Kagi (鍵) — meaning key
Fast, minimal, and secure local password manager
 |
 |
 |
 |
Kagi is a local-first password manager built for users who prioritize privacy, performance, and control.
All credentials remain exclusively on your device, encrypted using AES-256-GCM.
There is no cloud synchronization, telemetry, or third-party dependency. Your data never leaves your machine unless you explicitly export it.
- Local-only encrypted vault (AES-256-GCM)
- Master password–based unlock and auto-lock
- Entry types:
- Login
- Credit Card
- Secure Notes
- Identity
- Credit card fields: number, expiration (MM/YY), CVV, notes
- Lightweight notes with title and content
- CSV import and export
- Secure vault purge and full reset actions
- Modern acrylic UI with Material components
- Optimized for fast desktop performance
- Windows: ✅ Supported
- Linux: ✅ Supported (X11 / Wayland)
- macOS: ✅ Supported
Kagi is designed with the following assumptions:
- Network traffic is untrusted
- External services should not be trusted with secrets
- Local attackers without elevated privileges are possible
Kagi does not protect against:
- Fully compromised operating systems (kernel-level access)
- Physical access to an unlocked device
- Keyloggers or memory inspection by privileged malware
- Encryption: AES-256-GCM
- Key Derivation: Password-based key derivation
- Authentication: Authenticated encryption with integrity verification
- Storage: Encrypted local vault on disk
All cryptographic operations are performed locally.
No secrets are transmitted, synchronized, or processed remotely.
- Vault data is unreadable without the master password
- Data tampering is detected via authentication tags
- Exported data remains encrypted unless explicitly exported as plaintext
| Feature / Aspect | Kagi (Local-First) | Cloud-Based Managers |
|---|---|---|
| Data stored locally | ✅ Yes | ❌ No |
| Cloud synchronization | ❌ No | ✅ Yes |
| Offline access | ✅ Full | |
| Third-party trust required | ❌ None | ✅ Required |
| Attack surface | Minimal | Broad |
| Account lockout risk | ❌ None | ✅ Possible |
| Cross-device sync | ❌ Manual export | ✅ Automatic |
| Privacy-focused use | ✅ Ideal |
Stable releases are available at:
https://github.com/koiverse/Kagi/releases/latest
Beta / debug builds:
https://nightly.link/koiverse/Kagi/workflows/debug-builds/main?preview
- Personal credential management
- Offline-first environments
- Temporary or test systems
- Users who prefer no cloud dependency
- Website: https://koiiverse.cloud
- Email: [email protected]
- GitHub: https://github.com/Koiverse/kagi
Copyright (c) 2026 Koiverse
All rights reserved.
This source code is proprietary and may not be copied, modified,
or distributed without explicit written permission from the author.