How privacy, encryption, and usability meet in an offline-first password and credential tool.
CarryPass is a fully client-side application distributed as a Progressive Web App (PWA). It runs entirely in the browser and stores all secrets locally. There is no backend, no telemetry, and no cloud sync.
CarryPass generates deterministic passwords using a combination of Argon2id, PBKDF2, and AES-CTR stream cipher.
The Admin tool allows encrypted vault creation with per-member credential blocks and optional team-level keys. These vaults are encrypted using AES-GCM and distributed as static JSON files.
Team members can unlock their portion of the vault using a password (and optionally TOTP). Each member can only see the teams assigned to them, and nothing else.
CarryPass applies strong cryptography, strict client-side execution, and aggressive separation of concerns to prevent data exposure.
CarryPass is built for secure offline use. By applying deterministic password generation, strong encryption, no-cloud architecture, and transparent controls, it meets the privacy needs of modern teams and security-focused individuals.