With most password managers you must use their cloud from day one. Geslar works locally — your passwords live on your device, no mandatory registration and no data sent to anyone. If you ever want sync, it will be your choice.
02
Encryption with integrity verification
Geslar uses AES-256-GCM — encryption with built-in integrity verification. If someone changes even one bit of your data, Geslar detects it and rejects the corrupted entry.
03
Free — no hidden costs
TOTP keys, Škrinjar health check and secure password sharing — all free. Geslar doesn't put security features behind a paywall.
All features — all free
Everything you need from a password manager. No subscription, no limits, no hidden costs.
Unlimited passwords
Passwords, credentials, URLs and notes — as many as you need. No limits.
Credit cards
Save cards and auto-fill payment details on checkout pages — securely and quickly.
TOTP 2FA keys
Built-in authenticator with QR code scanning and live countdown. A complete replacement for Google Authenticator.
Smart auto-fill
Detects login and payment forms, multi-step login (Google, Microsoft) and modern SPA applications.
Auto-save
When you enter a new password or card, Škrinjar offers to save it. No manual entry.
Secure Send
Send a password or message via encrypted link — with expiry, PIN protection and view limit.
Croatian phrase generator
The only one in the world — phrases from 5,700+ Croatian words, 8 dialects and metaphors. Easy to remember, cryptographically strong.
Import from 12 sources
Migrate from Bitwarden, Chrome, Firefox, LastPass, 1Password, KeePass and more — in 30 seconds.
Full password history
All versions of every password are saved with no limit. Changed a password and forgot the old one? It's there.
Folders and favorites
Organize entries into folders across your personal, family, and business vaults. Mark the most important as favorites for one-click access.
Export and backup
Export to encrypted Geslar format, Bitwarden JSON or CSV. Your data, your control, always.
Dark and light theme
Follows system theme automatically or choose manually. Keyboard shortcuts, WCAG AA accessibility.
Sync (Premium)
Access your vault on all devices — E2E encrypted, optional. The server never sees the contents.
Family and business vault
Share selected entries with your family or business team — per-member permissions, E2E encryption per vault.
Tags
Tag entries and find them fast by searching by tag.
Recovery key
Recover access without losing data — a backup key only you hold.
Škrinjar on the web
Access your vault in the browser at my.geslar.app — no extension, same encryption.
In-app purchase
Upgrade to Premium or Family directly from the app.
Password health badges
Every entry shows whether its password is breached, weak, reused, or old. One tap opens a guided step-by-step change.
Multiple URLs per entry
Add multiple URLs with match-type rules (domain, host, exact, never). Autofill always picks the most precise match.
Bulk actions
Select multiple entries and delete, move, copy, or favourite them all in one step.
Business vaults and context
Switch between personal, family, and business context. Each vault has its own permissions and encryption.
How it works
1
Install the extension
Add Geslar to your browser with one click — no registration, no email.
2
Set a master key
Set your master password once. It stays only in RAM — never on disk.
3
Save and auto-fill
Geslar remembers passwords and auto-fills them — with one click or a shortcut.
Ready to start?
Install Škrinjar in 30 seconds and start saving passwords locally, with zero-knowledge encryption.
Encryption with integrity verification — an attacker cannot invisibly modify data
600.000×
Key derivation iterations — even the fastest computer needs years to guess
Local
Your data goes nowhere without your explicit consent
Your master password is never stored anywhere. Geslar uses a zero-knowledge architecture: even when we add sync one day, the server will never be able to read your data. Only you have the key.
Every Škrinjar is unique
Every operation uses its own random salt. Even with an identical password, two Škrinjars generate completely different keys. Cracking one doesn't help with the other.
Key only in working memory
The session key lives exclusively in browser RAM — never written to disk. When you close the browser or the timeout expires, the key disappears forever.
Invisible to websites
Auto-fill uses a closed Shadow DOM with randomized element names. A malicious page cannot detect Geslar, read your data or manipulate the fill.
Auto-lock
Škrinjar locks after inactivity. When locked, the key is cleared from memory — even if someone accesses your computer, without the master password they can't do anything.
Breach check — private
Check if your password is in known data breaches. Geslar sends only 5 hash characters (k-Anonymity) — your password literally never leaves the device.
Geslar for teams and organisations
The same security features individual users love — available for an entire team or company. Separate vaults, access control, and activity audit without sacrificing simplicity.
Business and family vaults
Separate spaces for your company, team, and family — each with its own access rules and E2E encryption.
Access control and audit
Read and write permissions per user. Every action is logged in the audit trail — who, what, and when.
Helps meet GDPR, NIS2 and ISO 27001
Zero-knowledge architecture and local-first data as the compliance foundation — no hidden transfer layers.