When you save a secret in Testamently, it is encrypted in your browser before it reaches our servers. This isn't a marketing phrase — it's a specific, verifiable technical fact. Here's exactly what that means.
What AES-256-GCM is
AES (Advanced Encryption Standard) is the symmetric encryption algorithm used by the US government to protect classified information, by banks to secure transactions, and by virtually every serious security application in the world. The "256" refers to the key size in bits. AES-256 has never been broken.
GCM (Galois/Counter Mode) is the mode of operation. It provides both confidentiality (an attacker can't read your data) and authenticity (an attacker can't modify your data without you detecting it). This second property — called authenticated encryption — is critical for a vault application.
What happens when you save a secret
The encryption process runs entirely in your browser using the Web Crypto API — a native browser interface to hardware-accelerated cryptography:
- A 12-byte random initialization vector (IV) is generated
- Your vault key — a 256-bit random key unique to your account — is used with the IV to encrypt your secret
- The encrypted ciphertext and IV are sent to the server
- The server stores only the ciphertext — it has no knowledge of your vault key
The vault key
Your vault key is generated once when you create your account. It is stored in your user profile in the database. This means it is protected by Supabase Row Level Security — only your authenticated session can read it. Testamently's own server code never accesses your vault key or your encrypted secrets. The admin panel is deliberately restricted to metadata only: titles, categories, creation dates — never the encrypted payload or IV.
Ultra and Gold secrets: additional protection
For secrets that need an extra layer of protection — crypto seed phrases, master passwords — Testamently offers two enhanced categories:
- Ultra Secret: your secret is encrypted with a key derived from an additional password you choose, using PBKDF2 with 600,000 iterations of SHA-256
- Gold Secret: your secret is encrypted with a key derived using Argon2id — the 2015 Password Hashing Competition winner — with 64 MB memory and 3 iterations, making brute-force attacks computationally infeasible
For these categories, even if your account were fully compromised, an attacker would need your ultra-password to decrypt the secret. The password is never transmitted to or stored by the server.
What the server can never see
Testamently's servers store your encrypted ciphertext and IV. Without your vault key — which only lives in your authenticated session — the ciphertext is meaningless. For ultra and gold secrets, even your vault key is not enough; the additional password-derived key is required. This is what 'zero-knowledge' means in practice.
What this means for you
If Testamently's database were compromised tomorrow — a breach, a rogue employee, a government subpoena — your secrets would remain encrypted and unreadable. The ciphertext exposed by a breach is only useful if the attacker also has your vault key and, for ultra/gold secrets, your additional password. This is the security model you should demand from any service storing your most sensitive data.