- Version: v1.1.1
- Author: @ankit-chaubey
- License: Apache-2.0
In a world where data privacy is increasingly opaque, Vylt was created from a simple belief:
Your data should never leave your control — not even for encryption.
Vylt is a local-first, offline-only vault encryption system designed for people who:
- do not trust third‑party services with raw data
- want cryptographic guarantees, not marketing promises
- prefer tools that are honest about irreversible security
- complete gallery and folder support with multi-layer encryption.
- all encryption happens directly on your device—zero internet exposure.
- fully secured for protecting your private photos, videos, and personal data.
This project was built originally for personal use and later shared so others can preserve privacy with confidence.
Vylt uses three distinct cryptographic layers, all executed entirely on your device:
-
Custom archive format (
.vylt) -
Secure header with:
- archive ID
- part number & total parts
- metadata length
- SHA‑256 integrity hashes
-
Optional metadata shielding
Powered by ciph (C-based SHA-256/ChaCha20-Poly1305 streaming engine):
- Two internal encryption stages
- Streaming, FD-safe, constant-memory
- No temp plaintext leaks
📌 Important: Each ciph layer itself contains multiple cryptographic rounds. All encryption happens offline — Vylt never connects to the internet.
Projects:
When --seal-meta is enabled:
- File names & folder structure are encrypted separately
- Metadata size becomes variable (stored in header)
- Archive still lists correctly after decrypting metadata
Without shield:
- Metadata remains visible
- Faster listing
- Same data security level
- If you forget the data password → your files are gone forever
- Metadata password cannot recover encrypted data
- No backdoors. No recovery. No master key.
➡️ Write your password down. Store it safely. Verify twice.
- Archive ID & part numbering are required for recovery
- Renaming or altering filenames may break multi‑part discovery
-
Default:
1thread (safe) -
Recommended maximum: 4 threads
-
Using more threads than your system supports may:
- slow encryption
- increase memory pressure
- reduce stability
pip install vyltOr editable (development):
pip install -e .PyPI: https://pypi.org/project/vylt/
vylt encrypt myfoldervylt encrypt myfolder --seal-metavylt list myfolder.*.vyltvylt decrypt myfolder.*.vyltVylt includes full workflow tests:
- single file
- large files
- nested folders
- shielded & unshielded metadata
- SHA‑256 integrity verification
Tests run via GitHub Actions on every push.
Vylt reads config from:
~/.vylt.json
Example:
{
"threads": 2,
"reuse_data_password_for_meta": true,
"max_password_attempts": 5,
"password_from_env": "VYLT_PASSWORD"
}This allows CI / workflow automation without prompts.
Planned future work:
- ☁️ remote cloud sync (encrypted blobs only)
- ⏱️ scheduled backups
- 📱 full‑device encryption mode
- 📚 formal archive specification docs
-
VYLT — design, format, CLI, orchestration Author: Ankit Chaubey (@ankit-chaubey)
-
Powered By CIPH — cryptographic encryption engine
If this project helped you:
- ⭐ Star the repo
- 🍴 Fork it
- 🔗 Share with privacy‑conscious friends
If you modify or redistribute:
- follow the Apache‑2.0 license
- keep credit and repository links
Apache License 2.0
Copyright © 2026 Ankit Chaubey
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at:
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This tool uses strong cryptography.
If you forget your password, your data cannot be recovered.
Use responsibly.
This project exists because privacy matters. Your data. Your keys. Your control. 🔏