DeniKey logo DeniKey
  • English
  • Türkçe
  • Русский

DeniKey

Your passwords are safe.

DeniKey was built to help you manage your passwords more securely and organized, all in one place. It combines powerful protection with a clean, focused experience.

Windows Linux Android What is it?

What is it?

A password manager that looks simple but takes security seriously.

DeniKey is a desktop-focused application designed to keep all your passwords in one place. The goal isn't just to store passwords — it's to do it more securely, more organized, and more comfortably. Your data is protected, and the interface won't get in your way.

Highlights

Essential but powerful.

01

Encryption first

DeniKey puts data protection at its core. Your passwords are handled securely within the application's foundational structure.

02

Better organization

Login credentials, cards, notes and similar data are gathered in one place. Finding what you need becomes effortless.

03

Device-centered trust

New logins and device usage are tracked more carefully. This builds an extra layer of confidence over your account.

04

Simple user experience

Security can be strong without being complex. DeniKey aims to make protection feel as straightforward as possible.

Security Architecture

The protection logic runs at the heart of the application.

01

Client-side encryption

Vault data is encrypted on the device. The server only works with encrypted content — it never sees your data in plain text.

02

Argon2id and AES-256-GCM

The key derivation and encryption layer is built on modern algorithms, providing both durability and integrity verification.

03

New nonce per operation

A unique IV/nonce is generated for every piece of data during encryption, ensuring repeating patterns are never exposed.

04

Zero-knowledge approach

Your master password is never sent to the server. Critical encryption logic stays on your device, and the protection boundary begins there.

Technical Stack

Modern, layered, and auditable.

Application layer

  • Flutter desktop client
  • Riverpod-based state management
  • GoRouter for navigation flow
  • Secure local storage and offline cache support

Service layer

  • FastAPI-based backend architecture
  • JWT authentication and refresh token flow
  • Device verification and rate limiting
  • Audit log, support requests, and password history

Data layer

  • SQLAlchemy async data access
  • Alembic migration flow
  • PostgreSQL-compatible persistent data model
  • Encrypted vault data with separated metadata structure

Why Trust It?

Built on implemented security layers, not flashy promises.

Trust in DeniKey is established through client-side encryption, device-based verification, a modern authentication flow, transaction logs, biometric lock, and controlled data access. The goal isn't just to store passwords — it's to do so on a technically consistent, well-structured architecture.