Security Architecture
MeowPass is zero-knowledge by design. Your secrets are encrypted on your device before they ever reach our servers.
Encryption Flow
# Key derivation
Master Password + Salt → Argon2id (time=3, mem=64MB) → Master Key
# Vault encryption
Random Vault Key (32 bytes) → encrypted with Master Key via AES-256-GCM
# Secret encryption
Secret Value → encrypted with Vault Key via AES-256-GCM
# Team sharing
Vault Key → re-encrypted per recipient via X25519 key exchange
What We Can See vs. What We Cannot
We can see
- • Your email address
- • Vault names and metadata
- • Secret key names
- • Encrypted blobs (meaningless ciphertext)
- • Timestamps and version numbers
- • IP addresses (for rate limiting)
We can never see
- • Your master password
- • Your derived master key
- • Decrypted vault keys
- • Plaintext secret values
- • Your X25519 private key
Key Derivation Parameters
| Algorithm | Argon2id (winner of Password Hashing Competition) |
| Time cost | 3 iterations |
| Memory cost | 64 MB |
| Parallelism | 4 threads |
| Output | 32 bytes (256-bit key) |
| Symmetric cipher | AES-256-GCM (authenticated encryption) |
| Key exchange | X25519 (Curve25519 ECDH) |
Infrastructure Security
- API: AWS Lambda (arm64) behind API Gateway with rate limiting (60 req/min general, 10 req/min auth)
- Database: Neon Postgres with encrypted-at-rest storage
- Transport: TLS 1.3 enforced on all API connections
- Auth: JWT tokens (HS256) with device code OAuth flow
- API keys: SHA-256 hashed before storage, scoped (read/write)
- Audit: Every vault and secret operation logged with IP and user agent
Open Source
MeowPass is fully open source. Every encryption operation can be audited in the codebase:
- pkg/crypto/ — Go: Argon2id, AES-256-GCM, X25519
- sdk/src/crypto.ts — Node.js SDK encryption
- mcp/lib/crypto.js — MCP server encryption