{"id":24993089,"url":"https://github.com/jarmo/secrets-web","last_synced_at":"2025-04-12T02:13:52.812Z","repository":{"id":57571336,"uuid":"211041145","full_name":"jarmo/secrets-web","owner":"jarmo","description":"Not Yet Another Password Manager self-hosted Web app written in Go using libsodium","archived":false,"fork":false,"pushed_at":"2023-04-08T15:45:41.000Z","size":5885,"stargazers_count":42,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-12T02:13:46.430Z","etag":null,"topics":["encryption","golang","libsodium","password-manager","password-store","privacy","secrets","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jarmo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-26T08:38:34.000Z","updated_at":"2024-09-01T05:07:55.000Z","dependencies_parsed_at":"2024-06-20T10:30:07.709Z","dependency_job_id":null,"html_url":"https://github.com/jarmo/secrets-web","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jarmo%2Fsecrets-web","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jarmo%2Fsecrets-web/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jarmo%2Fsecrets-web/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jarmo%2Fsecrets-web/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jarmo","download_url":"https://codeload.github.com/jarmo/secrets-web/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248505925,"owners_count":21115354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","golang","libsodium","password-manager","password-store","privacy","secrets","security-tools"],"created_at":"2025-02-04T13:59:24.724Z","updated_at":"2025-04-12T02:13:52.780Z","avatar_url":"https://github.com/jarmo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# secrets-web\n\n**Secure** and simple passwords manager written in [Go](https://golang.org/). It aims to be *NYAPM* (Not Yet Another Password Manager), but tries to be different from others by following UNIX philosophy of doing only one thing and doing it well.\n\nThis repository is for self-hosted web solution. There exists also a [command-line client](https://github.com/jarmo/secrets-cli). Read more about [secrets](https://github.com/jarmo/secrets) in here.\n\n![screen.png](assets/img/screen.png)\n\n## Installation\n\nDownload latest binary from [releases](https://github.com/jarmo/secrets-web/releases), extract it, initialize a vault configuration and start the server. That's it.\n\n*Of course, you're free to compile your own version of binary to be 100% sure that it has not been tampered with, since this is an open-source project after all.*\n\n## Usage\n\nHere's an output from `secrets-web --help` command.\n\n```\n$ secrets-web COMMAND [OPTIONS]\n\nUsage:\n  secrets-web initialize --config=CONFIG_PATH --path=VAULT_PATH --alias=VAULT_ALIAS\n  secrets-web serve --config=CONFIG_PATH --cert=CERT_PATH --cert-priv-key=CERT_PRIVATE_KEY_PATH [--host=HOST] [--port=PORT] [--pid=PID_PATH]\n\nOptions:\n  --config CONFIG_PATH                      Configuration path for vaults.\n  --alias VAULT_ALIAS                       Vault alias.\n  --path VAULT_PATH                         Vault path.\n  --cert CERT_PATH                          HTTPS certificate path.\n  --cert-priv-key CERT_PRIVATE_KEY_PATH     HTTPS certificate private key path.\n  --host HOST                               Host to bind to. Defaults to 0.0.0.0.\n  --port PORT                               Port to listen on. Defaults to 9090.\n  --pid PID_PATH                            Save PID to file.\n  -h --help                                 Show this screen.\n  -v --version                              Show version.\n```\n\n### Initializing Vault\n\nVault needs to be initialized for each user. Initializing vault just stores location and alias to your vault into a configuration file. Alias will be used for logging in from the login form.\n\nWhen using [command-line client](https://github.com/jarmo/secrets-cli) then it is possible to reuse the same configuration file.\n\n```\n$ secrets-web initialize --config ~/vault-conf.json --path ~/vault.json --alias my-user\nVault successfully initialized!\n```\n\n### Starting the Server\n\nStarting the server **requires a certificate** for serving over HTTPS! It is\nrequired even when using Nginx/Apache as a proxy-pass to avoid moving private\ndata as unencrypted in the server. It is safe to run server on a custom open\nport directly avoiding any proxy-pass.\n\nYou can get a free valid SSL certificates from [Let's Encrypt](https://letsencrypt.org) or\nuse a self-signed certificates if that's not possible.\n\nStart the server:\n\n```\n$ secrets-web serve --config ~/vault-conf.json --cert cert.crt --cert-priv-key cert.key\n```\n\nNow open browser at [https://localhost:9090](https://localhost:9090) to be greeted with a login form.\n\nLog-in with previously created **alias** as user and enter some **strong passphrase**! It is\nrecommended to write that password somewhere for the first login and then\ncopy-paste it so that there would be no typos.\n\nAdd some secret via **Add** button to actually create your vault!\n\n**PS!** Remember that passphrase since there is no \"forgot my password\"\nfunctionality (and if there would be then it would defeat the purpose) and it\nis impossible to retrieve any of your secrets in case you should forget it.\n\n## Using multiple vaults\n\nTo add support for other user/vault, then just execute `initialize` command\nagain and repeat the steps above.\n\n## But how do I sync vault between different devices?!\n\nOne way to sync would be to use any already existing syncing platforms like Dropbox, Microsoft OneDrive or Google Drive.\nSince you can specify vault storage location then it is up to you how (or if even) you sync.\n\n## Running on a publicly-accessible server\n\nThere should be no problems with running on a publicly-accessible server, but\nif you're not syncing vault(s) then don't forget to backup them to some offsite\nlocation!\n\n## Development\n\n1. Clone repository, retrieve dependencies and run tests:\n\n```\ngit clone https://github.com/jarmo/secrets-web.git\ncd secrets-web\ngo get github.com/jessevdk/go-assets-builder@v0.0.0-20130903091706-b8483521738f\nmake test\n```\n\n2. Initialize vault configuration:\n\n```\n$ echo '[{\"Path\": \"tmp/secrets-dev.json\", \"Alias\": \"user\"}]' \u003e tmp/conf-dev.json\n```\n\n3. Install [fswatch](https://emcrisostomo.github.io/fswatch/) for watching file-system changes used for development:\n\nmacOS:\n```\n$ brew install fswatch\n```\n\nLinux:\n```\n$ sudo apt install fswatch\n```\n\n4. Run server with automatic restarts on code changes:\n\n```\n$ make dev\n```\n\n5. Open browser at [http://localhost:8080](http://localhost:8080)\n\n6. Login with **user** and whatever password\n\n7. Add some secret to create a vault encrypted with previously entered password\n\n8. Change code as needed\n\n9. Build and install binaries to `$GOPATH/bin/`\n\n```\nmake\nmake install\n```\n\nPS! Don't forget to send me a [PR](https://github.com/jarmo/secrets-web/pulls)!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjarmo%2Fsecrets-web","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjarmo%2Fsecrets-web","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjarmo%2Fsecrets-web/lists"}