{"id":16058051,"url":"https://github.com/tylim88/password-manager","last_synced_at":"2026-05-06T22:10:59.616Z","repository":{"id":41827351,"uuid":"485540772","full_name":"tylim88/Password-Manager","owner":"tylim88","description":"client side and server side encryption","archived":false,"fork":false,"pushed_at":"2022-06-04T13:25:23.000Z","size":3650,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-10T15:50:43.510Z","etag":null,"topics":["firebase","react"],"latest_commit_sha":null,"homepage":"https://password-manager-3f905.web.app/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tylim88.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-25T21:29:35.000Z","updated_at":"2023-03-07T05:10:01.000Z","dependencies_parsed_at":"2022-08-11T18:40:46.568Z","dependency_job_id":null,"html_url":"https://github.com/tylim88/Password-Manager","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tylim88%2FPassword-Manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tylim88%2FPassword-Manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tylim88%2FPassword-Manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tylim88%2FPassword-Manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tylim88","download_url":"https://codeload.github.com/tylim88/Password-Manager/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305947,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firebase","react"],"created_at":"2024-10-09T03:06:09.715Z","updated_at":"2026-05-06T22:10:54.578Z","avatar_url":"https://github.com/tylim88.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Read Me\n\n![password-manager](https://raw.githubusercontent.com/tylim88/Password-Manager/main/img1.png)\n\nhttps://password-manager-3f905.web.app/\n\nFeatures:\n\n1. Add, edit and delete passwords\n2. prevent duplicated username + site combination passwords\n3. drag and drop to reorder passwords\n4. sort passwords\n5. search passwords\n6. change master password\n7. logout user upon idle\n8. super smooth UX\n9. reset all state upon log out\n10. API data validation on both ends\n11. full API type safety on both ends.\n12. Programmatically set env var in Firebase function(with type safety)\n13. impossible to use wrong Firebase function name on both end\n14. script for prod and dev\n15. CI\n16. Structured code\n17. Standardize Firebase function error handling and logging.\n18. Does not log errors in prod environment when processing Master Password to prevent accidentally logging sensitive data. Dev environment log everything.\n\netc etc\n\nNot only this code demonstrate how to make a password manager, but also how to scale the code and setup project for different environments. The only thing missing is tests.\n\nIn practice, you should not commit `functions/.secret/prod.json` file to the repository. This repo is for learning purpose.\n\nKeep in mind if user lost their Master Password, they lose everything. Such mechanic IS A MUST because if you can recover it, it means you can access their site, username and password anytime you want, your user is not safe from you!\n\nYou don't really need to hash master password, because if you failed to decrypt, then it basically means the master password is incorrect. It is just more intuitive to verify master password with hash.\n\nPlus storing master password hash is also useful if you want to stop user from reusing old master password(s).\n\nStore anything you want as long as you do not use anything you store in database as encryption key, then your users passwords are safe from you.\nIs there any better way to encrypt passwords?\n\nYes, a better way is to encrypt on client side using only client master password(without mixing with secret from server). This is faster(on client side), safer(no secret send to server) and easier to code(much fewer validations on server).\n\n[Client side encryption repo](https://github.com/tylim88/Password-Manager/tree/client).**IMPORTANT: do not use the same Firebase config for both client side encryption and server side encryption, their database model is different!**\n\n## Quick Start\n\n1. `npm run reinstall \u0026\u0026 npm f-reinstall`\n2. change all the `REACT_APP_xxx` configs in `.github` folder to your own configs, you can use same config for both\n3. backup `.github` folder to other folder.\n4. `firebase init` setup Github Action deploys\n5. copy the `firebaseServiceAccount` and `projectId` from the new `.github` folder to backup `.github` folder.\n6. Delete the new `.github` folder and move back the back `.github` folder.\n7. Change all the `REACT_APP_xxx` configs in `.config` folder to your own configs, you can use same config for both file\n8. make sure the default project name in `firebase.json` is correct.\n\nTo work in dev:\n\n1. Run `npm run f-d-deploy` to deploy functions to dev.\n2. Run `npm run d-start` to start localhost.\n\nTo go live:\n\n1. Run `npm run f-p-deploy` to deploy functions to prod.\n2. Commit your code, it will deploy hosting to prod.\n\n## Note\n\n1. The scripts automatically sync `functions/src/schema` to `src/scheme` but NOT vice versa, so you should only make change to `functions/src/schema`.\n2. You can manually sync it by using `npm run copy`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftylim88%2Fpassword-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftylim88%2Fpassword-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftylim88%2Fpassword-manager/lists"}