Documentation

Getting Started

Creating Your Account

To get started with UnveilPass, you need to create an account. Here is how:

1. Open UnveilPass in your browser and click Create Account.
2. Enter your email address. This will be used for login and for other users to share passwords with you.
3. Choose a master password. This is the single password you will use to unlock your vault. Make it strong and memorable.
4. Confirm your master password by typing it again.
5. Click Register. Your encryption keys are generated right in your browser and your vault is ready to use.

Your Master Password

Your master password is the most important piece of your UnveilPass account. Here is what you need to know:

• It never leaves your browser. Your master password is used to derive encryption keys locally on your device. The actual password is never sent to our server.
• We cannot see it. Because of the zero-knowledge design, no one at UnveilPass (or anyone who might gain access to the server) can see your master password.
• Choose a strong one. Use a long passphrase or a combination of random words. Avoid common passwords, dictionary words, or personal information like birthdays.
• Remember it. Write it down and store it in a safe place (like a physical safe) until you have memorized it.

First Login and Device Trust

When you log in from a new device or browser for the first time, UnveilPass will verify that it is really you:

1. Enter your email and master password as usual.
2. If device trust is enabled on your account, you will be asked to verify this new device.
3. A 6-digit verification code is sent to your email address. The code is valid for 10 minutes.
4. Enter the code in the verification prompt.
5. Once verified, your device is trusted for 7 days. You will not be asked again during this period.

Vault

The vault is where all your passwords and login credentials are securely stored. Everything in your vault is encrypted with your personal vault key, which only you can unlock with your master password.

Adding a New Password

The entry form has 3 tabs: Credentials, Options and Fields.

1. Click the New Entry button at the top of the vault page.
2. Fill in the details: label (optional display name), website name, URL, username and password.
3. The URL field offers autocomplete suggestions from the top 5,000 websites. Start typing and select a suggestion to auto-fill the URL and website fields.
4. The Folder field suggests existing folders from your vault as you type.
5. Optionally choose a custom icon to visually identify the entry in your vault.
6. Toggle Professional to categorize the entry (Personal or Professional).
7. Click Save. The entry is encrypted in your browser and sent to the server.

Entry Options (second tab)

• TTL (expiration) — Set an automatic expiration time. The entry is deleted after the period ends.
• Notes — Add private notes to the entry.
• TOTP — Add a 2FA secret for built-in authenticator codes (see below).
• Favorite — Toggle to pin the entry to the Favorites section.
• Auto-fill — When enabled, the browser extension fills this entry automatically on matching sites.
• Auto-login — When enabled, the extension also submits the login form automatically after filling.

Custom Fields (third tab — Pro)

Some websites require extra information during login: a PIN, a date of birth, a security question, a customer number, etc. Custom fields let you save these values and have the browser extension fill them automatically.

1. Open the Fields tab in the entry form.
2. Click + New Field.
3. Name — The field identifier on the website. To find it: right-click the field on the page, click "Inspect" and look for the name or id attribute in the HTML.
4. Type — Must match the field type: Text, Password, Hidden, Checkbox or Tel.
5. Value — What the extension will fill in.

Editing and Deleting Entries

Click on any row in your vault table to view entry details (with Copy buttons for username and password). Click Edit to modify any field. Deleted entries go to the Trash where they can be restored within 30 days.

Folders and Categories

Folders help you organize your vault entries into logical groups (e.g. "Work", "Banking", "Social Media"). Categories let you separate Personal and Professional entries.

• When creating or editing an entry, type a folder name or select from existing folders.
• Entries with the same folder name are grouped together in collapsible sections.
• Use the Personal | Professional | All tabs to filter by category.
• Use the folder badges to filter by folder within the active category.

Favorites

Mark entries as favorites by clicking the star icon (★) in the vault table. Favorite entries appear in a dedicated section at the top of your vault. Click the star again to remove from favorites.

Search

Use the search bar at the top of the vault to quickly find entries. Search works across entry names, usernames, URLs, and folder names. Results update as you type.

Built-in TOTP Authenticator

UnveilPass includes a built-in authenticator for time-based one-time passwords (TOTP). This means you can store your two-factor authentication codes right alongside your passwords, without needing a separate authenticator app.

1. Edit a vault entry and look for the TOTP section.
2. Scan a QR code or manually enter the TOTP secret provided by the website.
3. Once set up, a 6-digit code will be generated automatically and displayed next to the entry. The code refreshes every 30 seconds.

Password History

Every time you update a password for a vault entry, the previous password is saved in the entry's history. This allows you to:

• View all previous passwords for an entry.
• Copy an old password if you need to revert.
• See when each password change was made.

Column Customization

You can choose which columns are visible in the vault table:

• Click the Columns button to show or hide individual columns (Last Use, Safety, Breach, Uses, etc.).
• Click Default to reset to the standard column layout.
• Your column preferences are saved and restored automatically.

The same column customization feature is also available on the Secure Items and Identities pages.

Inline Edit

Double-click on a Site, Username or Folder cell in the vault table to edit its value directly without opening the full edit form. Press Enter to save or Escape to cancel. This feature is also available on the Notes and Identities pages.

Vault Sync

Your vault stays up to date across all your devices:

• Automatic sync: Your vault refreshes automatically in the background every 30 minutes.
• Manual sync: Click the Sync button in the top bar at any time to pull the latest changes immediately.

Sync also updates any shared entries you have received from other users (see the Sharing section below).

Password Generator

The password generator helps you create strong, random passwords so you never have to think of one yourself.

How to Use It

1. Go to the Generator page from the sidebar.
2. Set your desired password length using the slider or input field.
3. Choose which character types to include:
   • Lowercase letters (a-z)
   • Uppercase letters (A-Z)
   • Numbers (0-9)
   • Special characters (#, $, etc.)
4. A random password is generated instantly and displayed.
5. Click Copy to copy it to your clipboard.

Password Strength Indicator

The generator shows a strength indicator that rates your password:

Rating	What it means
Weak	Too short or too simple. Easily guessed or cracked.
Fair	Better, but still not strong enough for important accounts.
Good	Decent strength. Acceptable for most uses.
Strong	Very strong. Suitable for all accounts.

Secure Items

Secure Items is a unified space to store notes, financial records, documents, vehicles, properties, subscriptions, appliances and more. Everything is encrypted client-side before being stored.

Item Types

Click + New Item and choose a type from the dropdown (sorted alphabetically):

• Appliance: TV, fridge, washing machine, computer, phone and other household devices. Store brand, model, serial number, purchase date, warranty end date and retailer.
• Bank Account: Account holder, bank name, IBAN and BIC.
• Booking: Flight, hotel, car rental, train or cruise reservations. Store provider, confirmation number, dates and type-specific details (flight number, departure/arrival for flights, hotel address, pick-up/drop-off for car rentals).
• Credit Card: Card type (Visa, Mastercard, Amex, CB, Gold, Platinum, Black...), cardholder name, card number, expiry, CVV, bank name, billing address and emergency phone number for lost/stolen cards.
• Document: Passport, ID card, driver's license, residence permit, birth certificate, health insurance/mutuelle, Wi-Fi network, software license, membership/loyalty card and more.
• Insurance: Auto, home, health, life, travel and pet policies with provider, policy number, dates, premium and contact.
• Loyalty Card: Store loyalty and rewards cards. Store name, card number, barcode and points balance.
• Medical: Exams, vaccinations, prescriptions, allergies, surgeries and chronic conditions with doctor, facility and date. Person field for family members or pets.
• Note: Free-form text notes for recovery codes, license keys, private information or anything else. Notes can be linked to websites and shown automatically when visiting those sites.
• Property: House, apartment, studio, land, commercial or garage. Store address, surface, rooms, ownership status, purchase details, tax reference and tenant information.
• Subscription: Netflix, Spotify, internet, mobile, cloud, software, gaming and other recurring services. Track provider, plan, price, billing cycle, renewal date and auto-renew status.
• Travel Card: Airline loyalty programs (Flying Blue, Miles & More), rail cards and other travel memberships. Store operator, member number, status tier (Standard to Diamond), miles/points and alliance (SkyTeam, Star Alliance, Oneworld).
• Vehicle: Car, motorcycle, bicycle, truck, van, scooter, camper or boat. Store brand, model, year, first registration date, fuel type, CO2 emissions, horsepower, plate number, VIN, mileage, financing and technical inspection details.

Filtering and Grouping

The Items page offers several ways to organize your data:

• Category tabs (Personal / Professional / All) — filter by category. Each tab shows the item count.
• Type filter bar — filter by item type (Note, Credit Card, Vehicle, etc.). When All is selected, items are grouped by type in collapsible sections that you can expand or collapse. When a specific type is selected, a flat paginated table is shown.
• Search — search across all fields (title, content, card name, provider, etc.).

Preview Column

The Preview column in the items table shows a summary of each item. Each type has a default preview (e.g. masked IBAN for bank accounts, brand and plate number for vehicles). You can customize which fields appear in the preview:

1. Edit an item and go to the Options tab.
2. Scroll down to Preview in table.
3. Check up to 2 fields to display. Checking a third field automatically unchecks the oldest one.
4. Click Default to restore the original preview fields.

Custom Templates

You can create your own item types with custom fields. Click + New Template at the bottom of the dropdown, give it a name and define the fields you need (text, number, date, textarea or select). You can then create multiple items from that template. Templates can be edited or deleted using the icons next to them in the dropdown.

Linking Notes to Sites

Notes can be linked to one or more websites using the Sites tab in the note editor. When you link a note to a site:

• If Auto-show is enabled on the note, the note content is automatically displayed as a toast notification when you visit a matching site.
• In the browser extension, a [Note] button appears in the password banner, letting you view the attached note content directly on the page.

Sharing Items

You can share items with your contacts or teams. When you share an item, it is encrypted with a shared key derived from your keys and the recipient's keys, so the server never sees the content. Attachments are included when sharing.

Clone

Use the Clone button in the actions column to duplicate an existing item. The clone opens as a new item pre-filled with all the data from the original, with "(copy)" added to the title. This is useful for creating similar items quickly.

Identities

Identities store your personal profiles: name, contact details, address and official document numbers. All data is encrypted client-side before being stored.

What You Can Store

Each identity is organized in 4 tabs:

• Personal: Label, gender (Mr, Mrs, Miss, Other), first name, last name, date of birth, email (with autocomplete from your contacts) and phone number.
• Address: Street, city, state, postal code and country (dropdown with auto-detection based on your location).
• Documents: Social security number, health insurance number, passport number, ID card number and driver's license number.
• Options: Professional toggle to categorize the identity and custom icon picker.

How to Add an Identity

1. Go to Identities in the sidebar.
2. Click New Identity.
3. Fill in the fields you need. You do not have to fill in everything, only what is useful to you.
4. Click Create.

Clone

Use the Clone button in the actions column to duplicate an existing identity. This is useful for creating profiles for family members who share the same address.

Auto-fill

The browser extension can detect identity fields on web pages (name, email, phone, address) and fill them automatically. Use the Fill Identity option in the padlock dropdown to choose which identity to use.

Teams

Teams allow groups of people to securely share passwords and notes. Each team has its own encrypted vault and notes, accessible only by team members.

Creating a Team

1. Go to Teams in the sidebar.
2. Click New Team and give your team a name.
3. A unique Team Key is generated and encrypted with your personal keys. This key will be securely shared with every member you invite.

Inviting Members

1. Open your team and click Invite.
2. Enter the email address of the person you want to invite. They must already have an UnveilPass account.
3. An email invitation is sent. Behind the scenes, the Team Key is encrypted using a secure key exchange (ECDH) between your keys and the invitee's public key.
4. When the invitee accepts, they can decrypt the Team Key and access the team's vault and notes.

Team Vault and Team Notes

Each team has its own vault for shared passwords and its own set of secure notes. These work exactly like your personal vault and notes, but are shared among all team members (according to their permissions). The Teams page shows Vault and Notes entry counts for each team.

Sharing to Teams

You can share both vault entries and notes (including attachments) to your teams. When sharing, you can configure:

• Sync Mode — One-way or two-way sync, just like personal sharing.
• Expires after — Set an optional expiration on the shared item.
• Lock — Prevent team members from removing the shared item.

Each shared item shows a read receipt counter (e.g. "3/5 read") so you can see how many team members have viewed it.

Roles

Role	Capabilities
Owner	Full control. Can manage members, change roles, add/edit/delete all entries, and delete the team.
Admin	Can manage members and entries. Cannot delete the team or change the owner.
Member	Can view and use entries they have been given access to.

Per-Entry Permissions

Each entry in the team vault can have individual permissions:

Permission	What it allows
Read	View and copy the entry, but cannot edit it.
Read + Write	View, copy, and edit the entry.

My Contacts

Contacts are other UnveilPass users you have connected with. You need to add someone as a contact before you can share passwords or notes with them.

Adding a Contact

1. Go to My Contacts in the sidebar.
2. Click New Contact.
3. Enter the email address of the person you want to add. They must have an UnveilPass account.
4. An email invitation is sent to them. You will see the contact listed as Pending until they accept.

Contact States

State	Meaning
Pending	Invitation sent, waiting for the other person to accept.
Accepted	Both parties are connected. You can now share passwords and notes with this contact.

Sharing

UnveilPass lets you securely share vault entries and secure notes with your contacts. Sharing uses end-to-end encryption, so the server never sees the shared data in plain text.

How to Share

1. Open a vault entry or a secure note and click the Share button.
2. A dialog appears showing your contacts. Select who you want to share with.
3. Choose the sync mode, expiration and lock options (see below).
4. Click Share. The item is encrypted with a shared key derived from your private key and the recipient's public key. When sharing notes, any attachments are included automatically.

Sync Modes

Mode	How it works
One-way	Only the owner (you) can update the shared item. The recipient sees your changes but cannot modify it.
Two-way	Both you and the recipient can update the item. Changes sync both directions. This applies to both vault entries and notes.

Lock Option

When you enable the Lock option on a share, the recipient cannot remove or revoke the share. This is useful when you want to ensure continued access, for example when sharing team credentials that should always remain available.

Expiration (TTL)

You can set how long a share lasts:

• Unlimited — The share stays active until you manually revoke it.
• 5 minutes to 30 days — The share automatically expires after the chosen time. This is great for temporary access, like sharing a Wi-Fi password with a guest.

Shared Page

The Shared page shows all items shared with you and items you have shared with others. Each row displays the Type (Entry or Note), the Item name, and the From/To columns so you can see who shared what. A notification bell appears in the sidebar when you receive new shares.

Save to Vault

When someone shares an entry with you, you will see it in the Shared page. You can click Save to Vault to add a linked copy to your personal vault. This linked copy stays in sync with the original, according to the sync mode chosen by the owner.

Password Health

The Password Health page gives you an overview of how secure your stored passwords are and helps you identify problems.

Security Score

Your overall security score is calculated based on the quality of all passwords in your vault. A higher score means your passwords are in good shape.

What Gets Flagged

Issue	Why it matters
Weak passwords	Short or simple passwords that can be easily guessed or cracked by automated tools.
Reused passwords	Using the same password on multiple sites is dangerous. If one site is breached, attackers can use that password to access your other accounts.
Old passwords	Passwords that have not been changed in a long time. Regular rotation reduces risk.

How to Improve Your Score

1. Review the flagged entries on the Password Health page.
2. Click on an entry to open it.
3. Use the Password Generator to create a strong replacement.
4. Update the password on the actual website, then save the new password in your vault.
5. Repeat for all flagged entries.

Breach Scanner

The Breach Scanner checks whether any of your passwords or email addresses have appeared in known data breaches. It uses the Have I Been Pwned (HIBP) service to perform these checks.

How Password Checking Works

The scanner uses a technique called k-Anonymity to check your passwords safely:

1. Your password is hashed (converted to a fingerprint) locally in your browser.
2. Only the first 5 characters of this hash are sent to the breach database.
3. The database returns all matching hashes that start with those 5 characters.
4. Your browser checks locally if your full hash appears in the results.

Breach Badges

If a password in your vault is found in a known breach, a red breach badge appears on that entry in your vault table. This serves as a visual warning that you should change that password immediately.

Email Breach Monitoring

The Breach Scanner can also check if your email addresses have appeared in known data breaches. You will see a list of breaches associated with your email, including the breach date and what data was exposed.

Emergency Access

Emergency Access lets you designate a trusted person who can request access to your vault in case of an emergency, such as if you become incapacitated or pass away.

How It Works

There are two roles in Emergency Access:

Role	Description
Grantor	You. The person who grants emergency access to someone they trust.
Grantee	Your trusted person. The one who can request access when needed.

Setting It Up

1. Go to Emergency Access in the sidebar.
2. Click New Emergency Contact and enter the email of the person you trust.
3. They must have an UnveilPass account.

The Request Flow

1. Your trusted person initiates a Request for emergency access.
2. You receive a notification and can Approve or Reject the request.
3. If approved, the grantee gains access to your vault data.
4. You can revoke emergency access at any time by deleting the emergency contact.

SecureSend

SecureSend lets you share files securely with anyone using end-to-end encryption. Your files are encrypted in your browser with AES-256-GCM before being uploaded — the server never sees the original content and cannot decrypt it.

How It Works

1. Go to SecureSend in the sidebar.
2. Click + New SecureSend.
3. Select one or more files (drag and drop or click to browse). Free plan: 1 MB per link. Pro plan: 10 MB per link.
4. Optionally enable Compress (ZIP) to compress your files before encryption.
5. Add an optional message for the recipient (also encrypted).
6. Choose an expiration: select a duration (15 minutes to 7 days) or click Pick a date to set an exact date and time.
7. Set Max downloads to limit how many times the link can be used (0 = unlimited, default: 1). When max downloads is 1, you can also enable Delete after download to permanently remove the encrypted data after the first view.
8. Click Encrypt & Send. Your files are encrypted in your browser and uploaded.
9. Copy the generated link and share it with the recipient via email, messaging or any channel.

Receiving a File

The recipient opens the link in any browser — no account required. They see the UnveilPass branding with your optional message, then click Decrypt me now ! to download and decrypt the file directly in their browser. If multiple files were sent, they receive a ZIP archive. The page is automatically displayed in the recipient's language.

Security

1. Your files are encrypted in your browser using AES-256-GCM with a randomly generated key.
2. Only the encrypted data is uploaded to the server — the key never leaves your browser.
3. The decryption key is embedded in the link fragment (#) which is never sent to the server.
4. The recipient opens the link — the key decrypts the file entirely in their browser.
5. After the TTL expires or the download limit is reached, the encrypted data is permanently deleted from the server.

History

The SecureSend table shows all your sent files with their status:

• Pending (orange) — waiting for the recipient to open the link.
• Downloaded (green) — the recipient has viewed/downloaded the file.
• Expired (red) — the link has expired or the download limit was reached.

The Views column shows how many times the link has been used (e.g. "3 / 5" means 3 views out of 5 maximum). Click on any row to see the list of files that were included. Expired entries remain visible for 30 days.

Share via Link

You can also share vault entries, secure items and identities via an encrypted link. Click the link icon on any entry to generate a SecureSend with the same options (message, expiration, max downloads). The recipient sees the shared data with copy buttons for each field — no account required.

Import / Export

UnveilPass makes it easy to migrate from another password manager or to export your data for backup purposes.

Importing Passwords

You can import passwords from the following password managers:

Source	How to export from it
LastPass	Go to LastPass > Advanced Options > Export. You will get a CSV file.
Bitwarden	Go to Bitwarden > Tools > Export Vault > choose CSV format.
StickyPassword	Go to StickyPassword > Menu > Export > save as CSV.
Chrome	Go to Chrome Settings > Passwords > three-dot menu > Export Passwords.
Firefox	Go to Firefox Settings > Passwords > three-dot menu > Export Logins.

1. Go to Import / Export in the sidebar.
2. Click Import and select your CSV file.
3. UnveilPass automatically detects the format (LastPass, Bitwarden, StickyPassword, Chrome, or Firefox) based on the CSV structure.
4. Review the entries that will be imported.
5. Click Confirm. Each entry is encrypted in your browser and then saved to your vault.

Exporting Your Vault

You can export all your vault entries as a CSV file for backup or migration purposes.

1. Go to Import / Export in the sidebar.
2. Click Export.
3. Your vault entries are decrypted locally and downloaded as a CSV file to your computer.

Browser Extensions

UnveilPass offers browser extensions for Chrome and Firefox that let you autofill login forms and automatically save new credentials without leaving the website you are on.

Chrome Extension

1. Download the Chrome extension from the UnveilPass app or install it from the Chrome Web Store.
2. Click the UnveilPass icon in your browser toolbar.
3. Log in with your email and master password. A password eye toggle on the unlock screen lets you verify what you type. Your encryption keys are derived in the extension popup, just like in the web app.
4. Once logged in, the extension will automatically detect login forms on websites you visit.

Firefox Extension

1. Install the Firefox extension from addons.mozilla.org.
2. Click the UnveilPass icon in your browser toolbar and log in.
3. The extension works the same way as the Chrome version.

Extension Popup Tabs

The extension popup has 5 tabs: Vault, Notes, IDs, Generator and Settings.

• Vault — Browse, search and fill your vault entries. Matching entries for the current site are shown at the top. Action buttons let you Fill, Copy, Show, Recheck, Edit and Delete entries.
• Notes — View, search, create, edit and delete secure notes directly from the extension. Use the "Show on page" button to display a note's content as a banner on the current page. Filter by Personal | Professional | All category tabs.
• IDs — View and search your identities with Fill and Copy buttons for each field. Type badges (Address, Bank, Card, etc.) help you identify entries at a glance.
• Generator — Generate passwords or passphrases with the same options as the web console.
• Settings — Configure auto-lock timeout, phishing & malware protection, ad blocker and equivalent domains.

View Modes

Toggle between Normal and Compact view using the list icon next to the category tabs. The compact view shows only entry names in a narrower popup. This toggle is available on all tabs and the preference is synced with the web console.

Detach Button

Click the Detach button in the popup header to open the extension in a separate browser window. This is useful when filling forms that require you to see the page and the extension side by side, keeping your cursor visible on the page while you browse your vault.

How Autofill Works

When you visit a website that matches a URL stored in your vault:

• A small padlock icon appears inside password fields.
• Click the padlock to see matching entries and fill credentials with one click.
• The extension uses smart field detection to find username and password fields, even on complex login pages.
• If auto-fill is enabled on an entry, credentials are filled automatically when the page loads.
• If auto-login is also enabled, the form is submitted automatically (a "Signing in..." spinner is shown during the process).
• Matching also works across equivalent domains (e.g. an entry for google.com matches on youtube.com).

Custom Fields Autofill

If a vault entry has custom fields (see Custom Fields above), the extension automatically fills them on the page by matching the field name with name, id, placeholder or aria-label attributes in the HTML.

Password Update Detection

When you change your password on a website, the extension detects it:

• If the same site and username exist in your vault but with a different password, a popup asks "Update password?".
• Click Update to save the new password. The old password is automatically saved in the entry's password history.

Auto-Save on Form Submit

When you log in to a website that is not yet in your vault:

• The extension detects the form submission and captures the credentials.
• A popup appears asking if you want to save the new login.
• Choose Save (permanent) or a TTL option (5 minutes, 1 hour, 24 hours, 7 days).
• Click "Never for this site" to permanently skip this website.

Extension Test Page

UnveilPass provides a test page at /static/test.html where you can try out the autofill and auto-save features with various form patterns without any risk.

Disable Built-in Password Managers

To avoid conflicts with UnveilPass, you should disable your browser's built-in password manager. This prevents duplicate save prompts, autofill conflicts, and ensures UnveilPass is the only tool managing your credentials.

Google Chrome

1. Open Chrome and go to chrome://settings/passwords
2. Turn off "Offer to save passwords"
3. Turn off "Auto Sign-in"
4. Optionally, delete any saved passwords from the list below

Microsoft Edge

1. Open Edge and go to edge://settings/passwords
2. Turn off "Offer to save passwords"
3. Turn off "Auto Sign-in"
4. Turn off "Password Monitor" (Edge's built-in breach detection)
5. Optionally, delete any saved passwords

Mozilla Firefox

1. Open Firefox and go to about:preferences#privacy
2. Scroll down to the "Logins and Passwords" section
3. Uncheck "Ask to save logins and passwords for websites"
4. Uncheck "Autofill logins and passwords"
5. Uncheck "Suggest and generate strong passwords"
6. Uncheck "Show alerts about passwords for breached websites"
7. To delete existing saved passwords: click "Saved Logins..." and remove them

Brave

1. Open Brave and go to brave://settings/passwords
2. Turn off "Offer to save passwords"
3. Turn off "Auto Sign-in"
4. Optionally, delete any saved passwords

Safari (macOS)

1. Open Safari → Settings (or Preferences)
2. Go to the "AutoFill" tab
3. Uncheck "User names and passwords"
4. Go to the "Passwords" tab to delete existing saved passwords

Opera

1. Open Opera and go to opera://settings/passwords
2. Turn off "Offer to save passwords"
3. Turn off "Auto Sign-in"
4. Optionally, delete any saved passwords

Browsers (Connected Devices)

The Browsers page shows all browser extension sessions connected to your account.

What You Can See

• Each active extension session, including browser name and when it last connected.
• Extensions identify themselves with a special header (X-Client: extension), which allows the server to track them separately from regular web sessions.

Managing Sessions

You can review which browser extensions are connected and revoke access to any session you do not recognize. This is useful if you lose a device or suspect unauthorized access.

Settings

The Settings page contains security preferences. Account management (password, email, API keys, delete) is accessed by clicking your email in the top bar.

Two-Factor Authentication (2FA / TOTP)

Add time-based one-time password (TOTP) authentication to your login:

1. In Settings, click Enable 2FA.
2. Scan the QR code with your authenticator app (e.g., Google Authenticator, Authy).
3. Enter the 6-digit code to confirm setup.
4. From now on, you will need the code every time you log in.

Device Trust

Toggle device trust on or off. When enabled, new devices must be verified via a 6-digit email code. Trusted devices are remembered for 7 days.

Passkeys & Hardware Security Keys

UnveilPass supports passkeys for fast, passwordless login. This works with:

• Face ID / Touch ID (iPhone, iPad, Mac)
• Windows Hello (fingerprint, face recognition)
• Hardware security keys (YubiKey, Google Titan, Feitian, SoloKeys) via USB, NFC or Bluetooth
• Cloud passkeys (iCloud Keychain, Google Password Manager)

To set up a passkey:

1. On your mobile device, go to Settings and tap Add Passkey / Face ID.
2. Your browser will prompt you to authenticate with biometrics or insert your security key.
3. Once set up, a "Sign in with Passkey" button appears on the login page.

Vault Modification Alerts

When enabled, you receive an email notification whenever your vault is modified (entries added, updated or deleted). No passwords are included in the email — only the action and timestamp.

Session Duration

Control how long your console session stays active before automatic logout. Available options: 15 minutes, 30 minutes, 1 hour (default), 2 hours, 4 hours and 8 hours.

Session Expiry Warning

When enabled (on by default), a popup appears 3 minutes before your session expires. The popup shows a live countdown and two buttons:

• Continue — extends your session for another full duration.
• Logout — logs you out immediately.

If you do nothing, the session expires automatically and you are redirected to the login page.

Phishing & Malware Protection

When enabled, the browser extension checks every website you visit against known phishing and malware databases. If a site is flagged as dangerous, a warning page is displayed instead of loading the site.

Ad Blocker

Available only when Phishing & Malware Protection is enabled. When turned on, the extension blocks advertisements and tracking scripts on websites you visit. Ad domains are detected by checking them against server-side blocklists and DNS filtering. Blocked domains are reported in the Statistics page.

Preferences Export / Import

In the Preferences tab, you can export and import your console preferences (column layout, sorting, generator settings, language and extension settings):

• Export — Downloads your preferences as an encrypted .uvpass file. The file is encrypted with your vault key and cannot be read outside your account.
• Import — Restores preferences from a previously exported .uvpass file. Only .uvpass files under 50KB are accepted. This overwrites your current preferences.

Email Aliases

Email aliases let you sign up for websites without revealing your real email address. Instead of giving john@gmail.com, you use a unique alias like shop_x7k@simplelogin.io that forwards emails to your real inbox. If the alias gets spammed or leaked in a breach, you simply disable it.

UnveilPass integrates with two free alias services. You can connect one or both to get up to 20 free aliases (10 per service):

Setting up SimpleLogin (10 free aliases)

1. Create a free account at simplelogin.io
2. Go to API Keys in your SimpleLogin dashboard and create a new key
3. In UnveilPass, go to Settings → Configuration → Email Aliases
4. Paste the API key in the SimpleLogin field and click Save

Setting up Addy.io (10 additional free aliases)

1. Create a free account at addy.io
2. Go to Settings → API and create a Personal Access Token
3. In UnveilPass, paste the token in the Addy.io field and click Save

Using aliases

Once connected, a @ button appears next to the Username field when creating or editing a vault entry. Click it to see a dropdown with two options:

• Generate new alias — creates a fresh alias via SimpleLogin (or Addy.io as fallback if SimpleLogin is full). The alias is automatically filled in the Username field.
• Pick an existing alias — reuse an alias you already created. The dropdown lists all your active aliases from both services.

The counter next to each service name (e.g. "3 / 10") shows how many aliases you have used. Click Show to see the full list with status (active or disabled).

Equivalent Domains

Equivalent domains tell the browser extension that several websites share the same login credentials. For example, google.com, youtube.com and gmail.com all use your Google account.

• Global Equivalent Domains — A built-in list of 92 groups of related websites (Google, Microsoft, Amazon, Facebook, etc.). Enabled by default. Toggle OFF if you have different accounts on related sites.
• Custom Equivalent Domains — Add your own groups. For example, if your company uses company.com and company-sso.com for the same login, create a custom group with both domains. Disabled by default — toggle ON and click + New Group to get started.

Account Management (click your email in the top bar)

Clicking your email address in the top bar opens the Account panel with 4 tabs:

• Password — Change your master password. Your vault key is re-encrypted with the new password. You will need to log in again on all devices.
• Email — Change the email associated with your account. A verification code is sent to the new email address.
• API Keys — Generate API keys for CLI, scripting, or CI/CD integrations. Keys use the format uvp_.... Each key is shown only once at creation. Max 10 keys per account.
• Delete — Permanently delete your account and all data (GDPR). Type DELETE to confirm. This cannot be undone.

Account Reset (lost master password)

If you lose your master password, click "Lost your master password?" on the login page. This will:

1. Send a verification code to your email.
2. Show a warning explaining that ALL your data will be permanently destroyed.
3. Ask you to type RESET to confirm.
4. Let you create a new master password and start with an empty vault.

Audit Log

The Audit Log provides a chronological record of important actions on your account. It helps you track who did what and when.

What Gets Logged

• Logins: Successful and failed login attempts, including the device and IP address.
• Vault changes: When entries are created, updated, or deleted.
• Sharing activity: When you share or revoke access to an entry.
• Team actions: Member invitations, role changes, team entry modifications.
• Settings changes: Password changes, TOTP enable/disable, device trust changes.

Reading the Audit Log

Each log entry shows:

• The action that was performed.
• The date and time in UTC, formatted as YYYY/MM/DD HH:MM.
• Additional details about the action.

Integrations & Developer Tools

UnveilPass integrates with your existing tools and workflows. All integrations preserve zero-knowledge encryption — credentials are always encrypted client-side.

Browser Extensions

Available for Chrome, Edge and Firefox. Smart autofill, auto-login, auto-save, password generator, phishing protection and ad blocker. Install from the Chrome Web Store or Firefox Add-ons.

Mobile App (PWA)

Full vault access on iOS and Android via Progressive Web App. Face ID / Touch ID login via WebAuthn passkeys. Access your vault, notes, identities and contacts on the go.

REST API

Full API for vault, notes, contacts, shares, teams and SecureSend. JWT authentication via email/password or API keys. See the API Documentation for all endpoints and examples.

Python SDK

Request credentials via Agent Gateway and send encrypted files via SecureSend from Python scripts.

pip install unveilpass pycryptodome

from unveilpass import UnveilPassAgent
agent = UnveilPassAgent("uvp_agent_your_key")

# Get a credential (blocks until manager approves)
cred = agent.get_credential("entry-uuid")
print(cred["username"], cred["password"])

# Send an encrypted file with PIN protection
result = agent.send_file("contract.pdf", ttl=86400, pin="482916")
print(result["link"])

Node.js SDK

Same capabilities as Python — Agent Gateway + SecureSend for Node.js and CI/CD pipelines.

npm install @unveilpass/sdk

const { UnveilPassAgent } = require('unveilpass');
const agent = new UnveilPassAgent('uvp_agent_your_key');

const cred = await agent.getCredential('entry-uuid');
const result = await agent.sendFile('report.xlsx', { ttl: 86400, pin: '482916' });

API Keys

Generate API keys from the Account modal → API Keys tab. Use them instead of email/password for programmatic access. Each key can be revoked independently.

Agent Gateway

Allow AI agents and CI/CD pipelines to securely request credentials from your vault with human-in-the-loop approval. The manager sees the request in the console and approves or denies. Credentials are delivered encrypted with a TTL and consumed after one use. See API Documentation for details.

Coming Soon

Integration	Description
CLI	Access credentials from the terminal. unveilpass get github.com
Slack Bot	Share credentials securely in Slack channels via SecureSend
VS Code Extension	Access vault credentials from the IDE sidebar
WordPress Plugin	Secure your WordPress admin and FTP credentials
Zapier / Make	Automate encrypted file transfers on events
Docker / Kubernetes	Inject secrets into containers via Agent Gateway

Security Architecture

UnveilPass is built on a zero-knowledge security model. Here is what that means in simple terms and why it matters.

What is Zero-Knowledge?

Zero-knowledge means the UnveilPass server never sees your data in readable form. All encryption and decryption happens in your browser (or extension), on your own device. The server only stores encrypted blobs that are meaningless without your master password.

Think of it like a safety deposit box at a bank: the bank stores your box, but only you have the key to open it. The bank employees cannot see what is inside.

How Your Data is Protected

Step 1: Key Derivation (Argon2id)

When you enter your master password, it is processed by a function called Argon2id. This is a deliberately slow and memory-intensive algorithm designed to make brute-force attacks (trying millions of password guesses) extremely expensive and time-consuming.

Argon2id produces two things from your master password:

• An authentication key that proves your identity to the server (your actual password is never sent).
• A Key Encryption Key (KEK) that unlocks your vault key. This KEK never leaves your browser.

Step 2: Vault Encryption (AES-256-GCM)

Your vault entries, notes, and identities are each encrypted with AES-256-GCM, which is the gold standard in encryption used by governments and financial institutions worldwide. The "256" means the key is 256 bits long, making it practically impossible to break by brute force.

A random Vault Key is generated when you create your account. This key is what actually encrypts your data. The Vault Key itself is encrypted (wrapped) with your KEK, so it can only be unlocked with your master password.

Step 3: Secure Sharing (X25519)

When you share a password with someone, UnveilPass uses a technique called X25519 key exchange. This creates a shared secret between you and the recipient without either of you sending your private keys anywhere. The shared entry is encrypted with this shared secret, so only you and the recipient can read it.

Why This Matters

Summary

Technology	What it does
Argon2id	Turns your master password into encryption keys. Deliberately slow to prevent guessing attacks.
AES-256-GCM	Encrypts all your vault data. Military-grade encryption standard.
X25519 ECDH	Enables secure sharing between users without exposing private keys.
Zero-Knowledge	The server never sees your passwords, notes, or personal data in plain text.