Order now


The user interface is optimized for ease of use and speed. The client is platform-independent and runs everywhere.


New passwords can be added by anyone with only a few clicks, shared via secure links, and looked up with a comprehensive search. PAVE is designed for hundreds of users sharing tens of thousands of passwords.

Full Control

PAVE can be run locally, isolated from the internet. At the same time it is secure enough to be deployed in your favourite cloud service.

Access to passwords is controlled by fine-grained ACLs, allowing sharing with individuals, departments, or the whole company.


Fully asymmetric authenticated encryption using state-of-the-art algorithms via libsodium, running inside a sandboxed client with minimal attack surface.

For managers
Save time and make your team stronger

  • Centrally managed database for credentials, licenses …
  • Save up to 15 minutes a day
  • Efficient, simple operation
  • Full control: No dependence on external services – fully self-hosted
  • For hundreds of users
  • No more unsafe password storage on post-it notes

For technicians
Security, performance and much more

  • Secure end to end encryption via libsodium/curve25519
  • OS independent: Clients for macOS, Windows and Linux
  • Centralized administration and deployment via ActiveDirectory possible
  • Automated security updates – optionally from a local update server for full control
  • Fine-grained, group-based ACLs
  • Integrated administration interface and dedicated CLI client
  • Completely isolated: No communication to outside servers needed, no “phoning home”
  • Electron based, sandboxed client
  • Flexible hosting: Host on premise – or in your personal cloud
  • Scalable

That's how it works! This is what happens in the background

Enter a new Password

New passwords are encrypted with the recipient’s private key inside the client, and the (authenticated) encrypted blob synchronised with the server. The recipient’s PAVE will sync passwords periodically when online, and only their private key can open the password.

Synchronize and search for passwords

Clients synchronise all passwords, after encrypting them with the user’s key pair. The server only holds opaque blobs, synchronising them; clients search for passwords in their local database and can decrypt them on demand.


Any questions to the password manager? Send us an email or give an call.

Send us an email