Store credentials encrypted with AES-256, share vaults with teammates, access from any browser via the web UI. Bitwarden without the hosted option — fully on your hardware.
Every operation in Cipher is available through a JSON REST API. No SDK required — use curl, fetch, or any HTTP client.
GET /api/secrets — list all secrets with optional search and filter query parametersPOST /api/secrets — create a new secret recordGET /api/secrets/{id} — retrieve a single secret by IDPUT /api/secrets/{id} — update an existing secretDELETE /api/secrets/{id} — remove a secretGET /api/stats — aggregated statistics with status breakdownGET /api/health — health check endpoint for monitoringCloud password managers hold your credentials on someone else's server. Cipher encrypts everything at rest on your own machine. No sync servers, no browser extensions phoning home, no hoping the vendor's breach notification comes before the damage.
Run Cipher on any server where you can execute a binary. The dashboard is immediately available at localhost, and the REST API integrates with your existing scripts and workflows. No external dependencies to configure, no managed service to subscribe to.
The dashboard opens at /ui and gives you a search bar, status filters, and a create form. Double-click any secret to edit it inline. Behind the dashboard, every operation maps to a REST endpoint under /api/secrets. Responses are JSON. Authentication is handled at the network level — put Cipher behind your VPN or reverse proxy, and it serves requests to whoever can reach it.
GET /api/secrets — List all secrets. Supports ?q=keyword for search and ?status=value for filteringPOST /api/secrets — Create a new secret. Send JSON with at least nameGET /api/secrets/{id} — Fetch one secret by IDPUT /api/secrets/{id} — Update fields on an existing secretDELETE /api/secrets/{id} — Remove a secretGET /api/stats — Returns total count and breakdown by statusGET /api/health — Returns {"status":"ok"} for uptime monitoringSelf-hosted password manager. Self-hosted on your infrastructure. Your data never leaves your server.
curl -fsSL https://stockyard.dev/install.sh | sh -s -- --tool cipher
PORT=8870 ./cipher
http://localhost:8870
Single binary. Embedded SQLite. No Docker. No database. No dependencies.
Your license key arrives by email within 5 minutes of checkout. Set it as an environment variable and restart the binary.
export CIPHER_LICENSE_KEY=stockyard_xxxxxxxxxxxxxxxxxxxx ./cipher
No cloud connectivity required. The binary validates the key offline with Ed25519 signatures.