OneMoreSecret is a decentralized secrets manager that leverages your smartphone's hardware keystore and biometric authentication to protect your passwords. Instead of relying on a cloud database, your sensitive data (e.g. passwords, TOTP tokens, files, and Bitcoin private keys) are encrypted into QR codes or text payloads that can be safely embedded anywhere — even on a public wiki or plain text file.
When you need to use a secret, you simply scan the code or tap the link with your phone, authenticate with your fingerprint to decrypt it locally, and the app acts as a virtual Bluetooth keyboard to instantly "auto-type" the password into your computer. This creates a seamless, air-gapped bridge that keeps your private keys entirely offline, protecting your credentials from keyloggers and cloud breaches while making cross-device authentication completely effortless.
This software is provided without any warranty. Use it at your own risk. We'll do our best to keep the message formats unchanged and guarantee the backward compatibility.
Download the latest release from GitHub or
Try our "Hello, World!" Tutorial.
👉 For every screen of the app there is a help page! See the context menu in the upper right corner.
For feature requests and bug report, please open a GitHub Issue.
You can also send me an e-mail from the app Feedback menu or use our Discord channel.
See the project's Wiki for more details.
Google Play and the Google Play logo are trademarks of Google LLC.
Images:
Many thanks to the folks whose projects helped me to find my way through HID, encryption and other challenges: