{"id":13426667,"url":"https://github.com/keeweb/keeweb","last_synced_at":"2025-05-14T22:05:33.086Z","repository":{"id":37743066,"uuid":"44455683","full_name":"keeweb/keeweb","owner":"keeweb","description":"Free cross-platform password manager compatible with KeePass","archived":false,"fork":false,"pushed_at":"2024-12-28T10:47:07.000Z","size":326353,"stargazers_count":12535,"open_issues_count":405,"forks_count":1109,"subscribers_count":232,"default_branch":"master","last_synced_at":"2025-04-28T00:49:17.045Z","etag":null,"topics":["electron","javascript","keepass","keeweb","password","password-manager","security"],"latest_commit_sha":null,"homepage":"https://keeweb.info","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/keeweb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["keeweb","antelle"],"patreon":null,"open_collective":"keeweb","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2015-10-17T21:41:47.000Z","updated_at":"2025-04-27T16:51:20.000Z","dependencies_parsed_at":"2023-12-18T15:13:07.527Z","dependency_job_id":"e32557ae-1ef5-451f-acf1-70bda46f07c6","html_url":"https://github.com/keeweb/keeweb","commit_stats":{"total_commits":3433,"total_committers":69,"mean_commits":49.7536231884058,"dds":0.08097873579959214,"last_synced_commit":"44432eb66d5b771d5867cdd74f2500d00e006783"},"previous_names":[],"tags_count":128,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keeweb%2Fkeeweb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keeweb%2Fkeeweb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keeweb%2Fkeeweb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/keeweb%2Fkeeweb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/keeweb","download_url":"https://codeload.github.com/keeweb/keeweb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252842942,"owners_count":21812770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["electron","javascript","keepass","keeweb","password","password-manager","security"],"created_at":"2024-07-31T00:01:40.620Z","updated_at":"2025-05-07T08:32:37.689Z","avatar_url":"https://github.com/keeweb.png","language":"HTML","funding_links":["https://github.com/sponsors/keeweb","https://github.com/sponsors/antelle","https://opencollective.com/keeweb"],"categories":["HTML","JavaScript","Uncategorized","Applications","Clients","Apps","JavaScript (485)","加密、密码破解、字典","electron","密码管理","Privacy tools"],"sub_categories":["Uncategorized","Security","Utilities","Web clients","Password","网络服务_其他","🛠️ Utilities (79)","Open Source","Chess :chess_pawn:"],"readme":"\u003cdiv align=\"center\"\u003e\n\u003ch6\u003ePassword Manager\u003c/h6\u003e\n\u003ch1\u003eKeeWeb Password Manager🔑\u003c/h1\u003e\n\n\u003cbr /\u003e\n\n\u003cp\u003e\nKeeWeb is a browser and desktop password manager which is capable of opening up existing KeePass database `kdbx` files, or creating new vaults to store your important credentials in.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"img/screenshot.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\u003cbr /\u003e\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n\u003c!-- prettier-ignore-start --\u003e\n[![Version][github-version-img]][github-version-uri]\n[![Tests][github-tests-img]][github-tests-uri]\n[![Downloads][github-downloads-img]][github-downloads-uri]\n[![Size][github-size-img]][github-size-img]\n[![Last Commit][github-commit-img]][github-commit-img]\n[![Contributors][contribs-all-img]](#contributors-)\n\u003c!-- prettier-ignore-end --\u003e\n\n\u003c/div\u003e\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n- [About](#about)\n - [Quick Links](#quick-links)\n- [Self-hosting](#self-hosting)\n - [Docker](#docker)\n - [Images](#images)\n - [Docker Run](#docker-run)\n - [Docker Compose](#docker-compose)\n - [Traefik Integration](#traefik-integration)\n - [Labels](#labels)\n - [Dynamic.yml](#dynamicyml)\n - [Static.yml](#staticyml)\n - [Providers](#providers)\n - [certificatesResolvers](#certificatesresolvers)\n - [entryPoints (Normal)](#entrypoints-normal)\n - [entryPoints (Cloudflare)](#entrypoints-cloudflare)\n - [Authentik Integration](#authentik-integration)\n - [Labels](#labels-1)\n - [Dynamic.yml](#dynamicyml-1)\n - [Env \\\u0026 Volumes](#env--volumes)\n - [Env Variables](#env-variables)\n - [Volumes](#volumes)\n - [Dropbox Support](#dropbox-support)\n- [Build From Source](#build-from-source)\n - [Platform: Windows](#platform-windows)\n - [Using Grunt](#using-grunt)\n - [Using NPM](#using-npm)\n - [Platform: Linux](#platform-linux)\n - [Using Grunt](#using-grunt-1)\n - [Using NPM](#using-npm-1)\n - [Platform: MacOS](#platform-macos)\n - [Using Grunt](#using-grunt-2)\n - [Using NPM](#using-npm-2)\n- [Donations](#donations)\n- [Contributors ✨](#contributors-)\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## About\n\n**KeeWeb** is a password manager which supports managing `kdbx` files created by other applications such as KeePass, KeePassXC, etc. You choose the platform you wish to run; as KeeWeb supports being installed and ran as either a Desktop application, or in your web-browser.\n\n\u003cbr /\u003e\n\nWith support for Linux, Windows, and MacOS, we give you the tools to seamlessly manage your most important credentials across multiple applications and platforms.\n\n\u003cbr /\u003e\n\nDecide how you want to save your credential vault, KeeWeb supports saving your database as a local file, or you can store your password vault with some of the most popular cloud services such as Dropbox, Google Drive, and Microsoft OneDrive.\n\n\u003cbr /\u003e\n\n### Quick Links\n\nReview some of our most important links below to learn more about KeeWeb and who we are:\n\n\u003cbr /\u003e\n\n| Topic | Links | Description |\n| --- | --- | --- |\n| **Apps** | [Web](https://app.keeweb.info/), [Desktop](https://github.com/keeweb/keeweb/releases/latest) | Try out our application |\n| **Demos** | [Web](https://app.keeweb.info/), [Beta](https://beta.keeweb.info ) | Test our stable and beta releases of Keeweb |\n| **Services** | [Favicon Grabber](https://services.keeweb.info/favicon) | Services integrated within Keeweb |\n| **Branches** | [docker/alpine-base](https://github.com/keeweb/keeweb/tree/docker/alpine-base), [docker/keeweb](https://github.com/keeweb/keeweb/tree/docker/keeweb) | Important branches related to our project |\n| **Timeline** | [Release Notes](release-notes.md), [TODO](https://github.com/keeweb/keeweb/wiki/TODO) | See what we're planning |\n| **On one page** | [Features](https://keeweb.info/#features), [FAQ](https://github.com/keeweb/keeweb/wiki/FAQ) | Information about Keeweb development |\n| **Website** | [keeweb.info](https://keeweb.info) | Visit our official website |\n| **Social** | [kee_web](https://twitter.com/kee_web) | Check us out on our social media |\n| **Donate** | [OpenCollective](https://opencollective.com/keeweb#support), [GitHub](https://github.com/sponsors/antelle) | Help keep us going |\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Self-hosting\n\nWant to self-host your copy of KeeWeb? Everything you need to host this app on your server is provided within the package. KeeWeb itself is a single HTML file combined with a service worker (optionally; for offline access).\n\nYou can download the latest distribution files from **[gh-pages](https://github.com/keeweb/keeweb/archive/gh-pages.zip)** branch.\n\n\u003cbr /\u003e\n\n### Docker\n\nIf you wish to host Keeweb within a Docker container, we provide pre-built images that you can pull into your environment. This section explains how to run Keeweb using `docker run`, or by setting up a `docker-compose.yml` file.\n\n\u003cbr /\u003e\n\n\u003e [!NOTE]\n\u003e For a full set of Docker instructions, visit our **[docker/keeweb readme](https://github.com/keeweb/keeweb/tree/docker/keeweb)**\n\n\u003cbr /\u003e\n\n#### Images\nUse any of the following images in your `📄 docker-compose.yml` or `run` command:\n\n\u003cbr /\u003e\n\n| Service | Version | Image Link |\n| --- | --- | --- |\n| `Docker Hub` | [![Docker Version][dockerhub-version-ftb-img]][dockerhub-version-ftb-uri] | `🔖 keeweb/keeweb:latest` \u003cbr /\u003e `🔖 keeweb/keeweb:1.19.0` \u003cbr /\u003e `🔖 keeweb/keeweb:1.19.0-amd64` \u003cbr /\u003e `🔖 keeweb/keeweb:1.19.0-arm64` \u003cbr /\u003e `🔖 keeweb/keeweb:development` \u003cbr /\u003e `🔖 keeweb/keeweb:development-amd64` \u003cbr /\u003e `🔖 keeweb/keeweb:development-arm64` |\n| `Github` | [![Github Version][github-version-ftb-img]][github-version-ftb-uri] | `🔖 ghcr.io/keeweb/keeweb:latest` \u003cbr /\u003e `🔖 ghcr.io/keeweb/keeweb:1.19.0` \u003cbr /\u003e `🔖 ghcr.io/keeweb/keeweb:1.19.0-amd64` \u003cbr /\u003e `🔖 ghcr.io/keeweb/keeweb:1.19.0-arm64` \u003cbr /\u003e `🔖 ghcr.io/keeweb/keeweb:development` \u003cbr /\u003e `🔖 ghcr.io/keeweb/keeweb:development-amd64` \u003cbr /\u003e `🔖 ghcr.io/keeweb/keeweb:development-arm64` |\n\n\u003cbr /\u003e\n\n#### Docker Run\nIf you wish to use `docker run`; use the following command:\n\n```shell\ndocker run -d --restart=unless-stopped -p 443:443 --name keeweb -v ${PWD}/keeweb:/config ghcr.io/keeweb/keeweb:latest\n```\n\n\u003cbr /\u003e\n\n#### Docker Compose\nFor users wishing to use `docker compose`, create a new `docker-compose.yml` with the following:\n\n```yml\nservices:\n keeweb:\n container_name: keeweb\n image: ghcr.io/keeweb/keeweb:latest # Github image\n # image: keeweb/keeweb:latest # Dockerhub image\n restart: unless-stopped\n volumes:\n - ./keeweb:/config\n environment:\n - PUID=1000\n - PGID=1000\n - TZ=Etc/UTC\n```\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n#### Traefik Integration\nYou can put this container behind Traefik if you want to use a reverse proxy and let Traefik handle the SSL certificate management.\n\n\u003cbr /\u003e\n\n\u003e [!NOTE]\n\u003e These steps are **optional**. \n\u003e \n\u003e If you do not use Traefik, you can skip this section of steps. This is only for users who wish to put this container behind Traefik.\n\u003e\n\u003e If you do not wish to use Traefik, remember that if you make your Keeweb container public facing, you will need to utilize a service such as **[certbot/lets encrypt](https://phoenixnap.com/kb/letsencrypt-docker)** to generate SSL certificates.\n\n\u003cbr /\u003e\n\nOur first step is to tell Traefik about our Keeweb container. We highly recommend you utilize a Traefik **[dynamic file](#dynamicyml)**, instead of **[labels](#labels)**. Using a dynamic file allows for automatic refreshing without the need to restart Traefik when a change is made.\n\nIf you decide to use **[labels](#labels)** instead of a **[dynamic file](#dynamicyml)**, any changes you want to make to your labels will require a restart of Traefik.\n\n\u003cbr /\u003e\n\nWe will be setting up the following:\n\n- A `middleware` to re-direct http to https\n- A `route` to access Keeweb via http (optional)\n- A `route` to access Keeweb via https (secure)\n- A `service` to tell Traefik how to access your Keeweb container\n- A `resolver` so that Traefik can generate and apply a wildcard SSL certificate\n\n\u003cbr /\u003e\n\n##### Labels\n\nTo add Keeweb to Traefik, you will need to open your `docker-compose.yml` and apply the following labels to your Keeweb container. Ensure you change `domain.lan` to your actual domain name.\n\n```yml\nservices:\n keeweb:\n container_name: keeweb\n image: ghcr.io/keeweb/keeweb:latest # Github image\n # image: keeweb/keeweb:latest # Dockerhub image\n restart: unless-stopped\n volumes:\n - ./keeweb:/config\n environment:\n - PUID=1000\n - PGID=1000\n - TZ=Etc/UTC\n labels:\n\n # General\n - traefik.enable=true\n\n # Router \u003e http\n - traefik.http.routers.keeweb-http.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)\n - traefik.http.routers.keeweb-http.service=keeweb\n - traefik.http.routers.keeweb-http.entrypoints=http\n - traefik.http.routers.keeweb-http.middlewares=https-redirect@file\n\n # Router \u003e https\n - traefik.http.routers.keeweb-https.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)\n - traefik.http.routers.keeweb-https.service=keeweb\n - traefik.http.routers.keeweb-https.entrypoints=https\n - traefik.http.routers.keeweb-https.tls=true\n - traefik.http.routers.keeweb-https.tls.certresolver=cloudflare\n - traefik.http.routers.keeweb-https.tls.domains[0].main=domain.lan\n - traefik.http.routers.keeweb-https.tls.domains[0].sans=*.domain.lan\n\n # Load Balancer\n - traefik.http.services.keeweb.loadbalancer.server.port=443\n - traefik.http.services.keeweb.loadbalancer.server.scheme=https\n```\n\n\u003cbr /\u003e\n\nAfter you've added the labels above, skip the [dynamic.yml](#dynamicyml) section and go straight to the **[static.yml](#staticyml)** section.\n\n\u003cbr /\u003e\n\u003cbr /\u003e\n\n##### Dynamic.yml\n\nIf you decide to not use **[labels](#labels)** and want to use a dynamic file, you will first need to create your dynamic file. the Traefik dynamic file is usually named `dynamic.yml`. We need to add a new `middleware`, `router`, and `service` to our Traefik dynamic file so that it knows about our new Keeweb container and where it is.\n\n```yml\nhttp:\n middlewares:\n https-redirect:\n redirectScheme:\n scheme: \"https\"\n permanent: true\n\n routers:\n keeweb-http:\n service: keeweb\n rule: Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)\n entryPoints:\n - http\n middlewares:\n - https-redirect@file\n\n keeweb-https:\n service: keeweb\n rule: Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)\n entryPoints:\n - https\n tls:\n certResolver: cloudflare\n domains:\n - main: \"domain.lan\"\n sans:\n - \"*.domain.lan\"\n\n services:\n keeweb:\n loadBalancer:\n servers:\n - url: \"https://keeweb:443\"\n```\n\n\u003cbr /\u003e\n\n##### Static.yml\nThese entries will go in your Traefik `static.yml` file. Any changes made to this file requires that you restart Traefik afterward.\n\n\u003cbr /\u003e\n\n###### Providers\n\n\u003e [!NOTE]\n\u003e This step is only for users who opted to use the **[dynamic file](#dynamicyml)** method.\n\u003e\n\u003e Users who opted to use [labels](#labels) can skip to the section **[certificatesResolvers](#certificatesresolvers)**\n\n\u003cbr /\u003e\n\nEnsure you add the following new section to your `static.yml`:\n\n\u003cbr /\u003e\n\n```yml\nproviders:\n docker:\n endpoint: \"unix:///var/run/docker.sock\"\n exposedByDefault: false\n network: traefik\n watch: true\n file:\n filename: \"/etc/traefik/dynamic.yml\"\n watch: true\n```\n\n\u003cbr /\u003e\n\nThe code above is what enables the use of a **[dynamic file](#dynamicyml)** instead of labels. Change `/etc/traefik/dynamic.yml` if you are placing your dynamic file in a different location. This path is relative to inside the container, not your host machine mounted volume path. Traefik keeps most files in the `/etc/traefik/` folder.\n\n\u003cbr /\u003e\n\nAfter you add the above, open your Traefik's `docker-compose.yml` file and mount a new volume so that Traefik knows where your new dynamic file is:\n\n```yml\n traefik:\n container_name: traefik\n image: traefik:latest\n restart: unless-stopped\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock:ro\n - /etc/localtime:/etc/localtime:ro\n - ./config/traefik.yml:/etc/traefik/traefik.yml:ro\n - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro\n```\n\n\u003cbr /\u003e\n\nYou must ensure you add a new volume like shown above:\n\n- `/config/dynamic.yml:/etc/traefik/dynamic.yml:ro`\n\n\u003cbr /\u003e\n\nOn your host machine, make sure you place the `dynamic.yml` file in a sub-folder called **config**, which should be inside the same folder where your Traefik's `docker-compose.yml` file is. If you want to change this location, ensure you change the mounted volume path above.\n\n\u003cbr /\u003e\n\nAfter you have completed this, proceed to the section **[certificatesResolvers](#certificatesresolvers)**.\n\n\u003cbr /\u003e\n\n###### certificatesResolvers\n\n\u003e [!NOTE]\n\u003e This step is required no matter which option you picked above, both for **[dynamic file](#dynamicyml)** setups, as well as people using **[labels](#labels)**.\n\n\u003cbr /\u003e\n\nOpen your Traefik `static.yml` file. We need to define the `certResolver` that we added above either in your dynamic file, or label. To define the `certResolver`, we will be adding a new section labeled `certificatesResolvers`. We are going to use Cloudflare in this example, you can use whatever from the list at:\n\n- https://doc.traefik.io/traefik/https/acme/#providers\n\n\u003cbr /\u003e\n\n```yml\ncertificatesResolvers:\n cloudflare:\n acme:\n email: youremail@address.com\n storage: /cloudflare/acme.json\n keyType: EC256\n preferredChain: 'ISRG Root X1'\n dnsChallenge:\n provider: cloudflare\n delayBeforeCheck: 15\n resolvers:\n - \"1.1.1.1:53\"\n - \"1.0.0.1:53\"\n disablePropagationCheck: true\n```\n\n\u003cbr /\u003e\n\nOnce you pick the DNS / SSL provider you want to use from the code above, you need to see if that provider has any special environment variables that must be set. The **[Providers Page](https://doc.traefik.io/traefik/https/acme/#providers)** lists all providers and also what env variables need set for each one.\n\n\u003cbr /\u003e\n\nIn our example, since we are using **Cloudflare** for `dnsChallenge` -\u003e `provider`, we must set the following environment variables:\n\n- `CF_API_EMAIL`\n- `CF_API_KEY`\n\n\u003cbr /\u003e\n\nCreate a `.env` environment file in the same folder where your Traefik `docker-compose.yml` file is located, and add the following:\n\n```yml\nCF_API_EMAIL=yourcloudflare@email.com\nCF_API_KEY=Your-Cloudflare-API-Key\n```\n\n\u003cbr /\u003e\n\nSave the `.env` file and exit. For these environment variables to be detected by Traefik, you must give your Traefik container a restart. Until you restart Traefik, it will not be able to generate your new SSL certificates. \n\nYou can wait and restart in a moment after you finish editing the `static.yml` file, as there are more items to add below.\n\n\u003cbr /\u003e\n\n###### entryPoints (Normal)\nFinally, inside the Traefik `static.yml`, we need to make sure we have our `entryPoints` configured. Add the following to the Traefik `static.yml` file only if you **DON'T** have entry points set yet:\n\n```yml\nentryPoints:\n http:\n address: :80\n http:\n redirections:\n entryPoint:\n to: https\n scheme: https\n\n https:\n address: :443\n http3: {}\n http:\n tls:\n options: default\n certResolver: cloudflare\n domains:\n - main: domain.lan\n sans:\n - '*.domain.lan'\n```\n\n\u003cbr /\u003e\n\n###### entryPoints (Cloudflare)\nIf your website is behind Cloudflare's proxy service, you need to modify your `entryPoints` above so that you can automatically allow Cloudflare's IP addresses through. This means your entry points will look a bit different.\n\n\u003cbr /\u003e\n\nIn the example below, we will add `forwardedHeaders` -\u003e `trustedIPs` and add all of Cloudflare's IPs to the list which are available here:\n- https://cloudflare.com/ips/\n\n```yml\n http:\n address: :80\n forwardedHeaders:\n trustedIPs: \u0026trustedIps\n - 103.21.244.0/22\n - 103.22.200.0/22\n - 103.31.4.0/22\n - 104.16.0.0/13\n - 104.24.0.0/14\n - 108.162.192.0/18\n - 131.0.72.0/22\n - 141.101.64.0/18\n - 162.158.0.0/15\n - 172.64.0.0/13\n - 173.245.48.0/20\n - 188.114.96.0/20\n - 190.93.240.0/20\n - 197.234.240.0/22\n - 198.41.128.0/17\n - 2400:cb00::/32\n - 2606:4700::/32\n - 2803:f800::/32\n - 2405:b500::/32\n - 2405:8100::/32\n - 2a06:98c0::/29\n - 2c0f:f248::/32\n http:\n redirections:\n entryPoint:\n to: https\n scheme: https\n\n https:\n address: :443\n http3: {}\n forwardedHeaders:\n trustedIPs: *trustedIps\n http:\n tls:\n options: default\n certResolver: cloudflare\n domains:\n - main: domain.lan\n sans:\n - '*.domain.lan'\n```\n\n\u003cbr /\u003e\n\nSave the files and then give Traefik and your Keeweb containers a restart.\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n#### Authentik Integration\n\nThis section will not explain how to install and set up [Authentik](https://goauthentik.io/). We are only going to cover adding Keeweb integration to Authentik.\n\n\u003cbr /\u003e\n\nSign into the Authentik admin panel, go to the left-side navigation, select **Applications** -\u003e **Providers**. Then at the top of the new page, click **Create**.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 40%;text-align: center;\" src=\"docs/img/authentik/01.png\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"docs/img/authentik/02.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nFor the **provider**, select `Proxy Provider`.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"docs/img/authentik/03.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nAdd the following provider values:\n- **Name**: `Keeweb ForwardAuth`\n- **Authentication Flow**: `default-source-authentication (Welcome to authentik!)`\n- **Authorization Flow**: `default-provider-authorization-implicit-consent (Authorize Application)`\n\n\u003cbr /\u003e\n\nSelect **Forward Auth (single application)**:\n- **External Host**: `https://keeweb.domain.lan`\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"docs/img/authentik/04.gif\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nOnce finished, click **Create**. Then on the left-side menu, select **Applications** -\u003e **Applications**. Then at the top of the new page, click **Create**.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 40%;text-align: center;\" src=\"docs/img/authentik/05.png\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"docs/img/authentik/02.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nAdd the following parameters:\n- **Name**: `Keeweb (Password Manager)`\n- **Slug**: `keeweb`\n- **Group**: `Security`\n- **Provider**: `Keeweb ForwardAuth`\n- **Backchannel Providers**: `None`\n- **Policy Engine Mode**: `any`\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"docs/img/authentik/06.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nSave, and then on the left-side menu, select **Applications** -\u003e **Outposts**:\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 40%;text-align: center;\" src=\"docs/img/authentik/07.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nFind your **Outpost** and edit it.\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"docs/img/authentik/08.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nMove `Keeweb (Password Manager)` to the right side **Selected Applications** box.\n\n\u003cbr /\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg style=\"width: 80%;text-align: center;\" src=\"docs/img/authentik/09.png\"\u003e\u003c/p\u003e\n\n\u003cbr /\u003e\n\nIf you followed our [Traefik](#traefik-integration) guide above, you were shown how to add your Keeweb container to Traefik using either the **[dynamic file](#dynamicyml)** or **[labels](#labels)**. Depending on which option you picked, follow that section's guide below.\n\n- For **label** users, go to the section [Labels](#labels-1) below.\n- For **dynamic file** users, go to the section [Dynamic File](#dynamicyml-1) below.\n\n\u003cbr /\u003e\n\n##### Labels\n\nOpen your Keeweb's `docker-compose.yml` and modify your labels to include Authentik as a **middleware** by adding `authentik@file` to the label `traefik.http.routers.keeweb-https.middlewares`. You should have something similar to the example below:\n\n```yml\nservices:\n keeweb:\n container_name: keeweb\n image: ghcr.io/keeweb/keeweb:latest # Github image\n # image: keeweb/keeweb:latest # Dockerhub image\n restart: unless-stopped\n volumes:\n - ./keeweb:/config\n environment:\n - PUID=1000\n - PGID=1000\n - TZ=Etc/UTC\n labels:\n\n # General\n - traefik.enable=true\n\n # Router \u003e http\n - traefik.http.routers.keeweb-http.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)\n - traefik.http.routers.keeweb-http.service=keeweb\n - traefik.http.routers.keeweb-http.entrypoints=http\n - traefik.http.routers.keeweb-http.middlewares=https-redirect@file\n\n # Router \u003e https\n - traefik.http.routers.keeweb-https.rule=Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)\n - traefik.http.routers.keeweb-https.service=keeweb\n - traefik.http.routers.keeweb-https.entrypoints=https\n - traefik.http.routers.keeweb-https.middlewares=authentik@file\n - traefik.http.routers.keeweb-https.tls=true\n - traefik.http.routers.keeweb-https.tls.certresolver=cloudflare\n - traefik.http.routers.keeweb-https.tls.domains[0].main=domain.lan\n - traefik.http.routers.keeweb-https.tls.domains[0].sans=*.domain.lan\n\n # Load Balancer\n - traefik.http.services.keeweb.loadbalancer.server.port=443\n - traefik.http.services.keeweb.loadbalancer.server.scheme=https\n```\n\n\u003cbr /\u003e\n\n##### Dynamic.yml\n\nIf you opted to use the [dynamic file](#dynamicyml), open your Traefik's `dynamic.yml` file and apply the `authentik@file` middleware to look something like the following:\n\n\u003cbr /\u003e\n\n```yml\n keeweb-https:\n service: keeweb\n rule: Host(`keeweb.localhost`) || Host(`keeweb.domain.lan`)\n entryPoints:\n - https\n middlewares:\n - authentik@file\n tls:\n certResolver: cloudflare\n domains:\n - main: \"domain.lan\"\n sans:\n - \"*.domain.lan\"\n```\n\n\u003cbr /\u003e\n\nAfter you've done everything above, give your **Traefik** and **Authentik** containers a restart. Once they come back up; you should be able to access `keeweb.domain.lan` and be prompted now to authenticate with Authentik. Once you authenticate, you should be re-directed to your Keeweb home screen which asks you to load a vault file.\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n### Env \u0026 Volumes\nThis section outlines that environment variables can be specified, and which volumes you can mount when the container is started.\n\n\u003cbr /\u003e\n\n#### Env Variables\nThe following env variables can be modified before spinning up this container:\n\n\u003cbr /\u003e\n\n| Env Var | Default | Description |\n| --- | --- | --- |\n| `PUID` | 1000 | \u003csub\u003eUser ID running the container\u003c/sub\u003e |\n| `PGID` | 1000 | \u003csub\u003eGroup ID running the container\u003c/sub\u003e |\n| `TZ` | Etc/UTC | \u003csub\u003eTimezone\u003c/sub\u003e |\n| `PORT_HTTP` | 80 | \u003csub\u003eDefines the HTTP port to run on\u003c/sub\u003e |\n| `PORT_HTTPS` | 443 | \u003csub\u003eDefines the HTTPS port to run on\u003c/sub\u003e |\n\n\u003cbr /\u003e\n\n#### Volumes\nThe following volumes can be mounted with this container:\n\n\u003cbr /\u003e\n\n| Volume | Description |\n| ---- | ---- |\n| `./keeweb:/config` | \u003csub\u003ePath which stores Keeweb, nginx configs, and optional SSL certificate/keys\u003c/sub\u003e |\n\n\u003cbr /\u003e\n\nBy mounting the volume above, you should now have access to the following folders:\n\u003cbr /\u003e\n\n| Folder | Description |\n| ---- | ---- |\n| `📁 keys` | \u003csub\u003eResponsible for storing your ssl certificate `cert.crt` + key `cert.key`\u003c/sub\u003e |\n| `📁 log` | \u003csub\u003eAll nginx / container logs\u003c/sub\u003e |\n| `📁 nginx` | \u003csub\u003eContains `nginx.conf`, `resolver.conf`, `ssl.conf`, `site-confs`\u003c/sub\u003e |\n| `📁 www` | \u003csub\u003eFolder which stores the Keeweb files, images, and plugins\u003c/sub\u003e |\n\n\u003cbr /\u003e\n\n### Dropbox Support\n\nTo configure Dropbox support on your self-hosted setup [view our Wiki page](https://github.com/keeweb/keeweb/wiki/Dropbox-and-GDrive).\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Build From Source\n\n\u003e [!NOTE]\n\u003e Keeweb v1.19.0+ requires a minimum of Node v20.9.0 LTS in order to build.\n\u003e If you require multiple versions of node, you can install `nvm`\n\u003e\n\u003e ```shell\n\u003e # install nvm\n\u003e wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash\n\u003e\n\u003e # install node 20\n\u003e nvm install 20\n\u003e\n\u003e # switch to node 20\n\u003e nvm use 20\n\u003e ```\n\n\u003cbr /\u003e\n\nThe easiest way to clone all KeeWeb repos is:\n\n```bash\ncurl https://raw.githubusercontent.com/keeweb/keeweb/develop/dev-env.sh | bash -\n```\n\n\u003cbr /\u003e\n\nKeeWeb can be built utilizing the **grunt commandline**. Each platform has multiple commands you can use; pick one:\n\n\u003cbr /\u003e\n\n### Platform: Windows\n\nYou may build KeeWeb for `Windows` by executing ONE of the following two commands provided:\n\n\u003cbr /\u003e\n\n#### Using Grunt\n\n```shell\ngrunt dev-desktop-win32 --skip-sign\n```\n\n\u003cbr /\u003e\n\n#### Using NPM\n\n```shell\nnpm run dev-desktop-windows\n```\n\n\u003cbr /\u003e\n\n### Platform: Linux\n\nYou may build KeeWeb for `Linux` by executing ONE of the following two commands provided:\n\n\u003cbr /\u003e\n\n#### Using Grunt\n\n```shell\ngrunt dev-desktop-linux --skip-sign\n```\n\n\u003cbr /\u003e\n\n#### Using NPM\n\n```shell\nnpm run dev-desktop-linux\n```\n\n\u003cbr /\u003e\n\u003cbr /\u003e\n\n### Platform: MacOS\n\nYou may build KeeWeb for `MacOS` by executing ONE of the following two commands provided:\n\n#### Using Grunt\n\n```shell\ngrunt dev-desktop-darwin --skip-sign\n```\n\n#### Using NPM\n\n```shell\nnpm run dev-desktop-macos\n```\n\n\u003cbr /\u003e\n\nOnce the build is complete, all (html files will be in `dist/` folder. To build KeeWeb, utilize the following commands below.\n\n\u003cbr /\u003e\n\nTo run the desktop (electron) app without building an installer, build the app with `grunt` and then launch KeeWeb with one of the following commands:\n\n\u003cbr /\u003e\n\n```bash\nnpm run dev\nnpm run electron\n```\n\n\u003cbr /\u003e\n\nTo debug your build:\n\n1. run `npm run dev`\n2. open `http://localhost:8085`\n\n\u003cbr /\u003e\n\nOnce built, the output files will be generated in `tmp`:\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Donations\n\nKeeWeb is not free to develop. It takes time, requires paid code signing certificates and domains. \nYou can help the project or say \"thank you\" with this button: \n[\u003cimg src=\"https://opencollective.com/keeweb/tiers/backer.svg?avatarHeight=42\u0026width=880\" alt=\"OpenCollective\"\u003e](https://opencollective.com/keeweb#support)\n\n\u003cbr /\u003e\n\nYou can also sponsor the developer directly [on GitHub](https://github.com/sponsors/antelle).\n\n\u003cbr /\u003e\n\nPlease note: donation does not imply any type of service contract.\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Contributors ✨\nWe are always looking for contributors. If you feel that you can provide something useful to Keeweb or our other projects, then we'd love to review your suggestion. Before submitting your contribution, please review the following resources:\n\n- [Pull Request Procedure](.github/PULL_REQUEST_TEMPLATE.md)\n- [Contributor Policy](CONTRIBUTING.md)\n\n\u003cbr /\u003e\n\nWant to help but can't write code?\n- Review [active questions by our community](https://github.com/keeweb/keeweb/labels/help%20wanted) and answer the ones you know.\n\n\u003cbr /\u003e\n\n![Alt](https://repobeats.axiom.co/api/embed/7dc2a7ce8b8a09bc63114defdc7ccb9d91bbd352.svg \"Analytics image\")\n\nWant to help but can't write code?\n\n- Review [active questions by our community](https://github.com/keeweb/keeweb/labels/help%20wanted) and answer the ones you know.\n- Help [translating KeeWeb](https://keeweb.oneskyapp.com)\n\n\u003cbr /\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n\u003c!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section --\u003e\n[![Contributors][contribs-all-img]](#contributors-)\n\u003c!-- ALL-CONTRIBUTORS-BADGE:END --\u003e\n\n\u003c!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --\u003e\n\u003c!-- prettier-ignore-start --\u003e\n\u003c!-- markdownlint-disable --\u003e\n\u003ctable\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://gitlab.com/antelle\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/633557?v=4?s=40\" width=\"40px;\" alt=\"Antelle\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eAntelle\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/KeeWeb/KeeWeb/commits?author=antelle\" title=\"Code\"\u003e💻\u003c/a\u003e \u003ca href=\"#projectManagement-antelle\" title=\"Project Management\"\u003e📆\u003c/a\u003e \u003ca href=\"#fundingFinding-antelle\" title=\"Funding Finding\"\u003e🔍\u003c/a\u003e\u003c/td\u003e\n \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://gitlab.com/Aetherinox\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/118329232?v=4?s=40\" width=\"40px;\" alt=\"Aetherinox\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eAetherinox\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/KeeWeb/KeeWeb/commits?author=Aetherinox\" title=\"Code\"\u003e💻\u003c/a\u003e \u003ca href=\"#projectManagement-Aetherinox\" title=\"Project Management\"\u003e📆\u003c/a\u003e \u003ca href=\"#fundingFinding-Aetherinox\" title=\"Funding Finding\"\u003e🔍\u003c/a\u003e\u003c/td\u003e\n \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://gitlab.com/HarlemSquirrel\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/6445815?v=4?s=40\" width=\"40px;\" alt=\"HarlemSquirrel\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eHarlemSquirrel\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/KeeWeb/KeeWeb/commits?author=HarlemSquirrel\" title=\"Code\"\u003e💻\u003c/a\u003e \u003ca href=\"#projectManagement-HarlemSquirrel\" title=\"Project Management\"\u003e📆\u003c/a\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\n\u003c!-- markdownlint-restore --\u003e\n\u003c!-- prettier-ignore-end --\u003e\n\u003c!-- ALL-CONTRIBUTORS-LIST:END --\u003e\n\n\u003cbr /\u003e\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n\u003c!-- prettier-ignore-start --\u003e\n\u003c!-- markdownlint-disable --\u003e\n\n\u003c!-- BADGE \u003e GENERAL --\u003e\n [general-npmjs-uri]: https://npmjs.com\n [general-nodejs-uri]: https://nodejs.org\n [general-npmtrends-uri]: http://npmtrends.com/keeweb\n\n\u003c!-- BADGE \u003e VERSION \u003e GITHUB --\u003e\n [github-version-img]: https://img.shields.io/github/v/tag/keeweb/keeweb?logo=GitHub\u0026label=Version\u0026color=ba5225\n [github-version-uri]: https://github.com/keeweb/keeweb/releases\n\n\u003c!-- BADGE \u003e VERSION \u003e GITHUB (For the Badge) --\u003e\n [github-version-ftb-img]: https://img.shields.io/github/v/tag/keeweb/keeweb?style=for-the-badge\u0026logo=github\u0026logoColor=FFFFFF\u0026logoSize=34\u0026label=%20\u0026color=ba5225\n [github-version-ftb-uri]: https://github.com/keeweb/keeweb/releases\n\n\u003c!-- BADGE \u003e VERSION \u003e NPMJS --\u003e\n [npm-version-img]: https://img.shields.io/npm/v/keeweb?logo=npm\u0026label=Version\u0026color=ba5225\n [npm-version-uri]: https://npmjs.com/package/keeweb\n\n\u003c!-- BADGE \u003e VERSION \u003e PYPI --\u003e\n [pypi-version-img]: https://img.shields.io/pypi/v/keeweb\n [pypi-version-uri]: https://pypi.org/project/keeweb/\n\n\u003c!-- BADGE \u003e LICENSE \u003e MIT --\u003e\n [license-mit-img]: https://img.shields.io/badge/MIT-FFF?logo=creativecommons\u0026logoColor=FFFFFF\u0026label=License\u0026color=9d29a0\n [license-mit-uri]: https://github.com/keeweb/keeweb/blob/main/LICENSE\n\n\u003c!-- BADGE \u003e GITHUB \u003e DOWNLOAD COUNT --\u003e\n [github-downloads-img]: https://img.shields.io/github/downloads/keeweb/keeweb/total?logo=github\u0026logoColor=FFFFFF\u0026label=Downloads\u0026color=376892\n [github-downloads-uri]: https://github.com/keeweb/keeweb/releases\n\n\u003c!-- BADGE \u003e NPMJS \u003e DOWNLOAD COUNT --\u003e\n [npmjs-downloads-img]: https://img.shields.io/npm/dw/%40keeweb%2Fkeeweb?logo=npm\u0026\u0026label=Downloads\u0026color=376892\n [npmjs-downloads-uri]: https://npmjs.com/package/keeweb\n\n\u003c!-- BADGE \u003e GITHUB \u003e DOWNLOAD SIZE --\u003e\n [github-size-img]: https://img.shields.io/github/repo-size/keeweb/keeweb?logo=github\u0026label=Size\u0026color=59702a\n [github-size-uri]: https://github.com/keeweb/keeweb/releases\n\n\u003c!-- BADGE \u003e NPMJS \u003e DOWNLOAD SIZE --\u003e\n [npmjs-size-img]: https://img.shields.io/npm/unpacked-size/keeweb/latest?logo=npm\u0026label=Size\u0026color=59702a\n [npmjs-size-uri]: https://npmjs.com/package/keeweb\n\n\u003c!-- BADGE \u003e CODECOV \u003e COVERAGE --\u003e\n [codecov-coverage-img]: https://img.shields.io/codecov/c/github/keeweb/keeweb?token=MPAVASGIOG\u0026logo=codecov\u0026logoColor=FFFFFF\u0026label=Coverage\u0026color=354b9e\n [codecov-coverage-uri]: https://codecov.io/github/keeweb/keeweb\n\n\u003c!-- BADGE \u003e ALL CONTRIBUTORS --\u003e\n [contribs-all-img]: https://img.shields.io/github/all-contributors/keeweb/keeweb?logo=contributorcovenant\u0026color=de1f6f\u0026label=contributors\n [contribs-all-uri]: https://github.com/all-contributors/all-contributors\n\n\u003c!-- BADGE \u003e GITHUB \u003e BUILD \u003e NPM --\u003e\n [github-build-img]: https://img.shields.io/github/actions/workflow/status/keeweb/keeweb/deploy-docker-github.yml?logo=github\u0026logoColor=FFFFFF\u0026label=Build\u0026color=%23278b30\n [github-build-uri]: https://github.com/keeweb/keeweb/actions/workflows/deploy-docker-github.yml\n\n\u003c!-- BADGE \u003e GITHUB \u003e BUILD \u003e Pypi --\u003e\n [github-build-pypi-img]: https://img.shields.io/github/actions/workflow/status/keeweb/keeweb/release-pypi.yml?logo=github\u0026logoColor=FFFFFF\u0026label=Build\u0026color=%23278b30\n [github-build-pypi-uri]: https://github.com/keeweb/keeweb/actions/workflows/pypi-release.yml\n\n\u003c!-- BADGE \u003e GITHUB \u003e TESTS --\u003e\n [github-tests-img]: https://img.shields.io/github/actions/workflow/status/keeweb/keeweb/npm-tests.yml?logo=github\u0026label=Tests\u0026color=2c6488\n [github-tests-uri]: https://github.com/keeweb/keeweb/actions/workflows/npm-tests.yml\n\n\u003c!-- BADGE \u003e GITHUB \u003e COMMIT --\u003e\n [github-commit-img]: https://img.shields.io/github/last-commit/keeweb/keeweb?logo=conventionalcommits\u0026logoColor=FFFFFF\u0026label=Last%20Commit\u0026color=313131\n [github-commit-uri]: https://github.com/keeweb/keeweb/commits/main/\n\n\u003c!-- BADGE \u003e DOCKER HUB \u003e VERSION --\u003e\n [dockerhub-version-img]: https://img.shields.io/docker/v/antelle/keeweb/latest?logo=docker\u0026logoColor=FFFFFF\u0026label=Docker%20Version\u0026color=ba5225\n [dockerhub-version-uri]: https://hub.docker.com/repository/docker/antelle/keeweb/general\n\n\u003c!-- BADGE \u003e DOCKER HUB \u003e VERSION (For the Badge) --\u003e\n [dockerhub-version-ftb-img]: https://img.shields.io/docker/v/antelle/keeweb/latest?style=for-the-badge\u0026logo=docker\u0026logoColor=FFFFFF\u0026logoSize=34\u0026label=%20\u0026color=ba5225\n [dockerhub-version-ftb-uri]: https://hub.docker.com/repository/docker/antelle/keeweb/tags\n\n\u003c!-- BADGE \u003e DOCKER HUB \u003e PULLS --\u003e\n [dockerhub-pulls-img]: https://img.shields.io/docker/pulls/antelle/keeweb?logo=docker\u0026logoColor=FFFFFF\u0026label=Docker%20Pulls\u0026color=af9a00\n\n\u003c!-- prettier-ignore-end --\u003e\n\u003c!-- markdownlint-restore --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeeweb%2Fkeeweb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeeweb%2Fkeeweb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeeweb%2Fkeeweb/lists"}