Encrypt-it is an end-to-end encrypted vault and password manager for iPhone and iPad. Your passwords, logins, credit cards, secure notes, photos, and files are encrypted on your device with Apple CryptoKit before they are written to disk, so only you can read them.
Features
- End-to-end encryption. Your data is encrypted on your device with AES-256-GCM (Apple CryptoKit) before it ever syncs to iCloud or to anyone you share with. Apple sees only ciphertext; no server we control sees anything at all.
- Post-quantum encryption for contact sharing. Secrets sent to a verified contact are encrypted with a hybrid of NIST’s ML-KEM-768 and classical ECDH — safe even against future quantum computers.
- iCloud sync. Changes you make on one device appear on your others. Apple sees only encrypted ciphertext.
- Sign in with Apple & biometrics. Unlock with Face ID, Touch ID, or Sign in with Apple instead of retyping your master password.
- Recovery key. Generate a 64-character recovery key to regain access if you forget your master password. If you can still unlock with Sign in with Apple, you can generate a recovery key from there and use it to set a new master password — without losing access to your vault.
- Encrypted file vault. Store sensitive documents — tax returns, passports, IDs, scans, screenshots, photos — alongside your passwords. Files of any practical size are encrypted with a streaming AES-256-GCM cipher, so memory stays bounded no matter how large the file.
- Folders & bulk import/export. Group files into named folders. Import a folder from Files.app or iCloud Drive in one tap — every file inside is encrypted into a new Encrypt-it folder. Export a folder back out to a real directory of decrypted files when you need them.
- Key rotation. Rotate your encryption keys on demand for added peace of mind.
- Backup & restore. Save an encrypted backup file you can restore on any device.
- No tracking, no SDKs. No analytics, no ads, no third-party libraries — only Apple frameworks.
Share a secret, securely
Encrypt-it offers two ways to share a secret. Both keep the secret end-to-end encrypted — no server in between can read it.
Quick share via link
Send any secret to anyone, no setup required. Encrypt-it generates a one-time encryption key, encrypts the secret with it, and produces a link of the form encrypt-it.app/s/…#…. The decryption key lives in the part after the #, which browsers never send to any server — so only the person you send the link to can read it. For an extra layer, attach a passcode you give the recipient out-of-band; without it, the link alone won’t open the share. Links can be set to expire or to self-destruct after the first read.
Direct share with a contact
Once you and the recipient have exchanged identities (a quick QR scan), you can send them a secret as a sealed envelope. The envelope is encrypted using a hybrid post-quantum scheme: NIST’s ML-KEM-768 combined with classical P-256 ECDH. Your shared secret stays protected as long as either scheme remains unbroken — safe today, and safe against future quantum computers. The envelope is also signed with your identity key, so the recipient can confirm it really came from you.