V4ult
100% local secret manager — designed to learn mobile development (Flutter) and master on-device encryption.
Context & Motivation
At the end of 2024, I was juggling connections (personal PC, Capgemini work PC, Orange client PC, Linux, phone). Browser-integrated managers and cloud solutions didn't meet my requirements: I wanted total control, with no server exposure. I therefore designed a 100% local solution where each "Vaults" stays encrypted until opened.
The project evolved in cycles: a Python command-line script, a GUI attempt with Kivy (blocked by APK generation and crypto dependencies), then a Flutter version that truly took the experience to the next level.
Main Features
User Journey
From opening the app to securing your secrets, V4ult offers a smooth and consistent experience:
- Home screen: browse your Vaults, import/export (encrypted JSON, Vault names in clear text).
- Opening a Vault: enter the password (biometrics may be added in the future).
- Secrets view: display key–value pairs (e.g., email, username, password).
This streamlined flow keeps the focus on what matters most: quick access to your data without distractions or unnecessary steps.
Management
Managing Vaults and Secrets in V4ult is designed to be straightforward, fast, and secure:
- Add, edit, or delete Vaults and individual secrets with ease.
- Copy values instantly (passwords remain masked on screen).
- Local-only: no cloud, no remote synchronization.
- No master password recovery — by design, for maximum security.
Security & Encryption
V4ult relies on AES encryption implemented via encrypt.dart. Each Vault has its own password, which is transformed into a dedicated key. The full content of each Vault is first serialized into JSON, then encrypted in its entirety — leaving no partial data in clear text.
To strengthen security, the master password is salted before key derivation. An IV in hexadecimal format is used for encryption and decryption, and keys are normalized (padded) within the app to ensure a consistent length. Finally, any decrypted data only remains in memory during an active session, and is cleared immediately once the Vault is closed.
Biometrics may be introduced in the future, but only if they provide genuine security — for example, by deriving an encryption key from a fingerprint rather than relying solely on the device's default system validation.. The integrity of the secrets always takes absolute priority over convenience.
Development & Learnings
V4ult's development unfolded in three main cycles, each reflecting a deliberate choice to test, learn, and adapt the technology stack in pursuit of the right balance between security, usability, and maintainability.
Cycle 1 - Python CLI
Functional prototype in ~2 weeks.
Used for a while to validate the model (Vaults, key-value secrets).
Cycle 2 - Kivy
~1 to 1.5 months.
Explored options (Electron, etc.). APK/crypto dependency issues → unacceptable security compromises for project's goal.
Cycle 3 - Flutter
~1 month for a stable version.
Modular architecture (services, classes, crypto, Vault management). 100% solo work, targeted AI assistance on snippets thanks to modularity.
These iterations highlight a consistent ability - developed through my work as a Data Engineer - to reassess technical decisions, adopt better tools when they clearly add value, and refine a product until it achieves both reliability and a strong user experience. It’s a mindset that extends beyond software development, proving valuable in any discipline where adaptability and continuous improvement are key.
Flutter was ultimately the right fit for V4ult thanks to its cross-platform nature, allowing the same codebase to run seamlessly on Android, iOS, desktop, and even the web. Backed by Google, Flutter benefits from strong long-term support and an active community (the community aspect was what I missed with Kivy).
Perspectives & Reuse
V4ult has been built as a reusable skeleton, where screens, services, and core logic are cleanly separated and ready to be adapted. This modular approach means that creating a new application — whether for personal use or professional proof-of-concepts — requires minimal rework.
For example, my “2%” stock monitoring project could be delivered as a solid V1 in about ten days by reusing V4ult's architecture. The same foundation could just as easily power a secure notes app, a local document locker, or any product that benefits from strong encryption and an offline-first philosophy.
While a public release is not a priority at this stage, I see V4ult as a long-term, maintainable codebase. It will remain viable as long as Flutter is supported, and its architecture can evolve alongside new frameworks or security best practices. In the short term, a private release to a close circle of users is more likely — a way to gather feedback while keeping control over distribution.
My guiding principle is to keep the experience intuitive and focused, expanding features only when they bring genuine value without adding unnecessary complexity.