Secret Chest supports multiple users on each device. This is because users might have an instance for home and an instance for work. Notice how there's an option to log into an account that's been used before or create a New User in the below screen.
The New User button, which is shown the first time the app is launched on a given device, brings up a screen that asks if it's acceptable to use auth0 to log in. We use Auth0 to store usernames and passwords and handle IdP-based federation because a small team like ours will never be as good at this as they are - and securing vaults of secrets is as important a job as there is. Yes, the secrets are sharded across multiple devices, and so gaining access to credentials without devices would be fruitless for an attacker. However, we want to take every possible security measure. So click Continue to grant Auth0 access to sign in.
The next screen shows where log ins can be run from. Notice that users can log in with a custom username and password (which includes IdP configurations) and log in with Apple, Facebook, GitHub, or Google accounts.
Click Login once the appropriate credentials have been provided. The app will then bring up the main screen and show any secrets that are available on that device, if it has been used with that account previously.
To log off, use the cog wheel icon in the bottom right corner of the screen. Logging off is still a bit of a work in progress (keep in mind that Secret Chest is in beta) and so it's in our developer options menu.
