Starksoft Sierra Password Manager

Built for the security conscious or professional who demands maximum security from a password manager to keep their secrets safe and under their complete control.

Every secret uniquely encrypted and protected by Yubikey hardware security and touch and PIN policies.

Hardware Security
Passwordless
Touch and PIN Policies
AES-256 Encryption
Cross-Platform
USB Portable
No Cloud Storage
PIV Smart Card
Free for Personal Use
Touch and PIN Security Device

Getting Started

Secure your secrets with hardware security in 4 steps

1

Get a Yubikey

Use an existing Yubikey 5 Series device or purchase a new one

2

Download Starksoft Sierra

Verify file integrity after downloading Windows and Linux binaries

3

Personalize your Yubikey

4

Protect and Store your Secrets

Features

Designed with paranoid-level security in mind as well as ease of use and portability

Secure Microprocessor Icon

Hardware Security

Every secret protected with hardware security using Yubikey hardware and policies.

Encryption Icon

Strong Encryption

Starksoft Sierra uses AES-256-GCM with RSA public/private key encryption to protect your secrets. Your RSA private keys are protected by your Yubikey hardware and policies and can not be exported.

🍎 🪟 🐧

Cross-Platform

Runs on Mac, Windows, and Linux. Starksoft Sierra is a self-contained executable binary with no external dependencies. Just download and run.

Multiple Yubikeys Icon

Multiple Yubikey Support

Personalize multiple Yubikeys for backup or shared access.

📦

Portable and Standalone

Run directly from a secure USB drive without installation. Take your encrypted secrets database anywhere securely.


Store on a FIPS 140-2 Level 3 hardware based encrypted USB drive such as the Apricorn Aegis Secure Key for even more layers of protection.

Crypto and Finance

Suited for Bitcoin wallet passwords, private keys, financial secrets, and cryptocurrency secrets.

📄

Secrets Data Import

Import existing secrets from CSV files.

Hardware Security Policies

Starksoft Sierra offers four Yubikey enforced hardware security level policies that can be set for each secret. Choose the right policy to balance security and convenience.

Hardware Security Icon

Policy 1: Hardware Protected

Secret can be decrypted as long as Yubikey is plugged in.

Base Security
Finger Touch Security Icon

Policy 2: Touch

Requires touching Yubikey to decrypt secret.

Medium Security
PIN Security Device Icon

Policy 3: PIN

Requires entering Yubikey PIN to decrypt secret.

Medium-High Security
Touch and PIN Security Icon

Policy 4: Touch + PIN

Requires both physically touching Yubikey and entering Yubikey PIN to decrypt secret.

High Security

Yubikey Hardware Devices

Starksoft recommends the Yubikey 5 Series USB-C Nano (non NFC) for most users. Our software requires a YubiKey 5 Series hardware device but does not use NFC or any other wireless technology to communicate with the Yubikey. The device must be physically connected to your computer to be used with Starksoft Sierra.

YubiKey 5 Series Devices

Tutorials

Personalize Yubikey

Learn how to set up and personalize your Yubikeys to prepare for use with Starksoft Sierra. Configure multiple Yubikeys for backup access.

Duration: 5:30

Create New Database

Create your first encrypted database. Choose default encryption settings and initialize the database for use with your Yubikeys.

Duration: 4:15

Create New Entries

Learn how to create new secret entries and organize them with tags and categories for easy access.

Duration: 6:45

Decrypt Entries

Learn how to decrypt entries using your Yubikey.

Duration: 7:20

Label and Organize Secrets

Learn how to effectively label and categorize your secrets. Create custom tags for Bitcoin wallets, exchange accounts, and other crypto assets.

Duration: 4:50

Ready to try Starksoft Sierra?

Download Now

Download Starksoft Sierra v1.1.0

Free for Personal Use but Limited to 50 secrets. See Licensing for Details.
Requires a Yubikey 5 Series Hardware Device.

🍎

macOS

Apple Silicon

(Signed and Notarized by Apple)

Download for Mac

SHA256:

bd7f2cced2f1710ec5b2d385ba018be33af46665002232284c4d793822b9f9fe
Copied
🪟

Windows

Windows 10+

Download for Windows

SHA256:

89b83d12d4fa95e6d7df0c03a62d803bd76f62223796fea3f4b9c91038f0b423
Copied
🐧

Linux

Tested on Ubuntu and Mint

Download for Linux

SHA256:

f8ac7742f74a2f15af3102e6b3beec30e243c50bdcae5b71c0779d4560b17c6d
Copied

File Size: 4MB to 20MB | Requirements: Yubikey 5 Series | Installation: None required

Always verify zip file hashes after downloading.

Licensing

Free for personal use, licensed for commercial use.

Personal Use

Free
  • ✓ Full feature access
  • ✓ Secrets limited to 50 entries
  • ✓ Multiple Yubikey support
  • ✓ All major platforms
  • ✓ Personal use only
Download Free

Commercial Use

Contact Us
  • ✓ Full feature access
  • ✓ Unlimited secrets
  • ✓ Multiple Yubikey support
  • ✓ All major platforms
  • ✓ Commercial use
Get Quote

Frequently Asked Questions

What makes Starksoft Sierra different from other password managers?

Unlike cloud-based password managers, Sierra is a standalone application that can be used completely offline. Every secret is uniquely encrypted and protected by hardware security using a Yubikey with PIN and touch security and policies. When you use Starksoft Sierra, you must first decrypt your database using your Yubikey and unique Yubikey PIN. However, even though your database is decrypted, every secret is still uniquely encrypted and protected by hardware security using a Yubikey. Each secret is decrypted using the Yubikey with a specific Yubikey enforced policy. This is very different than other password managers that decrypt the entire database after the password data is opened and decrypted.

Can I use this for Bitcoin and cryptocurrency wallets?

Starksoft Sierra is ideal for storing Bitcoin wallet passwords, private keys, and other cryptocurrency secrets. The hardware-based encryption provides high security for high-value digital assets.

What happens if I lose my Yubikey?

By design, you will lose access to your Sierra database secrets if you lose your Yubikey. Therefore, we recommend initializing multiple Yubikeys during setup for backup or shared access. We recommend personalizing at least 2 to 3 Yubikeys and storing them in separate secure locations. Each Yubikey can have a different PIN. If a Yubikey is lost, you can revoke (remove) the Yubikey from your Sierra database. You can then use your remaining Yubikeys to access your Sierra database secrets.

Does this work on air-gapped computers?

Yes. Starksoft Sierra is specifically designed for air-gapped environments. It has zero network capabilities and no external dependencies, making it ideal for high-security environments.

What security technology is being used on the Yubikey to protect my secrets?

The Yubikey 5 series devices support a NIST US government security standard for federal employees called Personal Identity Verification or PIV. PIV Smart Cards incorporate advanced cryptographic algorithms for secure data transmission and storage. The Yubikey 5 series devices implement the NIST SP 800-73 PIV Smart Card standard. Yubikey 5 series devices support PIV RSA and ECC encryption / decryption, private key storage protected by hardware security, public key storage, cryptographically secure random number generation in addition to physical security features such as a touch sensors and PINs. The Yubikey PIV functions lock after a user-controllable number of failed PIN attempts. Starksoft Sierra is tightly integrated with the Yubikey 5 series secure PIV implementation to protect your secrets.

What are the defense-in-depth strategies used in the Starksoft Sierra application?

The Starksoft Sierra application implements a defense-in-depth strategy to protect your secrets. The application implements a number of security defense-in-depth features to protect your secrets.

  • Hardware security
  • Private RSA keys stored and protected inside Yubikey
  • Memory security (custom protected memory)
  • Storage security
  • Application security
  • UI security
  • No file logging
  • No network capabilities
  • No external 3rd party dependencies

Is there a limit to the number of secrets I can store?

For the personal free version, there is a limit of 50 secret entries that can be stored per database. For the commercial version, there is no limit to the number of secrets you can store in Starksoft Sierra. You can store as many secrets as you want.

How many Yubikeys can I use?

There is no limit to the number of Yubikeys you can use with Starksoft Sierra. You can register as many Yubikeys as you want for each database.

Does Startsoft Sierra work with other PIV compliant hardware security devices?

No, Starksoft Sierra is specifically designed to work with Yubikey 5 Series hardware security devices.

Can I use my existing Yubikey 5 Series MFA device with Starksoft Sierra?

Yes, if you have an existing Yubikey 5 Series device that are are using for MFA (Multi Factor Authentication) but is not being used as a PIV Smart Card, you can use it with Starksoft Sierra. The personalization process will not affect the existing MFA functionality of the Yubikey.

Are you using any cloud services?

No, Starksoft Sierra is a standalone application that has no cloud dependencies.

Are you using any 3rd party libraries to interface with the Yubikey?

No, Starksoft Sierra does not use any 3rd party libraries to communicate with Yubikey.

What 3rd party libraries are used to do cryptographic operations?

Starksoft Sierra uses the latest stable version of OpenSSL (3.5.x) to perform RSA public key encryption, AES cryptographic operations, and cryptographically secure random number generation. The Yubikey hardware performs all RSA private key decryption operations wielding the private key stored inside the Yubikey. OpenSSL is statically linked into the Sierra application. Sierra does not use the OpenSSL shared library on the target platform Operation System.

Contact Starksoft

Questions about commercial licensing or technical support?

Commercial Licensing

bentonstark@gmail.com

Technical Support

bentonstark@gmail.com

General Inquiries

bentonstark@gmail.com