Using the Secrets password manager you can:
Store many passwords in an encrypted database, called a safe, which is protected by a single passphrase of your choice.
Always use different and stronger passwords, because you only have to remember a single passphrase to unlock the entire safe.
Generate very strong random passwords.
Generate one-time verification codes for two-factor authentication.
In Tails 7.6 (March 2026), we replaced the KeePassXC password manager with the Secrets password manager.
You can open your previous KeePassXC database using Secrets, because both Secrets and KeePassXC use the same file format to store passwords.
If you miss more advanced features from KeePassXC, you can install KeePassXC as additional software
Creating and saving a password safe
Follow these steps to create a new password safe and save it in the Persistent Storage for use in future working sessions.
To learn how to create a Persistent Storage, read our documentation on the Persistent Storage.
When starting Tails, unlock the Persistent Storage.
In Tails, choose Apps ▸ Tails ▸ Persistent Storage.
Verify that the Persistent Folder feature is turned on.
To open Secrets, choose Apps ▸ Accessories ▸ Secrets Password Manager.
To create a new safe, select the New Safe button.
Create the safe as Passwords.kdbx in the Persistent folder.
Перейдите к настройкам по умолчанию на экранах конфигурации Общая информация о базе данных и Параметры шифрования.
The safe is encrypted and protected by a passphrase. In the configuration screen Database Credentials:
- Specify a passphrase of your choice in the Password text box.
- Type the same passphrase again in the Confirm Password text box.
- Select Create.
It is impossible to recover your passphrase if you forget it!
To help you remember your passphrase, you can write it on a piece of paper, store it in your wallet for a few days, and destroy it once you know it well.
After creating the safe, select Open Safe and enter the passphrase again to unlock it.
Restoring and unlocking a password safe
Follow these steps to unlock a password safe that is saved in the Persistent Storage from a previous Tails session.
When starting Tails, unlock the Persistent Storage.
In Tails, choose Apps ▸ Accessories ▸ Secrets Password Manager.
If you have a safe named Passwords.kdbx in your Persistent folder, Secrets automatically displays a dialog to unlock it.
Enter the passphrase for this safe and select Unlock.
Если пароль неправильный, появится сообщение об ошибке:
Failed to unlock Safe.
You can also double-click your password safe from the Files browser to open it using the Secrets password manager.
Using Secrets as an authenticator app for two-factor authentication
Many websites offer two-factor authentication as a safer method than using just a password. For example, you can configure an authentication app, like Google Authenticator, to generate a one-time code of 6 digits when signing in to a website.
You can use Secrets to generate such one-time codes in Tails. The technology used to generate these codes is called time-based one-time password (TOTP).
To configure two-factor authentication for an entry in your password safe:
From the website or application for which you are configuring two-factor authentication, identify the secret that you need to generate the one-time codes. This secret is a string of characters that is often provided together with a QR code.
In the Secrets password manager, select the entry of your safe for which you want to configure two-factor authentication.
At the bottom of the right pane, select Show More.
In the new options that appear, enter the secret from the website or application in the One-Time Password Secret text box.
A one-time code appears above the One-Time Password Secret text box.