{"id":25688638,"url":"https://github.com/curatorcodicis/password-manager","last_synced_at":"2026-04-28T16:02:58.023Z","repository":{"id":279031103,"uuid":"937524280","full_name":"CuratorCodicis/Password-Manager","owner":"CuratorCodicis","description":"A secure password manager built with Spring Boot, AES-256 encryption, and a REST API for storing and retrieving encrypted passwords in MySQL.","archived":false,"fork":false,"pushed_at":"2025-02-23T09:25:43.000Z","size":31,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-23T10:24:57.758Z","etag":null,"topics":["aes-256","hibernate","java","maven","mysql","password-manager","rest-api","spring-boot"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CuratorCodicis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-23T09:14:12.000Z","updated_at":"2025-02-23T09:25:46.000Z","dependencies_parsed_at":"2025-02-23T10:25:17.567Z","dependency_job_id":"8124d025-5583-47eb-a1fa-1d3088c7f2f3","html_url":"https://github.com/CuratorCodicis/Password-Manager","commit_stats":null,"previous_names":["curatorcodicis/password-manager"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CuratorCodicis%2FPassword-Manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CuratorCodicis%2FPassword-Manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CuratorCodicis%2FPassword-Manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CuratorCodicis%2FPassword-Manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CuratorCodicis","download_url":"https://codeload.github.com/CuratorCodicis/Password-Manager/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240557499,"owners_count":19820359,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes-256","hibernate","java","maven","mysql","password-manager","rest-api","spring-boot"],"created_at":"2025-02-24T21:04:54.794Z","updated_at":"2026-04-28T16:02:58.016Z","avatar_url":"https://github.com/CuratorCodicis.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Password Manager API\n\nThe **Password Manager** is a secure backend application for storing and managing passwords using a **RESTful API**. It is built with **Spring Boot** and uses **AES-256 encryption** to securely store passwords in a **MySQL database**. The system requires a **master password**, which is used to derive an encryption key that protects stored passwords. The master password must be provided when the application starts, ensuring that only authorized users can decrypt and access stored credentials.\n\n---\n\n## 🔐 Password Encryption \u0026 Key Management\n\nThe application secures passwords using **AES-256 encryption** (CBC mode with PKCS5 padding) and a **master password system**.\n\n### **How it Works:**\n- When a user provides a plaintext password, it is **encrypted before being stored** in MySQL, ensuring that sensitive data is never exposed.\n- The encrypted passwords are stored in a `VARBINARY` column, making them unreadable without the correct decryption key.\n- Upon startup, the system checks for the existence of a **`secret.key`** file:\n    - If the key file is missing, the user is prompted to create a **new master password**, which is used to generate an encryption key stored securely in `secret.key`.\n    - If the key file exists, the user must enter the correct **master password** to derive the encryption key and decrypt stored passwords.\n    - Without the correct master password, previously stored passwords cannot be decrypted, ensuring that unauthorized users cannot access sensitive data.\n\n\u003e **Important:** The `secret.key` file must be kept secure. If it is lost or deleted, all stored passwords will be irretrievable.\n\n---\n\n## 📦 Installation \u0026 Setup\n\n### **1️⃣ Prerequisites**\n\nEnsure you have installed:\n\n- **Java 17**\n- **MySQL Server**\n- **Maven**\n\n### **2️⃣ Configure MySQL Database**\n\nCreate a MySQL database and update `src/main/resources/application.properties` with your credentials:\n\n```properties\nspring.datasource.url=jdbc:mysql://localhost:3306/password_manager\nspring.datasource.username=your_db_user\nspring.datasource.password=your_db_password\n```\n\n\n\n### **3️⃣ Initialize the Database**\n\nTo set up the required database schema, use the provided **`Create_Table_Passwords.sql`** file:\n\n```sql\nCREATE TABLE passwords (\n    id BIGINT AUTO_INCREMENT PRIMARY KEY,\n    username VARCHAR(255) NOT NULL,\n    password VARBINARY(512) NOT NULL,\n    service VARCHAR(255) NOT NULL,\n    description TEXT,\n    created_at DATETIME DEFAULT CURRENT_TIMESTAMP\n);\n```\n\nYou can execute this SQL script in your MySQL database before running the application.\n\n### **4️⃣ Build \u0026 Run the Application**\n\nUsing **Maven**:\n\n```bash\nmvn clean install\nmvn spring-boot:run\n```\n\nOr using **IntelliJ**/**VS Code**, simply run `PasswordManagerApplication.java`.\n\n---\n\n## 📡 API Usage\n\nOnce running, you can interact with the API using **Postman**, **cURL**, or any HTTP client.\n\n### **Create a new password**\nCreates a new password entry for a given username and service.\n```bash\ncurl -X POST http://localhost:8080/api/passwords \\\n     -H \"Content-Type: application/json\" \\\n     -d '{\"username\": \"user123\", \"plaintextPassword\": \"mypassword\", \"service\": \"GitHub\"}'\n```\n#### Example Response:\n```json\n{\n  \"id\": 1,\n  \"username\": \"user123\",\n  \"service\": \"GitHub\",\n  \"description\": null,\n  \"createdAt\": \"2024-02-22T14:00:00\"\n}\n```\n\n### **Retrieve all stored passwords**\nFetches all stored password entries.\n```bash\ncurl -X GET http://localhost:8080/api/passwords\n```\n\n### **Retrieve password by ID**\nFetches a specific password entry by its ID.\n```bash\ncurl -X GET http://localhost:8080/api/passwords/{id}\n```\n\n### **Search passwords by exact username**\nFinds password entries associated with an exact username match.\n```bash\ncurl -X GET http://localhost:8080/api/passwords/search/username?username=user123\n```\n\n### **Search passwords by username pattern**\nFinds password entries where the username contains a specified pattern.\n```bash\ncurl -X GET http://localhost:8080/api/passwords/search/username-like?usernamePattern=%partialName%\n```\n\n### **Search passwords by exact service name**\nFinds password entries associated with an exact service match.\n```bash\ncurl -X GET http://localhost:8080/api/passwords/search/service?service=GitHub\n```\n\n### **Search passwords by service name pattern**\nFinds password entries where the service name contains a specified pattern.\n```bash\ncurl -X GET http://localhost:8080/api/passwords/search/service-like?servicePattern=%partialService%\n```\n\n### **Update an existing password**\nModifies an existing password entry by providing updated values.\n```bash\ncurl -X PUT http://localhost:8080/api/passwords/{id} \\\n     -H \"Content-Type: application/json\" \\\n     -d '{\"username\": \"user123\", \"plaintextPassword\": \"newpassword\", \"service\": \"GitHub\"}'\n```\n\n### **Delete a password entry**\nRemoves a password entry from the database.\n```bash\ncurl -X DELETE http://localhost:8080/api/passwords/1\n```\n\n---\n\n## 🛠️ Tech Stack\n\n| Category         | Technology/Tool                | Role/Usage                                                     |\n| ---------------- |--------------------------------| -------------------------------------------------------------- |\n| **Language**     | Java 17                       | Core programming language                                      |\n| **Framework**    | Spring Boot, Spring Web        | Provides auto-configuration, dependency injection, and REST API management |\n| **Data Access**  | Spring Data JPA with Hibernate | Simplifies ORM and database interactions with MySQL            |\n| **Database**     | MySQL                          | Relational database for secure storage                         |\n| **Encryption**   | Javax.Crypto API    | AES-256 encryption (CBC mode with PKCS5 padding) to secure sensitive data.         |\n| **Build Tool**   | Maven                          | Dependency management and build automation                     |\n| **Productivity** | Lombok                         | Reduces boilerplate code through annotations                    |\n\n---\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcuratorcodicis%2Fpassword-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcuratorcodicis%2Fpassword-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcuratorcodicis%2Fpassword-manager/lists"}