Built for the security conscious or professional who demands maximum security from a password manager to keep their secrets safe and under their complete control.
Every secret uniquely encrypted and protected by Yubikey hardware security and touch and PIN policies.
Secure your secrets with hardware security in 4 steps
Use an existing Yubikey 5 Series device or purchase a new one
Verify file integrity after downloading Windows and Linux binaries
Designed with paranoid-level security in mind as well as ease of use and portability
Every secret protected with hardware security using Yubikey hardware and policies.
Starksoft Sierra uses AES-256-GCM with RSA public/private key encryption to protect your secrets. Your RSA private keys are protected by your Yubikey hardware and policies and can not be exported.
Runs on Mac, Windows, and Linux. Starksoft Sierra is a self-contained executable binary with no external dependencies. Just download and run.
Personalize multiple Yubikeys for backup or shared access.
Run directly from a secure USB drive without installation. Take your encrypted secrets database anywhere securely.
Store on a FIPS 140-2 Level 3 hardware based encrypted USB drive such as the Apricorn Aegis Secure Key for even more layers of protection.
Suited for Bitcoin wallet passwords, private keys, financial secrets, and cryptocurrency secrets.
Import existing secrets from CSV files.
Starksoft Sierra offers four Yubikey enforced hardware security level policies that can be set for each secret. Choose the right policy to balance security and convenience.
Secret can be decrypted as long as Yubikey is plugged in.
Requires touching Yubikey to decrypt secret.
Requires entering Yubikey PIN to decrypt secret.
Requires both physically touching Yubikey and entering Yubikey PIN to decrypt secret.
Starksoft recommends the Yubikey 5 Series USB-C Nano (non NFC) for most users. Our software requires a YubiKey 5 Series hardware device but does not use NFC or any other wireless technology to communicate with the Yubikey. The device must be physically connected to your computer to be used with Starksoft Sierra.
Learn how to set up and personalize your Yubikeys to prepare for use with Starksoft Sierra. Configure multiple Yubikeys for backup access.
Create your first encrypted database. Choose default encryption settings and initialize the database for use with your Yubikeys.
Learn how to create new secret entries and organize them with tags and categories for easy access.
Learn how to decrypt entries using your Yubikey.
Learn how to effectively label and categorize your secrets. Create custom tags for Bitcoin wallets, exchange accounts, and other crypto assets.
Ready to try Starksoft Sierra?
Download NowFree for Personal Use but Limited to 50 secrets.
See Licensing for Details.
Requires a Yubikey 5 Series Hardware Device.
Apple Silicon
(Signed and Notarized by Apple)
Download for MacSHA256:
bd7f2cced2f1710ec5b2d385ba018be33af46665002232284c4d793822b9f9fe
Windows 10+
Download for WindowsSHA256:
89b83d12d4fa95e6d7df0c03a62d803bd76f62223796fea3f4b9c91038f0b423
Tested on Ubuntu and Mint
Download for LinuxSHA256:
f8ac7742f74a2f15af3102e6b3beec30e243c50bdcae5b71c0779d4560b17c6d
File Size: 4MB to 20MB | Requirements: Yubikey 5 Series | Installation: None required
Always verify zip file hashes after downloading.
Free for personal use, licensed for commercial use.
Unlike cloud-based password managers, Sierra is a standalone application that can be used completely offline. Every secret is uniquely encrypted and protected by hardware security using a Yubikey with PIN and touch security and policies. When you use Starksoft Sierra, you must first decrypt your database using your Yubikey and unique Yubikey PIN. However, even though your database is decrypted, every secret is still uniquely encrypted and protected by hardware security using a Yubikey. Each secret is decrypted using the Yubikey with a specific Yubikey enforced policy. This is very different than other password managers that decrypt the entire database after the password data is opened and decrypted.
Starksoft Sierra is ideal for storing Bitcoin wallet passwords, private keys, and other cryptocurrency secrets. The hardware-based encryption provides high security for high-value digital assets.
By design, you will lose access to your Sierra database secrets if you lose your Yubikey. Therefore, we recommend initializing multiple Yubikeys during setup for backup or shared access. We recommend personalizing at least 2 to 3 Yubikeys and storing them in separate secure locations. Each Yubikey can have a different PIN. If a Yubikey is lost, you can revoke (remove) the Yubikey from your Sierra database. You can then use your remaining Yubikeys to access your Sierra database secrets.
Yes. Starksoft Sierra is specifically designed for air-gapped environments. It has zero network capabilities and no external dependencies, making it ideal for high-security environments.
The Yubikey 5 series devices support a NIST US government security standard for federal employees called Personal Identity Verification or PIV. PIV Smart Cards incorporate advanced cryptographic algorithms for secure data transmission and storage. The Yubikey 5 series devices implement the NIST SP 800-73 PIV Smart Card standard. Yubikey 5 series devices support PIV RSA and ECC encryption / decryption, private key storage protected by hardware security, public key storage, cryptographically secure random number generation in addition to physical security features such as a touch sensors and PINs. The Yubikey PIV functions lock after a user-controllable number of failed PIN attempts. Starksoft Sierra is tightly integrated with the Yubikey 5 series secure PIV implementation to protect your secrets.
The Starksoft Sierra application implements a defense-in-depth strategy to protect your secrets. The application implements a number of security defense-in-depth features to protect your secrets.
For the personal free version, there is a limit of 50 secret entries that can be stored per database. For the commercial version, there is no limit to the number of secrets you can store in Starksoft Sierra. You can store as many secrets as you want.
There is no limit to the number of Yubikeys you can use with Starksoft Sierra. You can register as many Yubikeys as you want for each database.
No, Starksoft Sierra is specifically designed to work with Yubikey 5 Series hardware security devices.
Yes, if you have an existing Yubikey 5 Series device that are are using for MFA (Multi Factor Authentication) but is not being used as a PIV Smart Card, you can use it with Starksoft Sierra. The personalization process will not affect the existing MFA functionality of the Yubikey.
No, Starksoft Sierra is a standalone application that has no cloud dependencies.
No, Starksoft Sierra does not use any 3rd party libraries to communicate with Yubikey.
Starksoft Sierra uses the latest stable version of OpenSSL (3.5.x) to perform RSA public key encryption, AES cryptographic operations, and cryptographically secure random number generation. The Yubikey hardware performs all RSA private key decryption operations wielding the private key stored inside the Yubikey. OpenSSL is statically linked into the Sierra application. Sierra does not use the OpenSSL shared library on the target platform Operation System.
Questions about commercial licensing or technical support?
bentonstark@gmail.com
bentonstark@gmail.com
bentonstark@gmail.com