the chosen location.
-
Provide credentials matching how the vault was created (password / master key / required Shamir shares, and HMAC password).
-
On success, TVault decrypts the container into a temporary OS folder (inside your system’s temp directory). This is the folder you’ll work in.
- Treat the temporary folder like any normal directory: add, edit, and delete files using your usual apps and file manager.
- The app does not embed an editor; all changes happen in the unlocked folder.
- You can also edit vault metadata (name, tags, comment) from the app UI while the vault is managed by TVault.
- When you’re done, click Close in the app.
- TVault encrypts all changes back into the container, updates the HMAC, and deletes the temporary folder in the OS temp directory.
- While a vault is unlocked, its contents exist in the OS temp directory — treat the session as sensitive (lock when you step away).
- No recovery: if you lose the required credentials (password, master key, or Shamir shares), the vault cannot be recovered. Back up keys/shares securely.
Before running this project, make sure you have the following installed:
- Node.js (v18 or higher)
- Yarn package manager
- Rust (latest stable version)
- Tauri CLI:
cargo install tauri-cli
If you don't have Rust installed, follow the official installation guide:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | shcargo install tauri-cli-
Clone the repository
git clone https://github.com/namelesscorp/tvault.git cd tvault -
Install dependencies
yarn install
-
Run the development server
yarn tauri:dev
This will start both the frontend development server and the Tauri application.
yarn dev— Start Vite development server onlyyarn tauri:dev— Start Tauri development mode (recommended)yarn preview— Start Vite preview server
yarn build— Build for developmentyarn build:dev— Build Vite in development modeyarn build:prod— Build Vite in production modeyarn tauri:build— Build Tauri app
yarn build:all— Build for all platforms (macOS ARM, macOS Intel, Windows 32-bit, Windows 64-bit)yarn build:mac-arm— Build for macOS ARM (Apple Silicon)yarn build:mac-intel— Build for macOS Intelyarn build:win-32— Build for Windows 32-bityarn build:win-64— Build for Windows 64-bityarn build:mac— Build for both macOS architecturesyarn build:win— Build for both Windows architectures
yarn format— Format code with Prettier and fix ESLint errorsyarn lint:eslint— Run ESLint
For advanced users and automation scenarios, TVault also offers a Command-Line Interface (CLI) tool. The CLI provides the core functionality of TVault through terminal commands, which is useful for scripting and integrating into your workflow. Some capabilities of the CLI include:
-
Vault Creation: You can create new vaults via CLI commands, specifying options such as vault name, location, and key type (password, master key, or Shamir shares). This is handy if you want to automate vault setup or incorporate TVault into installation scripts for new machines.
-
Unlocking and Locking: The CLI lets you unlock (unseal) and lock (reseal) vaults from the command line. For example, you could write a script to automatically unlock a vault, run a backup or access a file, and then lock it again. The CLI accepts the required credentials (password, key, or shares) as arguments, so it can be used non-interactively in automation scenarios.
-
Retrieving Data: While the vault is unlocked via CLI, you can interact with the vault’s files using normal shell commands. This enables scenarios like scheduled tasks that extract or update information in a vault without manual intervention.
-
Backup and Scripting: You can script backups for safekeeping using the CLI. For instance, a cron job could use TVault CLI to unlock a vault, run a backup (copy the vault file to a backup location), and then lock it again. Or you might script the export of certain data. Essentially, anything you can do in the GUI can be done via the CLI, allowing integration with other tools (CI/CD pipelines, etc.) and workflows.
The CLI shares the same security model as the GUI, so all encryption/decryption is done locally and the same precautions apply. Please read the CLI documentation for detailed command usage and examples.
Contributions are welcome! If you encounter any bugs or have ideas for improvements, feel free to open an issue or submit a pull request. We appreciate the community’s help in making TVault better:
- Report Issues: Use the GitHub Issues to report bugs or request features. Please include details and steps to reproduce for bugs.
- Pull Requests: If you want to contribute code or documentation, fork the repository and create a pull request. Ensure your changes build properly and discuss major changes in an issue first if possible. All contributions will be reviewed.
TVault Core is proprietary software. Use of this code is governed by the License agreement.
If you have questions or issues, please create an Issue in the repository or contact the development team.
© 2025 Trust Vault. All rights reserved.