Passwork uses a two-level protection model. Not all data is encrypted on the client — some fields are protected only by server-side encryption to enable functionality (search, sorting, display).
Encryption levels overview
| Level | Where it runs | When active | Key | Algorithm |
|---|
| Client-side encryption | In browser | When CSE is enabled | User, vault, record keys | AES-256-CBC |
| Server-side encryption | On server | Always | Server key | AES-256-CFB |
Record data
| Field | Client-side encryption | Server-side encryption | Reason |
|---|
| Record name | — | ✓ | Search, list display |
| Login | — | ✓ | Search, autofill |
| Password | ✓ | ✓ | Critical data |
| URL | — | ✓ | Search, autofill, browser extension |
| Description | — | ✓ | Search |
| Tags | — | ✓ | Filtering, grouping |
| Color | — | ✓ | Display |
Custom fields
| Attribute | Client-side encryption | Server-side encryption | Reason |
|---|
| Field name | ✓ | ✓ | May contain sensitive information |
| Field value | ✓ | ✓ | Critical data |
| Field type | ✓ | ✓ | Field metadata |
TOTP (two-factor authentication)
| Attribute | Client-side encryption | Server-side encryption | Reason |
|---|
| TOTP secret | ✓ | ✓ | Critical 2FA data |
Attachments
| Attribute | Client-side encryption | Server-side encryption | Reason |
|---|
| File name | — | ✓ | Display, search |
| File contents | ✓ | ✓ | Critical data |
| Attachment key | Yes (with record key) | ✓ | Key material |
Record revisions
| Attribute | Client-side encryption | Server-side encryption | Reason |
|---|
| Previous password values | ✓ | ✓ | Historical secrets |
| Previous custom fields | ✓ | ✓ | Historical secrets |
| Change metadata | — | ✓ | Audit, logging |
Vault data
| Attribute | Client-side encryption | Server-side encryption | Reason |
|---|
| Vault name | — | ✓ | Navigation, display |
| Vault description | — | ✓ | Information |
| Vault key | Yes (with user RSA key) | ✓ | Key material |
| Access rights | — | ✓ | Access control |
| Vault settings | — | ✓ | Configuration |
User data
| Attribute | Client-side encryption | Server-side encryption | Reason |
|---|
| Username | — | — | Identification |
| Email | — | — | Identification |
| Public RSA key | — | — | Public by definition |
| Private RSA key | Yes (with master key) | ✓ | Critical data |
| Master key hash | — | ✓ | For password verification |
| PBKDF2 salt | — | ✓ | Cryptographic parameters |
| Local Storage Secret Code | — | ✓ | For "Remember" feature |
External link data
| Attribute | Client-side encryption | Server-side encryption | Reason |
|---|
| Link token | — | — | URL identifier |
| Record data copy | Yes (with link key) | ✓ | Secret data |
| Link key (encrypted) | ✓ | ✓ | Key material |
| Link key hash | — | ✓ | For access verification |
| Link settings | — | ✓ | TTL, one-time use |
Service data
| Data | Client-side encryption | Server-side encryption | Reason |
|---|
| Object IDs | — | — | Identification |
| Timestamps | — | — | Sorting, audit |
| Access/Refresh tokens | — | — | Sessions (in memory/cookies) |
| LDAP passwords (integration) | — | ✓ | Server integration |
| SMTP passwords | — | ✓ | Server integration |
Encryption keys by data type
| Data | Client-side encryption key | Server-side encryption key |
|---|
| Password field | Record key (AES-256-CBC) | Server key (AES-256-CFB) |
| Custom fields | Record key | Server key |
| TOTP secret | Record key | Server key |
| File contents | Attachment key (AES-256-CBC) | Server key |
| Attachment key | Record key | Server key |
| Record key | Vault key (AES-256-CBC) | Server key |
| Vault key | User RSA key (RSA-OAEP) | Server key |
| Private RSA key | Master key (AES-256-CBC) | Server key |
Why is not everything encrypted on the client?
Functional reasons
- Search — to search by name, login, URL, description, and tags, the server must be able to index these fields
- Sorting — sorting records by name requires access to this field
- Filtering — tag filtering works on the server side
- Autofill — browser extension matches URLs without decryption
- List display — showing record names without decrypting the entire record
Although some fields are not encrypted on the client, they are protected by:
- Server-side encryption (AES-256-CFB) before database write
- TLS/HTTPS during transmission between client and server
- Access control at the application level
Threat model
| Threat | Protection |
|---|
| Database leak | Server-side encryption protects all data |
| Server compromise | Client-side encryption protects critical data |
| Traffic interception | TLS protects data in transit |
| Administrator access | Zero-Knowledge for passwords and secrets |
Security recommendations
With CSE enabled
With client-side encryption, critical data (passwords, secrets, files) is protected by the Zero-Knowledge principle. The server cannot decrypt them.
What remains visible to the server:
- Vault and folder structure
- Record names
- Logins and URLs
- Tags and descriptions
- Number and names of attachments
If you need to hide metadata:
- Use generic/non-informative record names
- Avoid sensitive information in descriptions
- Don't specify exact URLs for critical systems
