Every wallet is encrypted with its own password. The vault's index (names & dates) is encrypted with a master password. Nothing ever leaves this page.
amulet_vault.html here
·
openssl, Python's hashlib, or argon2-cffi.
fetch, XMLHttpRequest, sendBeacon, WebSocket, EventSource, dynamic <img>/<script>/<link>/<iframe>, service workers) is patched at startup. Same-origin reads and data:/blob: URLs are allowed; everything else is blocked and logged here.
Enter your master password.
Encrypted at rest. Every wallet is sealed with AES-256-GCM under an Argon2id key (m=256MiB, t=2, p=1). The vault index uses an AAD-bound envelope (v2): changing any header field makes decryption fail loudly. Vaults made by older versions still open and upgrade on the next save.
No network, by construction. A Content-Security-Policy stops the page making any network request, and the Network sentinel logs anything that tries. Nothing you type or store leaves this page.
Strong master password. A 77-bit entropy floor is enforced. EFF Diceware and the Amulet Picker 10,000-word pool are both recognised as passphrases. A BIP-39 passphrase is opt-in, behind a warning, so it cannot be set by accident.
Safe hand-off. Watch-only export writes each entry with three verification addresses and an account fingerprint, so a stale or altered file is caught by the Transaction Creator and the Scryer before it can mislead you.
Pick a master password. It encrypts the vault's index (the names and dates of your wallets). Each wallet inside still has its own separate password on top of that.
log₂(wordlist_size) × number_of_words. With 7,776 words, that is log₂(7,776) ≈ 12.92 bits per word.
12.92 × 6 ≈ 77.5 bits12.92 × 8 ≈ 103.4 bits12.92 × 10 ≈ 129 bitsa-z or A-Z)0-9)! @ # $ % ^ & * ( ) [ ] { } + - = _ | \ / ~ < > , . ? : ; ' " €)Pick the folder where your vault is saved. The vault will find the right files inside (vault.meta plus the wallet .enc files) automatically — you don't need to select them by hand.
vault.meta),
then the wallets folder (with the .enc files).
New wallets added in this session save to the wallets folder; vault.meta
updates save to the vault folder. Requires a Chromium-based browser.
.zip hereEverything you add here is stored encrypted in the vault. Pick what you're adding.
Paste your seed phrase and assign a password. The seed is encrypted with that password and stored as a .enc file in the vault.
.enc file in your vault folder. It is unrelated to your seed phrase or any BIP‑39 passphrase. You’ll be asked for it whenever you open this wallet later.No seed phrase, no private key. Paste a xpub / ypub / zpub for a hierarchical deterministic wallet, or a single Bitcoin address. The vault stores it encrypted (the password protects the privacy of which addresses you watch, not the key itself).
Enter this wallet's password to decrypt.
This removes the .enc file from the vault. The encrypted file on disk is overwritten with zeros before deletion, but if you've ever had it backed up elsewhere, those copies remain.
This wipes everything this browser tab currently holds about your vault. It's stronger than Lock (which keeps the encrypted files around for a quick re-unlock) — after Forget, nothing decrypted remains in this tab and, if applicable, the on-disk vault files are erased too.
vault.meta and every .enc in that folder are overwritten with zeros and unlinked..zip backup — the vault has no way to reach it from here. If you want it gone, delete it with your OS file manager.This vault is not saving to a folder, so the wallets you added or changed are held in memory only. They have not been written to disk. If you lock now and then close this tab, those changes are gone and cannot be recovered.
The folder you picked already contains an Amulet vault. Saving here overwrites its index file (vault.meta), which makes that other vault unopenable from this folder. Its encrypted wallet files are left in place but become unused.
For each wallet you want to include, enter its password below. The Vault decrypts it locally, derives the public extended keys (xpub/ypub/zpub) and any timelock addresses, immediately zeroes the seed buffer, and bundles only the public material into a single download. The seed never leaves this tab and never gets written anywhere — not even briefly.
Choose how to save this wallet outside the vault. All options produce files you can store elsewhere; the vault copy is untouched.
Add an existing encrypted wallet file to this vault. Supports both vault .enc files and Amulet v1.3+ encrypted wallet reports.
.enc file here, orThis is an Amulet wallet report (AMLT format). Enter the password you used when encrypting it in Amulet — the report will be decoded, and you'll then set a new password for storing it in this vault.
—
Drop a timelock .txt backup or pick one. Both RC2 (SHA‑256) and legacy RC1 (MD5) formats are accepted. The file stays local — nothing is uploaded.
timelock-backup-*.txt here, or—
.txt is kept verbatim inside the encrypted vault entry, so the original file can always be reproduced byte‑for‑byte later. The private key (WIF) in this backup is sensitive — give this vault item a strong password.
Enter this item's password to decrypt.
Pick an encrypted wallet file to inspect. The decrypted contents are shown in-memory only — no vault is created, no files are written, and nothing leaves this page. Accepts vault-native .enc (JSON wrapper) and Amulet v1.3+ binary .enc (AMLT).
.enc file here, or——
Compare the SHA‑256 of this HTML file against the canonical hash published by the project author. Matching = nobody has modified the file since release. Not matching = stop using this file.
file:// URLs from reading their own source via fetch() — a security measure that also blocks self-verification. When you drop the HTML file onto the panel, the browser reads it via the standard file-picker API and we compute SHA‑256 in-memory. No network, no file write.