KodeBolt: Secure & Shareable Password Vault
KodeBolt is a modern, enterprise-ready password management system that allows individuals and teams to securely store, categorize, share, and export passwords — all encrypted with client-side OpenPGP and compatible with KeePass (.kdbx) format.
It is designed for organizations that demand full control and secure sharing password storage with end-to-end encryption.
Why Use KodeBolt?
- End-to-End Encryption using OpenPGP (GPG)
- Team Sharing Support with fine-grained control
- Category-Based Vaults with tree-structured navigation
- KeePass Compatible Export (
.kdbx) - Client-Side Decryption for maximum security
Core Features
| Feature | Description |
|---|---|
| 🔐 PGP Encryption | All password content is encrypted using OpenPGP in the browser before sending to backend |
| 📤 KeePass Export | Export your vault into a .kdbx file, compatible with popular tools |
| 👥 Secure Sharing | Share passwords with named users, revoke access anytime |
| 📚 Category Tree | Organize passwords in nested folders |
| 👁 Visibility Control | Toggle visibility per password |
| 📜 Audit & Ownership | View shared by/to metadata |
| 🧾 Notes & Metadata | Store username, URL, notes, and category |
How KodeBolt Works (Security Model)
1. Key Generation
- When a user logs in for the first time, KodeBolt automatically generates an OpenPGP key pair
- The private key is stored in sessionStorage, not persisted on backend
- The public key is sent to the server, allowing others to encrypt shared passwords for this user
2. Password Encryption
Before any password is sent to the server:
- Encryption happens locally in the browser using
openpgp.js - Resulting armored data is uploaded securely to the backend
- Even if the backend is compromised, the password content remains unreadable
3. Password Decryption
When passwords are retrieved:
- Encrypted password strings are decrypted client-side using the private key stored in browser memory
- The decrypted password is never sent over the network again
Password Sharing
KodeBolt allows you to securely share passwords with other users on your tenant:
- Shared passwords are encrypted with the recipient's public key
- Shared entries include metadata such as:
- Who shared the password
- When it was shared
- Who it's visible to
You can revoke access or unshare with a single click.
Category & Folder Management
- Create top-level or nested categories
- Each password is associated with a category
- Shared categories are logically rendered at the top:
- Shared with Me
- Shared by Me
Export to KeePass
KodeBolt supports exporting your entire vault into a .kdbx file:
- Compatible with KeePass, KeeWeb, and other password managers
- Export flow provides a temporary password via
X-Shiftlabs-Exportheader - Encrypted file is downloaded via Blob + Link injection (browser-native)
Comparison with Other Tools
| Feature | KodeBolt | Bitwarden | 1Password | KeePass |
|---|---|---|---|---|
| OpenPGP Encryption | ✅ Client-side | ❌ | ❌ | ❌ |
| Tree-based Folders | ✅ | ✅ | ✅ | ✅ |
| KeePass Export | ✅ Native .kdbx | ❌ | ❌ | ✅ |
| Per-User Sharing | ✅ With revoke | ✅ | ✅ | ⚠️ Manual |
| Key Never Leaves Device | ✅ | ❌ | ❌ | ⚠️ Depends |
Security Philosophy
KodeBolt strictly follows Zero Knowledge Architecture:
- Backend never stores or accesses raw passwords
- Keys are managed per user, per session
- All encryption and decryption logic is handled in browser
This guarantees that only you can see your secrets.
Need Help?
KodeBolt is part of the ShiftLabs product suite. For enterprise deployments, integration support, or advanced audit logging, contact us.