Zero-TOTP

Zero-TOTP is a self-hostable TOTP client and encrypted vault that uses zero-knowledge encryption to protect TOTP secrets. It provides a web application (primary), a minimal rescue frontend, and companion iOS and CLI clients, with options to replicate encrypted vaults across multiple storage locations.

Key Features

• Zero-knowledge encryption: vaults are encrypted client-side so only the passphrase can decrypt secrets
• Multi-platform access: main web app, minimal rescue frontend, iOS app and CLI (projects at different maturity levels)
• Multiple storage replication: support for storing encrypted vaults in several locations to ensure availability
• Self-hostable deployment: provided as containerized components for on-prem or private hosting
• Focused TOTP management: create, store and retrieve time-based one-time passwords securely

Use Cases

• Centralize and protect TOTP secrets for personal or small-team use while retaining key control
• Emergency access via the rescue frontend when primary hosting is unavailable
• Self-hosted alternative to commercial authenticator services requiring vault replication and recovery

Limitations and Considerations

• Mobile and CLI clients are not the primary focus and are not actively developed to the same maturity as the web app
• Loss of the passphrase results in permanent loss of access to encrypted vaults; users must manage passphrases and backups carefully

Zero-TOTP is suited for users who need a privacy-focused, self-hostable TOTP solution with client-side encryption and multiple replication options. It emphasizes control and recoverability over hosted convenience.