Share access, not passwords.
Credals is the encrypted credential vault built for freelancers. Organize every login, API key and 2FA code by client, project and platform, and hand off access without ever exposing a password.
Built-in templates with the right fields for Stripe, AWS, Vercel, GitHub and more
Credentials encrypted before they ever reach the database
Copied secrets auto-clear from the clipboard
The vault follows the work.
Credals is intentionally narrower than a generic password manager. It is designed for the repeated pattern freelancers and agencies live in every day: a client, their projects, the platforms those projects run on.
Share with clients and collaborators
Hand a client or project to another Credals user as viewer or editor. Invite links are single-use and expire in 7 days, and you can see who copied what.
Live 2FA codes
Store a platform's 2FA setup key and Credals shows the rotating 6-digit code right next to the login, computed in your browser.
Password health
One report flags breached, weak, reused and stale passwords across every client, with an overall score. Breach checks never send your passwords anywhere.
Import from your old manager
Bring logins over from Chrome, Bitwarden or 1Password with a CSV export. Each one lands as its own platform, encrypted on arrival.
Copy from anywhere
Press Ctrl+K, type a few letters, and copy any credential without leaving the keyboard or opening a single folder.
Generate strong secrets
A password and passphrase generator on every secret field, built on the browser's cryptographic randomness. No more password123.
One path from client to secret.
- 01
Create the client
Start where the relationship starts. The client is the top-level context for everything that follows.
- 02
Add projects
A rebuild, a retainer, a launch. Each project sits under its client, no naming conventions required.
- 03
Attach platforms and credentials
Pick from 104 platform templates or import a CSV from your old manager. Fields auto-save as you type, already encrypted.
Encrypted before it touches the database.
AES-256-GCM encryption runs before storage, so the database only ever holds ciphertext. The boundary is explicit, not assumed.
Every value is encrypted with a unique IV before anything is written, so the database only ever holds ciphertext.
Ownership is checked on every request, the whole way down the client, project, platform and credential chain.
Copied credentials wipe from the clipboard after 60 seconds, so secrets do not linger after a paste.
Password health flags breached logins without your passwords ever leaving the server.
Common questions
On Supabase (PostgreSQL). All credential values are encrypted AES-256-GCM before reaching the database. You can choose your region during account setup.
An export feature is on the roadmap. You'll be able to download a structured archive of all your encrypted credentials, and the encryption is documented so your data is never trapped.
Yes. Credals is currently free while in active development, and we'll always keep a free tier for individual freelancers.
Account recovery goes through your email via Supabase Auth. Encrypted credentials remain protected; the server-side encryption key is decoupled from your password.
Team sharing is on the roadmap. Today, Credals is optimized for the solo freelancer use case.
Your clients are organized.
Your credentials should be too.
Move client credentials into a vault that matches how your projects are already structured. Credals is free while we gather enough usage and feedback to shape paid plans.