{"id":28549136,"url":"https://github.com/pinkpixel-dev/keyper","last_synced_at":"2026-03-01T19:00:59.804Z","repository":{"id":310155799,"uuid":"1038909878","full_name":"pinkpixel-dev/keyper","owner":"pinkpixel-dev","description":"🔐 A self-hosted credential manager with zero-knowledge encryption, multi-user support, and emergency recovery. Store API keys, passwords, and secrets securely with your own Supabase database. Features AES-256-GCM encryption, Argon2 key derivation, PWA support, and professional-grade security architecture.","archived":false,"fork":false,"pushed_at":"2026-03-01T13:05:39.000Z","size":1579,"stargazers_count":105,"open_issues_count":3,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-01T13:51:03.881Z","etag":null,"topics":["aes","aes-encryption","api-keys","argon2","credential-manager","credentials","encryption","end-to-end-encryption","multi-user","password-manager","progressive-web-app","pwa","react","secret-management","security","self-hosted","supabase","typescript","vault","zero-knowledge"],"latest_commit_sha":null,"homepage":"https://keyper.pinkpixel.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pinkpixel-dev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":".github/AGENTS.md","dco":null,"cla":null}},"created_at":"2025-08-16T04:12:25.000Z","updated_at":"2026-03-01T13:05:42.000Z","dependencies_parsed_at":"2025-08-16T06:22:45.335Z","dependency_job_id":"8efe277c-466d-4c2e-baa0-771b0706959f","html_url":"https://github.com/pinkpixel-dev/keyper","commit_stats":null,"previous_names":["pinkpixel-dev/keyper"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/pinkpixel-dev/keyper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinkpixel-dev%2Fkeyper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinkpixel-dev%2Fkeyper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinkpixel-dev%2Fkeyper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinkpixel-dev%2Fkeyper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pinkpixel-dev","download_url":"https://codeload.github.com/pinkpixel-dev/keyper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pinkpixel-dev%2Fkeyper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29980770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T16:35:47.903Z","status":"ssl_error","status_checked_at":"2026-03-01T16:35:44.899Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","aes-encryption","api-keys","argon2","credential-manager","credentials","encryption","end-to-end-encryption","multi-user","password-manager","progressive-web-app","pwa","react","secret-management","security","self-hosted","supabase","typescript","vault","zero-knowledge"],"created_at":"2025-06-10T02:00:29.184Z","updated_at":"2026-03-01T19:00:59.757Z","avatar_url":"https://github.com/pinkpixel-dev.png","language":"TypeScript","readme":"# 🔐 Keyper - Self-Hosted Credential Management\n\n\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"./public/logo.png\" alt=\"Keyper Logo\" width=\"300\" /\u003e\n\n**✨ Your Credentials. Your Security. Your Rules. ✨**\n\n[![Version](https://img.shields.io/npm/v/@pinkpixel/keyper?style=for-the-badge\u0026color=06B6D4)](https://www.npmjs.com/package/@pinkpixel/keyper)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg?style=for-the-badge)](LICENSE)\n[![React](https://img.shields.io/badge/React-19.1-61DAFB?style=for-the-badge\u0026logo=react)](https://reactjs.org/)\n[![TypeScript](https://img.shields.io/badge/TypeScript-5.8-3178C6?style=for-the-badge\u0026logo=typescript)](https://www.typescriptlang.org/)\n[![Supabase](https://img.shields.io/badge/Supabase-Ready-3ECF8E?style=for-the-badge\u0026logo=supabase)](https://supabase.com/)\n[![Docker](https://img.shields.io/badge/Docker-Ready-2496ED?style=for-the-badge\u0026logo=docker)](https://hub.docker.com/)\n[![Electron](https://img.shields.io/badge/Electron-v33-47848F?style=for-the-badge\u0026logo=electron)](https://www.electronjs.org/)\n[![PWA](https://img.shields.io/badge/PWA-Enabled-5A0FC8?style=for-the-badge)](https://web.dev/progressive-web-apps/)\n\n_A modern, secure, self-hosted credential management application for storing and organizing your digital credentials with complete privacy and control._\n\n[🚀 Quick Start](#-quick-start) • [🖼️ Screenshots](#️-screenshots) • [📦 Installation](#-installation) • [🗄️ Setup](#️-database-setup) • [📱 PWA](#-progressive-web-app) • [🔧 Troubleshooting](#-troubleshooting)\n\n\u003c/div\u003e\n\n---\n\n## 📥 Download\n\nDesktop installers are available on the **[Keyper website](https://keyper.pinkpixel.dev/getting-started/install-and-run/)**.\n\n| Platform | Package         | Download                                                                                             |\n| -------- | --------------- | ---------------------------------------------------------------------------------------------------- |\n| 🐧 Linux | AppImage        | [Keyper-1.1.0.AppImage](https://pub-da847cd0fc1045b3a5a7fcc39a3be134.r2.dev/Keyper-1.1.0.AppImage)   |\n| 🐧 Linux | `.deb` (x86_64) | [keyper_1.1.0_amd64.deb](https://pub-da847cd0fc1045b3a5a7fcc39a3be134.r2.dev/keyper_1.1.0_amd64.deb) |\n| 🐧 Linux | `.deb` (ARM64)  | [keyper_1.1.0_arm64.deb](https://pub-da847cd0fc1045b3a5a7fcc39a3be134.r2.dev/keyper_1.1.0_arm64.deb) |\n\n---\n\n## 🖼️ Screenshots\n\n![Keyper Screenshot 1](./screenshots/screenshot1.png)\n\n![Keyper Screenshot 2](./screenshots/screenshot2.png)\n\n![Keyper Screenshot 3](./screenshots/screenshot3.png)\n\n![Keyper Screenshot 4](./screenshots/screenshot4.png)\n\n![Keyper Screenshot 5](./screenshots/screenshot5.png)\n\n---\n\n## 🌟 Features\n\n### 🔒 **Secure Credential Storage**\n\n- 🔑 **API Keys** - Store and organize your API credentials\n- 🔐 **Login Credentials** - Username/password combinations\n- 🤫 **Secrets** - Sensitive configuration values\n- 🎫 **Tokens** - Authentication and access tokens\n- 📜 **Certificates** - SSL certificates and keys\n\n### 🏷️ **Smart Organization**\n\n- 📂 **Categories** - Group credentials by service or type\n- 🔖 **Tags** - Flexible labeling system\n- ⚡ **Priority Levels** - Low, Medium, High, Critical\n- 📅 **Expiration Tracking** - Never miss renewal dates\n- 🔍 **Real-time Search** - Find credentials instantly\n\n### 🛡️ **Enterprise-Grade Security**\n\n- 🔒 **Row Level Security (RLS)** - Database-level isolation\n- 🔐 **End-to-End Encryption** - Client-side encryption, zero-knowledge architecture\n- 👤 **Multi-User Support** - Support for multiple users on the same instance\n- 🌐 **Secure Connections** - HTTPS/TLS encryption\n- 🏠 **Self-Hosted** - Complete control over your data\n\n### 🔐 **Advanced Encryption Features**\n\n- **Zero-Knowledge Architecture** - All encryption happens client-side\n- **AES-256-GCM Encryption** - Industry-standard authenticated encryption\n- **Argon2id Key Derivation** - Memory-hard, ASIC-resistant (with PBKDF2 fallback)\n- **Auto-Lock Protection** - 15-minute inactivity timeout with activity detection\n- **Simplified Bcrypt Master Passphrase** - Secure bcrypt-only authentication for new users\n- **Backwards Compatibility** - Legacy wrapped DEK system maintained for existing users\n- **User-Controlled Reset** - Secure emergency passphrase reset without admin backdoors\n- **Database-Only Storage** - No localStorage usage except for database config\n- **Professional Security Audit** - EXCELLENT security rating\n\n### 📱 **Modern Experience**\n\n- 🌙 **Dark Theme** - Easy on the eyes\n- 📱 **Responsive Design** - Works on all devices\n- ⚡ **Progressive Web App** - Install like a native app\n- 🚀 **Fast Performance** - Built with Vite and React 19\n- 🎨 **Beautiful UI** - Modern glassmorphism design\n\n---\n\n## 🚀 Quick Start\n\nGet Keyper running on your own infrastructure in under 5 minutes!\n\n### Prerequisites\n\n- **Node.js 18+** installed on your system\n- **Supabase account** (free tier works perfectly!)\n- **Modern web browser** (Chrome, Firefox, Safari, Edge)\n\n### ⚡ 1-Minute Installation\n\n```bash\n# Install Keyper globally\nnpm install -g @pinkpixel/keyper\n\n# Start the server (default port 4173)\nkeyper\n\n# Or start with custom port\nkeyper --port 3000\n\n# Open in your browser\n# 🌐 http://localhost:4173 (or your custom port)\n```\n\n**That's it!** 🎉 Follow the in-app setup wizard to configure your Supabase database.\n\n### 🌐 Try the Demo\n\n**Want to try Keyper before installing?** Visit our hosted demo:\n\n**🔗** [**keyper.pinkpixel.dev**](https://keyper.pinkpixel.dev)\n\nJust enter your own Supabase credentials and start managing your encrypted credentials instantly! Your data stays completely private since all encryption happens in your browser.\n\n**Demo Usage:**\n\n- ✅ **Completely Secure** - Zero-knowledge architecture means your data never leaves your browser\n- ✅ **Real Functionality** - Full Keyper experience with your own Supabase instance\n- ✅ **No Registration** - Just bring your Supabase URL and anon/publishable key\n- ⚠️ **Demo Limitations** - Recommended for testing and light usage only\n- 🏠 **Self-Host for Production** - Install locally for best performance and full control\n\n_Note: The demo uses the same secure architecture as self-hosted Keyper. Your Supabase credentials are stored only in your browser's localStorage and never transmitted to our servers._\n\n---\n\n## 📦 Installation\n\n### Method 1: Global NPM Installation (Recommended)\n\n```bash\nnpm install -g @pinkpixel/keyper\n```\n\n**Available Commands:**\n\n- `keyper` - Start Keyper server\n- `keyper --port 3000` - Start on custom port\n- `keyper --help` - Show help and usage\n- `credential-manager` - Alternative command\n- `keyper-dashboard` - Another alternative\n\n### Method 2: NPX (No Installation Required)\n\n```bash\nnpx @pinkpixel/keyper\n```\n\n### Method 3: Local Development\n\n```bash\ngit clone https://github.com/pinkpixel-dev/keyper.git\ncd keyper\nnpm install\nnpm run build\nnpm start\n```\n\n### Method 4: 🐳 Docker\n\nRun Keyper as a containerised web app — no Node.js required on the host!\n\n```bash\n# Clone the repo\ngit clone https://github.com/pinkpixel-dev/keyper.git\ncd keyper\n\n# Build \u0026 start (serves on http://localhost:8080)\ndocker compose up -d\n\n# Or on a custom port\nHOST_PORT=3030 docker compose up -d\n\n# Force rebuild after source changes\ndocker compose up -d --build\n\n# Stop\ndocker compose down\n\n# Follow logs\ndocker compose logs -f\n```\n\nTo build and run the image directly (without Compose):\n\n```bash\ndocker build -t keyper .\ndocker run -d -p 8080:80 --name keyper --restart unless-stopped keyper\n```\n\n\u003e **Note:** All Supabase credentials are stored in browser `localStorage` — no environment variables or volumes are required.\n\n### Method 5: ⚡ Electron Desktop App\n\nRun Keyper as a native desktop app on **Linux or macOS**!\n\n#### Preview (no packaging)\n\n```bash\ngit clone https://github.com/pinkpixel-dev/keyper.git\ncd keyper\nnpm install\nnpm run electron:preview\n```\n\n#### Build a distributable installer\n\n```bash\n# all platforms (requires the target OS or cross-compile toolchain)\nnpm run electron:build\n\n# platform-specific\nnpm run electron:build:linux   # AppImage + deb\nnpm run electron:build:mac     # DMG + zip (Intel \u0026 Apple Silicon)\n```\n\nInstallers are output to `dist-electron/`.\n\n---\n\n## 🗄️ Database Setup\n\n### Step 1: Create Your Supabase Project\n\n1. Visit [supabase.com](https://supabase.com) and sign up/login\n2. Click **\"New Project\"**\n3. Configure your project:\n   - **Name**: `keyper-db` (or your preference)\n   - **Database Password**: Generate a strong password\n   - **Region**: Choose closest to your location\n\n4. Wait 1-2 minutes for setup completion\n\n### Step 2: Get Your Credentials\n\n1. In Supabase dashboard: **Settings** → **API**\n2. Copy these values:\n   - **Project URL**: `https://your-project.supabase.co`\n   - **anon/public key**: `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...`\n\n⚠️ **Important**: Use the **anon/public** key, NOT the service_role key!\n\n### Step 3: Configure Keyper\n\n1. Start Keyper: `keyper`\n2. Open [http://localhost:4173](http://localhost:4173)\n3. **Database Setup**: Configure your Supabase connection\n   - Enter your Supabase URL and anon/publishable key\n   - Copy and run the complete SQL setup script in Supabase SQL Editor\n   - The script creates tables with the latest security features:\n     - `raw_dek` and `bcrypt_hash` columns for the new simplified security model\n     - Backwards compatibility for existing users with legacy `wrapped_dek` system\n   - Test the connection\n\n4. **Master Passphrase**: Create your encryption passphrase\n   - Choose a strong passphrase (8+ characters recommended)\n   - New users get the simplified bcrypt-only authentication system\n   - This encrypts all your credentials client-side with secure emergency reset capabilities\n\n5. **Start Managing**: Add your first encrypted credential! 🎉\n\n---\n\n## 📱 Progressive Web App\n\nKeyper works as a Progressive Web App for a native app experience!\n\n### 🖥️ Desktop Installation\n\n1. Open Keyper in Chrome/Edge/Firefox\n2. Look for the install icon in the address bar\n3. Click to install as a desktop app\n4. Access from your applications menu\n\n### 📱 Mobile Installation\n\n1. Open Keyper in your mobile browser\n2. Tap the browser menu (⋮)\n3. Select **\"Add to Home Screen\"** or **\"Install App\"**\n4. Access from your home screen\n\n### ✨ PWA Benefits\n\n- 📱 Native app experience\n- 🚀 Faster loading times\n- 🌐 Offline functionality\n- 🔄 Background updates\n- 📲 Push notifications (coming soon)\n\n---\n\n## 🔧 Troubleshooting\n\n### Common Issues\n\n**❌ \"Connection failed: Database connection failed\"**\n\n- Verify URL format - now supports any valid HTTP/HTTPS URL (v1.0.6+)\n  - ✅ Cloud: `https://your-project.supabase.co`\n  - ✅ Local: `http://localhost:54321`, `http://192.168.1.100:8000`\n  - ✅ Custom: `https://supabase.mydomain.com`\n- Use **anon/public** key, not service_role\n- Check that your Supabase project is active\n\n**❌ \"relation 'credentials' does not exist\"**\n\n- Run the complete SQL setup script in Supabase SQL Editor\n- Ensure the script completed without errors\n\n**❌ Dashboard shows \"No credentials found\"**\n\n- Click **\"Refresh App\"** button\n- Clear browser cache and reload\n- For PWA: Uninstall and reinstall the app\n\n**❌ Can't enter new credentials after clearing configuration**\n\n- Refresh the page after clearing configuration\n- Ensure you're using a valid HTTP/HTTPS URL (any format supported in v1.0.6+)\n- Try clearing browser cache if form inputs appear stuck\n\n**❌ Categories dropdown is empty when using custom username**\n\n- This issue has been resolved in the latest version\n- Categories should now appear for all usernames (both default and custom)\n- If still experiencing issues, try refreshing the page after setting your username\n\n**❌ App doesn't show setup wizard after clearing database**\n\n- Clear browser cache and cookies for the site\n- For Chrome/Edge: Settings → Privacy → Clear browsing data → Cookies and cached files\n- For Firefox: Settings → Privacy → Clear Data → Cookies and Site Data + Cached Web Content\n- Refresh the page to see the initial setup screen\n\n**❌ Stuck in configuration loops or can't access settings**\n\n- Clear browser cache and localStorage completely\n- Refresh the page and reconfigure your database connection\n- Ensure your Supabase credentials are correct\n- Use the built-in database health checks to verify table integrity\n\n**❌ Multi-user vault conflicts**\n\n- Each user has their own isolated encrypted vault\n- Switch users by changing the username in settings\n- Refresh the page after switching users for proper vault isolation\n- Each user's data is completely separate and encrypted individually\n\n### 🔑 Master Passphrase Reset\n\n**Forgot your master passphrase?** No problem! Your encrypted data is completely safe and you can securely reset your passphrase:\n\n**Important**: It's not possible to _view_ your current master passphrase, but you can _update/change_ it using our secure bcrypt-based reset system.\n\n📖 **Complete Reset Guide**: For detailed step-by-step instructions, see our comprehensive [Emergency Passphrase Reset Guide](./docs/EMERGENCY_PASSPHRASE_RESET.md)\n\n**Quick Overview:**\n\n1. Access your Supabase dashboard and navigate to the `vault_config` table\n2. Generate a new bcrypt hash using your desired new passphrase\n3. Replace the `bcrypt_hash` value in your database\n4. Login with your new passphrase\n\n**Security Benefits:**\n\n- ✅ **No Backdoors**: Complete elimination of admin override capabilities\n- ✅ **User Control**: Only you can reset your own passphrase\n- ✅ **Data Safety**: Your encrypted credentials remain completely safe\n- ✅ **Industry Standard**: Uses proven bcrypt hashing technology\n- ✅ **Zero Knowledge**: Hash-only storage ensures maximum security\n\n### Getting Help\n\n1. Check the [Self-Hosting Guide](SELF-HOSTING.md)\n2. Review browser console for errors (F12 → Console)\n3. Verify Supabase project logs\n4. Use the master passphrase reset process above for password issues\n5. Report issues on [GitHub](https://github.com/pinkpixel-dev/keyper/issues)\n\n---\n\n---\n\n## 🛡️ Security \u0016 Privacy\n\n### Your Data, Your Control\n\n- ✅ **Self-Hosted** - Run on your own infrastructure\n- ✅ **Private Database** - Your Supabase instance\n- ✅ **No Tracking** - Zero telemetry or analytics\n- ✅ **Open Source** - Fully auditable code\n\n### Security Features\n\n- 🔒 **Row Level Security** - Database-level access control\n- 🔐 **Encryption** - Data encrypted at rest and in transit\n- 👤 **User Isolation** - Each user sees only their data\n- 🛡️ **Secure Authentication** - Supabase Auth integration\n\n### Multi-User Notes\n\n- **User Switching**: When switching between different user accounts, refresh the page after logging out to ensure proper vault isolation\n- **Optimal Experience**: This ensures clean cryptographic state and prevents any potential vault conflicts between users\n\n---\n\n## 🚀 Tech Stack\n\n- **Frontend**: React 19.1 + TypeScript\n- **Build Tool**: Vite 7.0\n- **Styling**: Tailwind CSS + shadcn/ui\n- **Backend**: Supabase (PostgreSQL + Auth)\n- **State Management**: TanStack Query\n- **Forms**: React Hook Form + Zod\n- **PWA**: Vite PWA Plugin + Workbox\n\n---\n\n## 📄 License\n\nThis project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n---\n\n## Made with 💖\n\n**Created by Pink Pixel** ✨  \n_Dream it, Pixel it_\n\n- 🌐 **Website**: [pinkpixel.dev](https://pinkpixel.dev)\n- 📧 **Email**: [admin@pinkpixel.dev](mailto:admin@pinkpixel.dev)\n- 💬 **Discord**: @sizzlebop\n- ☕ **Support**: [Buy me a coffee](https://www.buymeacoffee.com/pinkpixel)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**⭐ Star this repo if Keyper helps secure your digital life! ⭐**\n\n\u003c/div\u003e\n","funding_links":["https://www.buymeacoffee.com/pinkpixel"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpinkpixel-dev%2Fkeyper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpinkpixel-dev%2Fkeyper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpinkpixel-dev%2Fkeyper/lists"}