VaultCrypt

romejoe76 downloads

Inline encryption for sensitive fields in notes using KeePass-compatible (.kdbx) storage.

Overview
Scorecard
Updates5

Inline encryption for notes using KeePass-compatible (.kdbx) storage.

Reference secrets in your Markdown notes with tokens like {{vc:profileId/path/to/entry#fieldName}}. They render as interactive "chips" — masked by default, never exposing plaintext in your notes.

Features

Store secrets in KeePass v3/v4 (.kdbx) databases inside your vault
Reference secrets inline with {{vc:...}} tokens that render as masked chips
Copy secret values to clipboard (auto-cleared after a configurable timeout)
Lock/unlock profiles per session with auto-lock timers
Optional master keyring for storing profile passwords
Works on desktop and mobile (isDesktopOnly: false)
Argon2id KDF (KDBX v4) for strong key derivation

Usage

Token Syntax

{{vc:profileId/Group/Entry#FieldName}}

profileId — the profile configured in plugin settings
Group/Entry — path to the KeePass entry
FieldName — field on that entry (e.g. Password, UserName, or a custom field)

Workflow

Create a profile in Settings → VaultCrypt pointing to a .kdbx file (or let the plugin create one).
Unlock the profile with your master password.
Add entries to the database via the plugin's editor commands.
Insert {{vc:...}} tokens into your notes — they render as chips in Live Preview and Reading mode.
Click the chip to copy the value; the clipboard is auto-cleared after the configured timeout.

Installation

Community Plugin (recommended)

Search for VaultCrypt in Settings → Community plugins → Browse.

Manual

Download main.js, manifest.json, and styles.css from the latest release.
Copy the three files to <YourVault>/.obsidian/plugins/vaultcrypt/.
Reload Obsidian and enable VaultCrypt in Settings → Community plugins.

Development

npm install       # Install dependencies
npm run dev       # Watch mode — auto-recompile on change
npm run build     # Type check + production bundle
npm run lint      # ESLint analysis

To test locally, copy main.js, manifest.json, and styles.css to your vault's plugin folder and reload Obsidian (Settings → Community plugins).

Releasing

npm run version   # Bump version in manifest.json / versions.json
npm run release   # npm version minor + git push + push tags

GitHub Actions (.github/workflows/release.yml) packages and attaches the release artifacts automatically on tagged commits. The tag must match the version in manifest.json exactly (no leading v).

Security

Argon2id KDF, 3 iterations, 64 MiB memory (KDBX v4); AES-KDF 600k iterations (KDBX v3)
Passwords wrapped in ProtectedValue (kdbxweb) — never stored as plaintext
Clipboard auto-cleared after configurable timeout
No vault contents in settings or logs
No network calls

Support

If VaultCrypt saves you time, consider sponsoring on GitHub.

77%

HealthExcellent

ReviewCaution

About

Store secrets in KeePass-compatible (.kdbx) databases inside your vault. Reference secrets inline with {{vc:profileId/...#Field}} tokens that render as masked, interactive chips and never expose plaintext. Copy values to clipboard with auto-clear, lock/unlock profiles per session, and use Argon2id key derivation.

Integrations Files Markdown

Details

Current version

0.8.0

Last updated

2 months ago

Created

2 months ago

Updates

5 releases

Downloads

Compatible with

Obsidian 1.11.4+

Platforms

Desktop, Mobile

License

MIT

Sponsor

Author

Features

Store secrets in KeePass v3/v4 (.kdbx) databases inside your vault

Reference secrets inline with {{vc:...}} tokens that render as masked chips

Copy secret values to clipboard (auto-cleared after a configurable timeout)

Lock/unlock profiles per session with auto-lock timers

Optional master keyring for storing profile passwords

Works on desktop and mobile (isDesktopOnly: false)

Argon2id KDF (KDBX v4) for strong key derivation

Usage

Token Syntax

{{vc:profileId/Group/Entry#FieldName}}

profileId — the profile configured in plugin settings

Group/Entry — path to the KeePass entry

FieldName — field on that entry (e.g. Password, UserName, or a custom field)

Workflow

Create a profile in Settings → VaultCrypt pointing to a .kdbx file (or let the plugin create one).

Unlock the profile with your master password.

Add entries to the database via the plugin's editor commands.

Insert {{vc:...}} tokens into your notes — they render as chips in Live Preview and Reading mode.

Click the chip to copy the value; the clipboard is auto-cleared after the configured timeout.

Installation

Community Plugin (recommended)

Search for VaultCrypt in Settings → Community plugins → Browse.

Manual

Download main.js, manifest.json, and styles.css from the latest release.

Copy the three files to <YourVault>/.obsidian/plugins/vaultcrypt/.

Reload Obsidian and enable VaultCrypt in Settings → Community plugins.

Development

npm install # Install dependencies npm run dev # Watch mode — auto-recompile on change npm run build # Type check + production bundle npm run lint # ESLint analysis

To test locally, copy main.js, manifest.json, and styles.css to your vault's plugin folder and reload Obsidian (Settings → Community plugins).

Releasing

npm run version # Bump version in manifest.json / versions.json npm run release # npm version minor + git push + push tags

VaultCrypt

Features

Usage

Token Syntax

Workflow

Installation

Community Plugin (recommended)

Manual

Development

Releasing

Security

Support

VaultCrypt

Features

Usage

Token Syntax

Workflow

Installation

Community Plugin (recommended)

Manual

Development

Releasing

Security

Support

Related plugins

Local REST API & MCP Server

Custom Frames

WebDAV Sync

Google Drive Sync

Notebook Navigator

QuickAdd

Recent Files

Importer

Omnisearch

Claudian