TOTPVault — Secure TOTP Manager
Server-side secret protection

TOTP codes without exposing secrets

TOTPVault generates your one-time passwords on the server — your secret keys never reach the browser. Supports SHA1, SHA256, & SHA512. Share OTP codes with teammates without exposing secrets.

Start for free See how it works
Features
Everything you need for secure 2FA

Manage all your TOTP tokens in one place, with enterprise-grade security built from the ground up.

🔐
Server-side generation
OTP codes are generated on the server. Secret keys are AES-256-GCM encrypted at rest and never transmitted to the client.
⚙️
All TOTP standards
Full support for SHA1, SHA256, and SHA512. Configure 6, 8, or 10-digit codes. Custom periods supported.
👥
Secure sharing
Share OTP profiles with colleagues via email. They receive codes — never the secrets. Works with Google, Microsoft, and GitHub, or just an email address using magic links.
🌐
Social login
Sign in with Google, Microsoft, or GitHub. Multiple providers link automatically when using the same email.
Live countdown
Real-time timer shows exactly when codes refresh. Auto-refresh before expiry. Copy codes with one click.
🎨
Organised & labelled
Color-code your profiles, add issuers, choose icons. Keep dozens of tokens organised at a glance.
Get started
Sign in to TOTPVault

Enter your email to receive a sign-in link, or continue with an existing account.

— or continue with —

Continue with Google Continue with Microsoft Continue with GitHub