for Android · sideload · v1.0

Your passwords
never leave
the phone.

LockIt is a password manager that lives entirely on your phone — no cloud, no account, no sync server, because there isn't one. Unlock it, add what you need to remember, and it locks itself again when you're done.

Direct APK, ~50 MB, not on the Play Store — that's normal for a tool like this. Requires Android 5.0+.

Vault 🔒 ⚙
github.com 👤 🔑
work email 👤 🔑
home wifi 👤 🔑
+

A password manager that stays put

No account to create, nothing to sync. Everything happens on the device that's already in your hand.

01

Set a master password

Once, the first time you open the app. It's never stored anywhere — only used to derive your encryption key, in memory.

02

Add what you need to remember

Logins, wifi passwords, notes — anything. Each entry is encrypted the moment you save it.

03

Copy what you need

Reveal a password, copy it, and it clears itself from your clipboard about 30 seconds later — no need to remember to do it yourself.

04

It locks itself

Background the app, or just leave it a couple of minutes. LockIt locks automatically, every time.

Everything, right where you'd expect it

Every entry, one tap away

Labels and notes in plain view, passwords masked until you ask. Copy either one and it clears itself from your clipboard about 30 seconds later — automatically, without clobbering something else you copied in the meantime.

Vault 🔒 ⚙
github.com 👤 🔑
work email 👤 🔑
home wifi 👤 🔑
+

Two switches. On your terms.

The local server is off until you turn it on, and stops the instant the vault locks. LAN access is a separate, explicit opt-in — with a warning before you ever turn it on.

Settings
Enable local server
Running on port 8080 — USB/ADB access only
Allow LAN access
When off, the server only answers over USB/ADB forwarding.
Create backup
Save a fully encrypted copy of this vault to a file.
Restore from backup
Import entries from a previously saved backup file.

Want a bigger screen? That's optional.

Everything above is all most people ever need — LockIt is a complete password manager on its own. This part's for people who specifically want to glance at their vault from a laptop and are comfortable getting there themselves.

Off by default. On your terms, if at all.

Flip "Enable local server" in Settings and the app serves the vault on 127.0.0.1:8080 — reachable only through a USB connection, not the internet. Getting a port forwarded to it is up to you: run adb forward tcp:8080 tcp:8080 yourself, or use the small connector script included in the project if you'd rather not type that out each time. Neither is required, and most people never touch this section at all.

$ adb forward tcp:8080 tcp:8080
localhost:8080
LabelPasswordNotes
github.com•••••••• Showwork account
work email•••••••• Show
home wifi•••••••• Show2.4GHz

The whole spec, in one place

No trust-us marketing copy — this is the actual mechanism, so you can decide if it's enough.

Key derivation
Argon2id from your master password, with a random salt stored alongside the vault.
Cipher
AES-256-GCM, a fresh random nonce generated on every single write.
On disk
Ciphertext only. Plaintext entries and the master password itself never touch storage, ever.
Network
127.0.0.1 by default. LAN access is a separate, off-by-default toggle with its own warning.
Sessions
Memory-only bearer tokens that expire and are wiped the moment the vault locks.
Telemetry
None. No analytics, no crash reporting, no network calls beyond the local server itself.
Backups
Encrypted export with the same cipher, password-gated restore, and you choose exactly which entries come back.

What this is — and isn't

Do I need to plug in my phone to use this?

No. LockIt is a complete password manager entirely on the phone — the browser/USB option is a separate, off-by-default feature for people who specifically want it and are comfortable setting up their own port forward. Most people never touch it.

Is there a cloud backup?

No. That's the point. If you lose the phone and forget the master password, the vault is gone with it — nobody, including us, can recover it. Use the built-in encrypted backup file if you want a copy somewhere else.

Why isn't this on the Play Store?

It's a direct APK install by design — a small, auditable tool for people who'd rather read the code than trust a store listing. Sideloading needs "install from unknown sources" enabled once.

Does it work on iOS?

Not yet — this version is Android only. iOS and other platforms aren't ruled out, just not built yet.

Should I turn on "Allow LAN access"?

Only if you actually need it. It's off by default, and turning it on trades the physical USB requirement for reachability over your whole Wi-Fi network — still password- and token-gated, but a bigger attack surface. Read the in-app warning before enabling it.

What's the connector script?

An optional convenience for the browser feature above — it watches for your phone over USB and forwards the port automatically. It's not distributed with the app and isn't required; anyone comfortable with adb can just forward the port themselves.

One phone. One vault.
No account, ever.

Everything encrypted, everything local, nothing to sync.

Download the APK