Built by Flowdesk — ex‑FlowCrypt (iOS + Chrome Ext.). Privacy apps, E2EE systems, native & mobile.See workcontact@flowdesk.tech
Flowvault

ProtectedText alternative

A modern ProtectedText replacement with decoy passwords.

If you like ProtectedText's no-account URL-plus-password model but want open source code, stronger authenticated encryption, portable backups, and hidden-volume plausible deniability, Flowvault is built for that exact migration.

Create a vault Try the demo
Same simple mental model: pick a URL, set a password, write.
Multiple passwords can unlock different notebooks at the same URL.
Open source frontend, Cloud Functions, and Firestore rules.

30-second proof

Feel plausible deniability before you trust the claim.

Open the same demo vault twice: first with CorrectPassword, then lock and unlock with DecoyPassword. Same URL, same ciphertext on the server, two completely different notebooks.

Open the demo Read the hidden-volume deep dive

What changes when you move from ProtectedText

ProtectedText is useful because it is frictionless. Flowvault keeps that part: no account, no email, no phone number, and no workspace setup. The difference is the format underneath. Flowvault uses client-side Argon2id key derivation (64 MiB, 3 iterations), AES-256-GCM authenticated encryption, fixed-size hidden-volume slots, and an encrypted .fvault backup format.

The practical upgrade is deniability. One URL can hold multiple notebooks behind different passwords. A decoy password opens a believable cover notebook; your real notebook remains indistinguishable from random bytes.

What Flowvault does not try to replace

Flowvault is not a year-long journal or a full PKM system. Each notebook slot is about 8 KiB, roughly 1,500 words. That limit is intentional: it keeps the hidden-volume blob bounded and predictable. For dense private notes, credentials, recovery phrases, and short operational runbooks, it is a good fit.

Migration path

Copy only the secrets that belong in a short encrypted scratchpad: recovery codes, API keys, wallet seed fragments, travel notes, or contact details you would want behind a decoy. Put long-form material in a dedicated notes app, then use Flowvault as the small, deniable layer beside it.

Deeper comparison

The full technical comparison is in Flowvault vs ProtectedText, including crypto details and places where ProtectedText is still simpler.

ProtectedText migration checklist

  1. 1Pick a new Flowvault URL slug that does not reveal the subject.
  2. 2Create your real password and paste only short, high-value notes.
  3. 3Create a decoy password with boring, believable content.
  4. 4Export an encrypted .fvault backup after the first save.
  5. 5Optional: create a local .flowvault file if you want no hosted ciphertext at all.

Trust signals worth checking

Flowvault is MIT-licensed and open end-to-end: frontend, Cloud Functions, Firestore rules, and crypto code are public. The server stores opaque ciphertext; your password and plaintext stay in the browser.

Read the security pageView source See honest limitations