Decentralized password manager that stores encrypted secrets on the Solana blockchain. Single master password, no accounts, no servers - your vault lives on-chain and is accessible from any machine.
flowchart LR
PWD[Master password] --> KEYS[Deterministic<br/>key derivation]
KEYS --> DEPLOY[Deployer keypair]
KEYS --> PROG[Program keypair]
KEYS --> ENC[Encryption key]
DEPLOY --> SOL[Solana blockchain]
PROG --> SOL
ENC --> LOCAL[Local SQLite cache]
ENC --> SOL
SOL <-->|sync| LOCAL
One password derives everything: your Solana keypair, program ID, and encryption key. Entries are encrypted locally with AES-256-CBC, stored on-chain as opaque blobs, and cached in SQLite for offline access.
- Single binary - Solana program embedded, no external dependencies at runtime
- Deterministic keys - same password = same vault on any machine
- End-to-end encrypted - data is encrypted before leaving your machine
- Local-first - works offline, syncs when connected
- Terminal UI - keyboard-driven interface built with Bubbletea
- TOTP support - 2FA code generation with live countdown timer
- Password generator - configurable length, uppercase, digits, special characters
- Clipboard integration - copy passwords and TOTP codes with one key
- Optimistic locking - safe multi-client access with conflict detection
- Slot reuse - deleted entries free up on-chain space
| Type | Fields | Description |
|---|---|---|
| Password | site, username, password, TOTP secret, notes | Website and app credentials with optional 2FA |
| Note | content | Free-form encrypted text for any sensitive information |
| Card | cardholder, number, expiry, CVV, notes | Payment card details |
Password entries with a TOTP secret automatically generate live 2FA codes with a countdown timer.
- Go 1.24+
- Solana CLI (for deploying)
make build
./solock- Enter a master password
- Copy the deployer address (
pkey) and fund it with ~3 SOL - Deploy the program (
dkey) - Initialize the vault (
ikey) - Add your first entry (
akey)
For devnet testing, get free SOL from faucet.solana.com.
The compiled program is already embedded in the Go binary. To recompile:
make program-build # requires Docker
make build # rebuild Go binary with new .soSee docs/building.md for details.
- Architecture - system design, data flow, on-chain storage model
- Key Derivation - how master password becomes Solana keys
- Building - build instructions, Makefile targets
- Usage - screens, keybindings, entry types
- Solana Program - on-chain instructions, accounts, conflict detection
- Go Application - code structure, dependencies
| Component | Technology |
|---|---|
| TUI | Go + Bubbletea / Lipgloss |
| Blockchain | Solana + Anchor (Rust) |
| Encryption | AES-256-CBC |
| Key derivation | SHA256 + BIP39 + SLIP-0010 |
| Local storage | SQLite (encrypted) |
| TOTP | RFC 6238 |
| Dev environment | Nix |
- No registration - no email, no phone, no cloud accounts
- No servers - SoLock talks directly to Solana RPC
- No key files - keys are derived from password on every launch, never stored
- Memory safety - keys zeroed on exit
- Encrypted at rest - local SQLite values encrypted with AES-256-CBC
- Encrypted on-chain - Solana stores opaque encrypted blobs, not plaintext
- Your program - each user deploys their own Solana program instance
- Solana program (Anchor/Rust) with vault and entry management
- Deterministic key derivation (SHA256 + BIP39 + SLIP-0010)
- AES-256-CBC encryption for local and on-chain data
- Terminal UI with Bubbletea
- Password, note and card entry types
- TOTP 2FA code generation
- Bidirectional sync with Solana
- Embedded program binary with runtime patching
- Built-in password generator
- Browser extension (Chrome / Firefox) with autofill
- Desktop app for macOS
- Desktop app for Linux
- SSH key storage
- Secure file attachments
- Shared vaults (multi-user access via on-chain permissions)
MIT