Password manager featuring client-side encryption, vaults, folders and more.

Overview

GitHub GitHub GitHub

vaults is a password manager featuring client side AES-256 encryption, PBKDF2 hashing, vaults, password generation & more.

Homepage desktop Dashboard desktop


  1. Features
  2. Technical overview
    1. Vaults
    2. Entities
    3. Categories
    4. Front end
      1. Front end technologies
    5. Back end
      1. Back end technologies
    6. Other technical details
    7. Security schema
  3. Contributing & Getting started
  4. License

Features

  • Client side encryption for maximum security
  • Vaults
  • Multiple types of items
    • Logins
    • Notes
  • Folders(categories)
  • Cryptographically secure password generator
  • Responsive front end

Technical overview

This application consists of multiple parts:

  • front end
  • back end(API)
  • storage

Vaults

A "vault" is a collection of multiple items(or entities, more on them below). It is the highest unit to save items in & must have a name & description. Users can use it to differentiate between personal items, work related items, family, games etc.

Categories

A "category" is used to group items inside a vault. It must have a name and there can be any amount of them in each vault.

Entities

Login

The "login" represents an online account. It contains the following fields:

  • name(the name of the login)
    • required
  • username
    • required
  • email
  • website
    • required
  • password
  • description

Note

A "note" can be freely used for whatever else and serves as a blueprint for other items the user might have a need for, such as Wi-Fi passwords, membership cards, SSH keys, and much more. These are the fields of the note:

  • name(the name of the note)
    • required
  • description

Front end

The front end has a wide range of responsibilities such as:

  • entity modeling,
  • creation of the user encryption key based on the master password & using the email as a salt,
    • 100100 iterations of PBKDF2
  • creation of the authentication hash based on the master password & using the encryption key as a salt,
    • 1 extra iteration of PBKDF2
  • encrypting the data before sending it off to the backend,
    • AES-256 in CBC mode
  • decrypting the data after a successful request using the encryption key
  • managing the data reactively and globally using state management
  • being a single page application/UI
  • offering a mobile first design experience

Front end technologies

  • Vue.js 3
  • Vuex
  • VeeValidate for dynamic and easier form handling & validation
  • Asynchronous HTTP requests with Axios
  • aes-js
  • pbkdf2
  • SCSS

Back end

The back end has the following responsibilities:

  • user authentication
    • additional 100000 iterations of PBKDF2 on the authentication hash
  • handling CRUD operations on the entities in a RESTful manner
    • complete secrecy regarding the entities; the back end entities comprise only of a field called "data" and respective keys. the data field is fully encrypted from the front end.
  • offering storage
  • acting as an API on a subdomain and actively handling CORS and CSRF
  • UUID strategy for the primary keys of all the entities

Back end technologies

  • Symfony 5.3.6
  • PHP 8.0
  • MySQL 8.0

Other technical details

This project runs completely on Docker, be it the back end, front end, server hosting(NGINX) & database. Docker Compose is used for orchestration.

Security schema

Item mobile

Explanation of the security model:

The user registers using a master password, which is firstly hashed into an encryption key using the unique email address as a salt. The master password is then used to create an authentication hash using the encryption key as a salt; the authentication hash is the value that gets sent to the back end for it to be hashed again using a randomly generated salt, and which will eventually be the value the user authenticates against.

The vault and every other data inside gets encrypted with the mentioned encryption key before doing any operation and sending to the backend. On successful requests the vault will then be decrypted by the front end.

Contributing & Getting started

Do you want to get involved? Please refer to the contributors documentation

License

GPLv3

You might also like...
Encryption-free Private Messaging For Flarum

Whisper - Private Messaging for Flarum A Flarum extension. Add private messaging functionality to your Flarum Community! Simple to install, no setting

Antware NinjaCrypter is an experimental username and password cookie string class for PHP

Antware NinjaCrypter is an experimental username and password cookie string class for PHP. For study case this crypter is based on password crypting ideology but can also encrypt username and password for storing cookie string that way your login details will not be exposed by hackers that search through cookie string.

Strong cryptography tools and password hashing

laminas-crypt 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Windows and macOS Hardening Interface to make security more accessible.

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

CIDRAM: Classless Inter-Domain Routing Access Manager.

What is CIDRAM? CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating f

Github Action which checks Security issues scanning package manager files

security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to

Let's Encrypt/ACME Command Line client written in PHP

Acme PHP Acme PHP is a simple yet very extensible CLI client for Let's Encrypt that will help you get and renew free HTTPS certificates. Acme PHP is a

Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8

Laravel Encrypt Database Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8. I'm yet building the tests. Important Note th

Releases(v1.1.0)
Owner
null
🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.

?? Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p

Jordan Hall 212 Oct 24, 2022
A simple, yet feature rich password manager for Nextcloud

Easy to use yet feature-rich and secure password manager for Nextcloud

M. Wieschollek 169 Jan 3, 2023
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

Alan Woo 51 Nov 21, 2022
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

[sCRiPTz-TEAM] 3 Dec 31, 2021
JSON Object Signing and Encryption library for PHP.

NAMSHI | JOSE Deprecation notice Hi there, as much as we'd like to be able to work on all of the OSS in the world, we don't actively use this library

Namshi 1.7k Dec 22, 2022
Simplest implementation of RSA algorithm encryption and decryption

Simplest RSA (Rivest–Shamir–Adleman) Simplest implementation of RSA algorithm encryption and decryption. Richard Feynman: What I cannot create, I do n

Max Base 8 Aug 30, 2022
AES 128 bit Encryption and Decryption algorithm excuted purely on PHP with no external libraries.

AES128 Executed with PHP Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S National I

Ahmed Mohamed Mostafa 2 Aug 8, 2022
Simple Encryption in PHP.

php-encryption composer require defuse/php-encryption This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or new

Taylor Hornby 3.6k Jan 3, 2023
A petite library of encryption functions for PHP

?? dcrypt A petite library of essential encryption functions for PHP 7.1+. For legacy PHP version support, look here. If you need a dcrypt inspired en

null 96 Oct 6, 2022