Skip to content
๐Ÿ”’

Verdant Vault

Forgeline Systems

4.02 ยท 260K installsYour file, your keys

Verdant Vault stores passwords and passkeys in a local encrypted file you own outright, with optional sync to storage you already control.

Installs
260K+
Version
3.1.2
Size
14.6 MB
Updated
May 28, 2026
Download APK (14.6 MB)Get from Google Play
Signing certificate on record

Preview

Written descriptions of each screen โ€” we do not host screenshot images for this listing.

๐Ÿ”’
Vault list with passkey entries
๐Ÿ”’
Autofill prompt in the system picker
๐Ÿ”’
Sync target selection for user-owned storage
๐Ÿ”’
Published audit report summary

About this app

Verdant Vault is a password manager with no account behind it. Your vault is a single encrypted file on the device; if you want it on more than one device, you point the app at storage you already control and it syncs the file there. Nothing about the design requires trusting Forgeline with your data, which is the point โ€” there is no server to breach because there is no server. It handles passwords, passkeys, TOTP codes, and secure notes, and it plugs into Android's autofill and credential manager frameworks so it behaves like a first-class option in the system picker.

This suits people who are comfortable with the trade: you own the file, so you own the backups. If you lose the vault and the passphrase, nobody can recover them, and there is deliberately no reset flow. People who would rather have a vendor hold a recovery key should choose a hosted manager instead, and that is a legitimate choice rather than a lesser one.

Forgeline authorizes APKBrowse to host the stable APK directly, served through a short-lived signed URL with resumable byte ranges. The same artifact is on Google Play and, built independently from source, on F-Droid โ€” worth knowing because the F-Droid build carries F-Droid's signature, not Forgeline's, so the two cannot update over each other. Verdant Vault is also independently audited before each major version, and the audit reports are published rather than summarized.

Before installing, decide where the vault file will live and how it gets backed up, because the app will not make that decision for you. Version 3.1.2 requires Android 9.0 or newer, largely for the credential manager integration. The permission list is short by design: no internet permission at all in the base build, which is unusual for a password manager and means sync runs through the system document provider rather than the app's own network stack. If you are rolling back from 3.1.2 to 3.0.0, note that 3.0.0 cannot read vaults that have been upgraded to the current file format.

OfficialIndependently AuditedSignature Verified

What's New in v3.1.2

Direct APK refreshed after the pre-release external audit; F-Droid build tracks the same tag.

  • Passkey creation through Android credential manager
  • Vault file format v3 with per-entry key derivation
  • Faster autofill matching on large vaults

Version history

v3.1.2Latest
Signature continuous

May 28, 2026 ยท 14.6 MB ยท Android API 28โ€“35 ยท code 312

Direct APK refreshed after the pre-release external audit; F-Droid build tracks the same tag.

  • Passkey creation through Android credential manager
  • Vault file format v3 with per-entry key derivation
  • Faster autofill matching on large vaults
USE_BIOMETRICPOST_NOTIFICATIONS

SHA-256 d41c8a0f27b6539e0ab73f14c85d92610e7fba3c4d81950672aecb3f10d84e57

v3.0.0
Signature continuous

Jan 21, 2026 ยท 13.1 MB ยท Android API 26โ€“34 ยท code 300

Last release using vault file format v2; not forward-compatible with v3 vaults.

  • Reworked entry editor with TOTP support
  • Added export to encrypted archive
USE_BIOMETRIC

SHA-256 58b9e3f0c72a41d6890fb524ce137a0d94e6b18f3c5027ad61e94f8b2d70cc13

Will it run on your device?

CompatibilityLikely to run

82%

  • Targets newer Android builds, so legacy devices may be excluded.
  • Multiple CPU architectures are covered.
  • Optimized for more than one screen class.
  • Aligned with the latest Android target SDK expectations.
What changed in this release
Size delta
+1.5 MB
Added permissions
POST_NOTIFICATIONS
Removed permissions
None

Verdant Vault questions, answered

Is it safe to install a password manager from an APK?

It is as safe as the source and the signature check, which is why this matters more here than for most apps. Install only the publisher-hosted build listed here or the Play version, verify the fingerprint against the one on this page, and never install a password manager from an unauthorized mirror.

How do I verify the download is genuine?

Check the SHA-256 of the downloaded file against the hash listed for that version, and confirm the signing fingerprint matches after install. Forgeline has used the same key for Verdant Vault since launch, so any deviation is disqualifying.

Why does the app not request internet permission?

Sync goes through Android's document provider to storage you nominate, so the app itself never opens a socket. It is a deliberate design constraint: an app with no network permission cannot exfiltrate your vault even if it were compromised.

What happens if I forget my passphrase?

Nothing can be done, and that is intentional โ€” there is no account, no recovery key held by Forgeline, and no reset flow. Keep a written copy of the passphrase somewhere physical before you commit real credentials to the vault.

Can I switch between the Play build and the F-Droid build?

Not by updating over the top, because F-Droid builds from source and signs with its own key, so Android sees a different signer. You would need to export the vault, uninstall, install the other build, and import.

Installation Guide

1

Open Settings on your Android device

2

Go to Security โ†’ Unknown sources (or Install unknown apps)

3

Enable "Allow from this source" for your browser or file manager

4

Open the downloaded APK file from your Downloads folder

5

Tap "Install" and wait for installation to complete

6

Launch the app from your home screen

Make sure to re-enable Unknown Sources restrictions after installation for security.

How to install this safely

How to verify the file you downloaded

Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded โ€” delete it.

What the signing certificate proves

Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time โ€” if a package claiming to be com.forgeline.verdantvault is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.

How to roll back to an earlier version

If the current release misbehaves, 3.0.0 is the last build before it. Android will not install an older version code over a newer one, so you must uninstall Verdant Vault first โ€” which clears its local data unless you have a backup. Reinstall the older APK only if its signing fingerprint matches the build you already trust, and check the API range: an older release may target an Android version your device has moved past.

Why we list sources instead of hosting everything

The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version โ€” and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of Verdant Vault, and a listing is removed when the evidence for it stops holding up.

Get Verdant Vault

Every source we list for com.forgeline.verdantvault is legality-reviewed. Pirated or cracked builds are never offered.

Publisher-authorized ยท resumable transfer

Other sources

F-Droid listing

official

Independently built from source and signed with the F-Droid key; not update-compatible with the Play build.

We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.

App Information

Developer
Forgeline Systems
Category
Security Privacy
Android
9.0+
Architectures
arm64-v8a, armeabi-v7a
Version
3.1.2 (code 312)
Size
14.6 MB
Updated
May 28, 2026
Package name
com.forgeline.verdantvault

Security Verification

File integrity
SHA-256 recorded
Signing certificate
Fingerprint on record
Official source
Google Play

We record provenance; we do not run malware scans. Verify the hash yourself before installing.

SHA-256 Hash

d41c8a0f27b6539e0ab73f14c85d92610e7fba3c4d81950672aecb3f10d84e57

Signing certificate

9F:41:CD:07:2B:6A:85:33:E1:9D:74:0C:B8:52:16:AF:C3:60:7E:28

Permissions Required

USE_BIOMETRIC
POST_NOTIFICATIONS

Previous Versions

Signature verified

The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.

Report a problem with this listing

A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.

Report a problem