🔐 Open source password manager with Nextcloud integration
Find a file
Felix Nüsse 5fbc063725
Changed style of new folder element and fixed translations
Signed-off-by: Felix Nüsse <Felix.nuesse@t-online.de>
2018-12-31 21:31:56 +01:00
.tx Fix tx config 2018-02-12 23:02:38 +01:00
appinfo Added folderpath to database 2018-12-30 21:39:08 +01:00
controller Changed style of new folder element and fixed translations 2018-12-31 21:31:56 +01:00
css removed hidden style from bootstrap to remove bug (see bootstrap.min.css comment) 2018-12-04 22:59:43 +01:00
docs Add docs about requesting vaults / credentials 2017-01-12 11:53:47 +01:00
img Replace png with svg 2017-10-29 15:02:04 +01:00
js Changed style of new folder element and fixed translations 2018-12-31 21:31:56 +01:00
l10n [tx-robot] updated from transifex 2018-12-22 01:31:09 +00:00
lib Added folderpath to database 2018-12-30 21:39:08 +01:00
middleware Check HTTP_ORIGIN using isset 2017-01-19 13:58:34 +01:00
migration Fixes 2017-01-11 18:09:49 +01:00
sass Changed style of new folder element and fixed translations 2018-12-31 21:31:56 +01:00
templates Changed style of new folder element and fixed translations 2018-12-31 21:31:56 +01:00
tests Added undefined underscore as parameter to fix travis 2018-11-21 17:34:47 +01:00
.dockerignore
.drone.yml Update drone config 2017-07-28 16:22:18 +02:00
.drone.yml.sig Signed yaml file 2017-07-28 17:35:38 +02:00
.gitignore
.jshintrc
.scrutinizer.yml Fix loading vault if it's already open. Ref #263 2017-10-29 16:14:42 +01:00
.travis.yml Added fix_layout_for_14 to ci-runs 2018-11-21 17:34:26 +01:00
AUTHORS.md
bower.json readded bower config (may be incomplete or wrong versions) 2018-11-21 17:34:45 +01:00
CHANGELOG.md This fixes the decryption error happening when auto login is enabled and user changes vault password. 2016-12-28 15:26:26 +01:00
CNAME Create CNAME 2017-02-05 17:23:45 +01:00
composer.json Add icons to credentials 2017-10-29 13:31:18 +01:00
CONTRIBUTING.md add link to nextcloud server wiki on how to sign commits 2017-10-29 11:11:22 +01:00
COPYING
Dockerfile Fixes error #379, try2, removed cowsay comment to prevent error in next docker releases 2017-11-04 22:04:31 +01:00
Gruntfile.js Fix font awesome not found. (Fixes #286) 2017-05-06 13:32:18 +02:00
ISSUE_TEMPLATE.md Update 2017-03-16 15:44:56 +01:00
karma.conf.js fixed underscore path 2018-11-21 17:34:49 +01:00
launch_phpunit.sh.sample PHPUnit fixes for custom locations 2017-05-07 18:21:11 +02:00
LICENSE
Makefile
package.json updated binaries 2018-11-21 17:34:07 +01:00
personal.php Update personal.php 2018-02-21 16:53:17 +02:00
phpunit.integration.xml Update phpunit 2017-07-01 18:09:39 +02:00
phpunit.xml Update phpunit 2017-07-01 18:09:39 +02:00
README.md Removed Passman-Dev Telegram-group 2018-12-05 21:01:21 +01:00
swagger.yaml Top level typos 2017-01-06 17:06:54 +05:45

Passman

Passman is a full featured password manager.

Build Status Docker Automated buid Codacy Badge Codacy Badge Scrutinizer Code Quality

Join us!

There is a Telegram-Group:

Those are mainly used to discuss all sorts of topics for Passman and it's apps!

Contents

Screenshots

Logged in to vault

Credential selected

Edit credential

Password tool

For more screenshots: Click here

Features:

  • Vaults
  • Vault key is never sent to the server
  • Credentials are stored with 256 bit AES (see security)
  • Ability to add custom fields to credentials
  • Built-in OTP(One Time Password) generator
  • Password analyzer
  • Share passwords internally and via link in a secure manner.
  • Import from various password managers:
    • KeePass
    • LastPass
    • DashLane
    • ZOHO
    • Clipperz.is
    • EnPass
    • ocPasswords

For a demo of this app visit https://demo.passman.cc

Tested on

  • Nextcloud 14

For older Versions see the Releases Tab

External apps

Supported databases

  • SQL Lite*
  • MySQL / MariaDB*

*Tested on travis

Untested databases:

  • pgsql

Security

Password generation

Passman features a build in password generator. Not it only generates passwords, but it also measures their strength using zxcvbn.

Generate passwords as you like

Passwords are generated using the random functions from sjcl.

Storing credentials

All passwords are encrypted client side using sjcl which uses AES-256 bit. Users supply a vault key which is feed into sjcl as encryption key. After the credentials are encrypted they are send to the server, there they will be encrypted again. This time using the following routine:

Sharing credentials.

Passman allows users to share passwords (this can be turned off by an administrator).

API

For developers Passman offers an api.

Support Passman

Passman is open source, and we would gladly accept a beer (or pizza!)
Please consider donating

Code reviews

If you have any improvements regarding our code. Please do the following

  • Clone us
  • Make your edits
  • Add your name to the contributors
  • Send a PR

Or if you're feeling lazy, create an issue, and we'll think about it.

Docker

To run Passman with Docker you can use our test docker image. You have to supply your own SSL certs, self signed or Let's encrypt it doesn't matter.
Please note that the docker is only for testing purposes, as database user / password are hardcoded.

If you like to spiece up our docker image and make it a full fledged secure, production ready install, you're welcome to do so.
Please note that:

  • Port 80 and 443 are used
  • SSL is enabled (or disabled if certs not found)
  • Startup time of container must be less than 15 seconds

Example:

docker run -p 8080:80 -p 8443:443 -v /directory/cert.pem:/data/ssl/cert.pem -v /directory/cert.key:/data/ssl/cert.key brantje/passman

If you want a production ready container you can use the Nextcloud docker, and install passman as an app.

Development

Passman uses a single .js file for the templates. This gives the benefit that we don't need to request every template with XHR.
For CSS we use SASS so you need ruby and sass installed.
templates.js and the CSS are built with grunt. To watch for changes use grunt watch To run the unit tests install phpunit globally, and setup the environment variables on the launch_phpunit.sh script then just run that script, any arguments passed to this script will be forwarded to phpunit.

Main developers

  • Brantje
  • Animalillo

Contributors

Add yours when creating a pull request!

  • Newhinton

FAQ

Are you adding something to check if malicious code is executing on the browser?
No, because malicious code could edit the functions that check for malicious code.