1 Create Account
No password. Your phone is the key.
License Key
Scan with Google Authenticator
or enter the secret manually below
TOTP Secret — save this NOW, shown ONCE
no 0 (zero) or O (oh) — they're excluded to avoid confusion
Backup Codes
2 Verify Authenticator
Open your authenticator app and enter the code to confirm pairing.
3 Login
Enter username + authenticator code. Auto-submits on last character. One code, one login.
30s
Session Token
Key Derivation Seed
Plan
4 Download & Activate Vault
One file. No compilation. No kernel modules. No Secure Boot signing.
Install (2 commands)
# Download
curl -sL http://localhost:8000/download/vault -o vault && chmod +x vault
# Activate (paste your license key from Step 1)
./vault activate --license YOUR-LICENSE-KEYThat's it. The Vault will:
[1/5] Detect TEE hardware (SEV-SNP / TDX)
[2/5] Run attestation via /dev/sev-guest
[3/5] Validate license with server
[4/5] Activate Memstate obfuscation
[5/5] Start heartbeat loopCloud instances with TEE support:
AWS
m6a / c6a + SEV-SNP opt-in
Azure
DCasv5 (SNP) / DCesv5 (TDX)
GCP
n2d Confidential VM
Local
builds without TEE (warns)