{"id":28203889,"url":"https://github.com/function61/passitron","last_synced_at":"2025-10-09T07:35:46.099Z","repository":{"id":57519666,"uuid":"92965930","full_name":"function61/passitron","owner":"function61","description":"Hardware-based password/SSH key/secret manager for people serious about security","archived":false,"fork":false,"pushed_at":"2022-12-30T19:33:38.000Z","size":1352,"stargazers_count":23,"open_issues_count":21,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-10-01T05:26:16.880Z","etag":null,"topics":["hardware-security-module","keepass","keepass-related","raspberry-pi","secret-management","security","store-secrets"],"latest_commit_sha":null,"homepage":"https://function61.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/function61.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-05-31T16:22:34.000Z","updated_at":"2024-10-16T05:06:18.000Z","dependencies_parsed_at":"2023-01-31T14:30:46.367Z","dependency_job_id":null,"html_url":"https://github.com/function61/passitron","commit_stats":null,"previous_names":["function61/pi-security-module"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/function61/passitron","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/function61%2Fpassitron","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/function61%2Fpassitron/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/function61%2Fpassitron/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/function61%2Fpassitron/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/function61","download_url":"https://codeload.github.com/function61/passitron/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/function61%2Fpassitron/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000955,"owners_count":26082973,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hardware-security-module","keepass","keepass-related","raspberry-pi","secret-management","security","store-secrets"],"created_at":"2025-05-17T03:15:40.147Z","updated_at":"2025-10-09T07:35:46.083Z","avatar_url":"https://github.com/function61.png","language":"Go","readme":"![Build status](https://github.com/function61/passitron/workflows/Build/badge.svg)\n[![Download](https://img.shields.io/bintray/v/function61/dl/pi-security-module.svg?style=for-the-badge\u0026label=Download)](https://bintray.com/function61/dl/pi-security-module/_latestVersion#files)\n\nWhat is this?\n-------------\n\nSoftware for a separate trusted hardware device (\"hardware security module\") which\nessentially acts just like [Keepass](http://keepass.info/) and only serves the\nfunction of storing secrets.\n\nIf you use Keepass on your PC and your PC gets compromised by a virus or a hacker,\nit's game over. But if you use a separate device for storing secrets, your PC compromise\ndoes not expose your secrets. This software only exposes your secret when you physically\npress a button on the device - and only exposes one secret per push acknowledge.\n\n\nLinks\n-----\n\n- [Architecture summary](https://function61.com/docs/passitron/architecture/)\n- [Comparison to alternatives](https://function61.com/docs/passitron/user-guides/comparison-to-alternatives/)\n- [All documentation](https://function61.com/docs/passitron/) - everything you\n  seek is probably here. The above links were just some of the most important links to\n  this documentation site.\n\n\nFeatures\n--------\n\n- No cloud\n- Physical acknowledgement to expose a password by pressing a button on a U2F key\n  (YubiKey for example), so a hacker would need local, physical, access to steal your secrets.\n- Supported secrets:\n\t* Passwords\n\t* OTP tokens (Google Authenticator)\n\t* SSH keys (via SSH agent protocol)\n\t* Keylists ([\"printed OTP list\"](https://en.wikipedia.org/wiki/One-time_password#Hardcopy))\n\t* Freetext (any text content is treated as secret data)\n- Create, view and list secrets in a folder hierarchy.\n- Export database to Keepass format (for viewing in mobile devices when traveling etc.)\n- Import data from Keepass format\n\n\nRecommended hardware\n--------------------\n\n![](docs/pi-zero-in-wood-case.png)\n\nI'm using [Raspberry Zero W](https://www.raspberrypi.org/products/pi-zero-w/)\nwith [wooden case](https://thepihut.com/products/zebra-zero-for-raspberry-pi-zero-wood).\n\nIt doesn't matter much which hardware you use, as long as you don't run anything else on\nthat system - to minimize the attack surface. For such a light use Raspberry Pi is\neconomical, although this project runs across processor architectures and operating systems\nbecause Golang is so awesome. :)\n\n\nDownload \u0026 running\n------------------\n\nClick the \"Download\" badge at top of this readme and locate the binary for your OS/arch combo:\n\n- For Raspberry Pi, download `pism_linux-arm`\n- For Linux PC, download `pism_linux-amd64`\n\nNote: don't worry about `public.tar.gz` - it's downloaded automatically if it doesn't exist.\n\nRename the downloaded binary to `pism`.\n\nPro-tip: you can download this directly to your Pi from command line:\n\n```\n$ mkdir passitron/\n$ cd passitron\n$ curl --fail --location -o pism \u003curl to pism_linux-arm from Bintray\u003e\n\n# mark the binary as executable\n$ chmod +x pism\n```\n\nInstallation \u0026 running:\n\n```\n$ ./pism server init-config admin yourpassword\n$ ./pism server install\nWrote unit file to /etc/systemd/system/passitron.service\nRun to enable on boot \u0026 to start now:\n        $ systemctl enable passitron\n        $ systemctl start passitron\n        $ systemctl status passitron\n```\n\nLooks good. You should now be able to access the web interface at `http://\u003cip of your pi\u003e`.\n\n\nHow to build \u0026 develop\n----------------------\n\n[How to build \u0026 develop](https://github.com/function61/turbobob/blob/master/docs/external-how-to-build-and-dev.md)\n(with Turbo Bob, our build tool). It's easy and simple!\n\n### Getting to know the codebase\n\nSee commit where I\n[added support to storing an email field](https://github.com/function61/passitron/commit/2182421beb6ce09693e974823dfe8dd5bf2c339a).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffunction61%2Fpassitron","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffunction61%2Fpassitron","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffunction61%2Fpassitron/lists"}