Vault Approver

Vault Approver is a lightweight companion app for self-hosted Vaultwarden/Bitwarden servers. It does one thing: lets you approve "Login with device" requests quickly and securely using your fingerprint or face.

No vault access. No password management. Just fast, secure login approvals.

HOW IT WORKS
1. Enter your Vaultwarden server URL and email
2. Authenticate with your master password (entered once, never stored)
3. Enable biometric unlock (fingerprint or face)
4. When someone requests "Login with device", you get a real-time notification
5. Verify the 5-word fingerprint phrase, tap Approve — done

FEATURES
• Biometric unlock — Fingerprint / Face authentication on every launch
• Real-time updates — WebSocket (SignalR) for instant notifications
• Fingerprint phrase — 5-word verification phrase to prevent request spoofing
• One-tap approve/deny — respond to login requests instantly
• Request history — full audit trail with timestamps and response times
• Two-factor authentication — TOTP support if 2FA is enabled on your account
• Dark mode — follows system theme or set manually
• Bilingual — English and Russian

SECURITY
• Master password is never stored on the device
• End-to-end encryption with RSA-2048-OAEP key exchange
• AES-256-CBC with HMAC-SHA256 for symmetric encryption
• User key protected in Android Keystore with biometric lock
• All cryptography runs locally on your device
• Supports Argon2id and PBKDF2 key derivation
• Open protocol compatible with Bitwarden/Vaultwarden

SETTINGS
• Auto-lock timeout: Immediately, 15s, 1min, 5min, 15min, or Never
• Auto-refresh interval: 5s, 15s, 30s, or 1 minute
• Theme: Auto, Light, Dark
• Language: System, English, Russian

REQUIREMENTS
• A self-hosted Vaultwarden server with "Login with device" enabled
• An account on that server with biometric unlock capable device
• Android 6.0+ with fingerprint or face unlock configured