You've installed Keygrain — here's how to use it.
Keygrain is a deterministic password manager. It doesn't store your passwords — it derives them on the fly from a secret you memorize and the site you're logging into.
Same inputs always produce the same output. No vault. No database. Nothing to breach.
⚠️ The trade-off: Keygrain stores nothing. If you forget your secret, your passwords are gone forever. No recovery. No support ticket. Choose your secret carefully and write it down on paper — store it somewhere safe.
Your secret is the one thing you must remember. This is not a password for any website — it is a master passphrase that generates all your other passwords. It should be long, random, and impossible to guess.
Good: correct horse battery staple piano drift — random words strung together (a "passphrase"). Aim for 6+ words.
Bad: MyDog2024!, your birthday, your pet's name, song lyrics, or anything someone could guess or find on social media.
Length beats complexity. A 6-word passphrase is stronger than a short "complex" password. Write it on paper and store it in a safe place. Never store it digitally.
github.com) and your emailOpen Keygrain and enter your secret to unlock. Search for the site you need. Copy the password or use autofill. No vault to decrypt, no cloud account to sign into.
| Ctrl+Shift+K | Auto-fill credentials on the current site (Cmd+Shift+K on Mac) |
| ↓ / ↑ | Navigate the service list |
| Enter | Fill the selected service |
| Escape | Clear search or close the popup |
Enable encrypted sync to share your site list across devices. Your data is encrypted client-side before leaving your device — the server only sees ciphertext. Set it up in the extension settings.
Keygrain works for any secret, not just website passwords. Use the Site field for any memorable label: wifi-home, android-keystore, vpn-work, nas-admin. Autofill won't trigger for non-domain names, but the password is generated the same way.