{"id":50927231,"url":"https://github.com/zanni098/hemdal","last_synced_at":"2026-06-17T00:04:02.680Z","repository":{"id":357306941,"uuid":"1236253676","full_name":"zanni098/hemdal","owner":"zanni098","description":"Hemdal - Secure cross-platform password, secret, and variable manager with P2P sync","archived":false,"fork":false,"pushed_at":"2026-05-12T08:54:24.000Z","size":14731,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-05-12T09:06:51.689Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://hemdal-avob9mrsv-zanni098s-projects.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zanni098.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-12T04:49:55.000Z","updated_at":"2026-05-12T08:54:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/zanni098/hemdal","commit_stats":null,"previous_names":["zanni098/hemdal"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/zanni098/hemdal","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zanni098%2Fhemdal","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zanni098%2Fhemdal/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zanni098%2Fhemdal/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zanni098%2Fhemdal/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zanni098","download_url":"https://codeload.github.com/zanni098/hemdal/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zanni098%2Fhemdal/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34428197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-16T02:00:06.860Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-17T00:03:56.997Z","updated_at":"2026-06-17T00:04:02.674Z","avatar_url":"https://github.com/zanni098.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hemdal\n\nHemdal is a secure, cross-platform password, secret, and environment variable manager with peer-to-peer sync. It stores your credentials with end-to-end encryption and autofills them into websites via a browser extension.\n\n## Features\n\n- **End-to-End Encryption**: All vault items are encrypted with AES-256-GCM. Your master password is never stored; a vault key is derived using Argon2id.\n- **Zero-Knowledge Architecture**: Only encrypted blobs leave your device during sync.\n- **Cross-Platform Desktop App**: Built with Tauri (Rust + React), running on Windows, macOS, and Linux.\n- **Browser Autofill**: Chrome/Firefox extension detects login forms, fills credentials automatically, and offers to save new passwords.\n- **Biometric Unlock**: Unlock your vault with Windows Hello (Touch ID / Face ID support coming soon).\n- **TOTP / 2FA Code Generator**: Generate 6-digit 2FA codes from stored TOTP secrets with a live 30-second countdown.\n- **Password Generator**: Built-in generator with configurable length, character types, and strength meter.\n- **Password Breach Check**: Check passwords against the Have I Been Pwned database via k-Anonymity API.\n- **Fuzzy Search**: Quickly find items with fast substring scoring search.\n- **Import / Export**: Import from Bitwarden JSON, 1Password CSV, or generic CSV. Export to encrypted JSON or CSV.\n- **System Tray \u0026 Auto-Lock**: Minimize to tray, lock from tray menu, and auto-lock after 10 minutes of inactivity.\n- **P2P Sync**: Synchronize your vault across devices on your local network without any cloud server (framework ready).\n- **Multiple Secret Types**: Passwords, API keys, SSH keys, environment variables, secure notes, and credit cards.\n\n## Architecture\n\n```\nhemdal/\n├── apps/\n│   ├── desktop/          # Tauri desktop application (React + Rust)\n│   ├── extension/        # Browser extension (Chrome/Firefox MV3)\n│   └── web/              # Marketing website (Next.js + Supabase)\n├── packages/\n│   ├── types/            # Shared TypeScript types\n│   ├── crypto/           # Shared crypto utilities\n│   └── protocol/         # P2P sync protocol definitions\n```\n\n### Security Model\n\n1. **Master Password** -\u003e Argon2id -\u003e Master Key\n2. **Master Key** -\u003e Decrypts -\u003e Vault Key (stored encrypted at rest)\n3. **Vault Key** -\u003e AES-256-GCM -\u003e All vault items\n\nThe browser extension never stores your master password or vault key. It communicates with the desktop app via a local HTTP API (localhost:19421) only when the vault is unlocked.\n\n### Biometric Unlock (Windows Hello)\n\nWhen enabled, a random biometric key is generated and protected by Windows DPAPI. The vault key is encrypted with this biometric key and stored on disk. On unlock, the system prompts for Windows Hello verification, DPAPI decrypts the biometric key, which then decrypts the vault key. The master password is never stored.\n\n## Development\n\n### Prerequisites\n\n- [Rust](https://rustup.rs/)\n- [Node.js](https://nodejs.org/) + [pnpm](https://pnpm.io/)\n- [Tauri CLI](https://tauri.app/start/prerequisites/)\n\n### Setup\n\n```bash\n# Install dependencies\npnpm install\n\n# Build shared packages\npnpm build:desktop\npnpm build:extension\n\n# Run the desktop app in dev mode\npnpm dev:desktop\n\n# Build the browser extension\ncd apps/extension\npnpm build\n# Then load `apps/extension/dist` as an unpacked extension in Chrome\n```\n\n### Desktop App Commands\n\n```bash\n# Dev mode\npnpm dev:desktop\n\n# Build for production\npnpm build:desktop\n\n# Build Tauri binary (installers)\ncd apps/desktop \u0026\u0026 pnpm tauri:build\n```\n\n### Browser Extension\n\n1. Build the extension: `cd apps/extension \u0026\u0026 pnpm build`\n2. Open Chrome and navigate to `chrome://extensions/`\n3. Enable \"Developer mode\"\n4. Click \"Load unpacked\" and select `apps/extension/dist`\n5. The extension will show a checkmark badge when the Hemdal desktop app is running and the vault is unlocked\n\n### Website (Next.js + Supabase)\n\nThe `apps/web` directory contains a beautiful marketing website built with Next.js, Tailwind CSS, Framer Motion, and Supabase.\n\n**Features:**\n\n- Animated landing page with Hero, Features, Use Cases, Security, Download, and Newsletter sections\n- Supabase Auth (GitHub OAuth + Magic Link email)\n- Authenticated account dashboard\n- Contact / Newsletter API backend\n- Auto-deploys to Vercel on every push to `master`\n\n**Local Setup:**\n\n1. Copy `apps/web/.env.example` to `apps/web/.env.local`\n2. Add your Supabase project URL and anon key\n3. Run the initial migration in `apps/web/supabase/migrations/001_initial.sql`\n4. Enable GitHub OAuth provider in Supabase Auth settings\n\n**Commands:**\n\n```bash\n# Dev mode\npnpm dev:web\n\n# Build for production\npnpm build:web\n```\n\n**Deploy to Vercel (GitHub Actions):**\n\n1. Install the Vercel CLI locally: `npm i -g vercel`\n2. Login: `vercel login`\n3. Link the project (from `apps/web`): `cd apps/web \u0026\u0026 vercel link`\n4. Get your token: `vercel tokens create`\n5. In your GitHub repo, go to **Settings \u003e Secrets and variables \u003e Actions** and add:\n   - `VERCEL_TOKEN` — from step 4\n   - `VERCEL_ORG_ID` — from `.vercel/project.json`\n   - `VERCEL_PROJECT_ID` — from `.vercel/project.json`\n   - `NEXT_PUBLIC_SUPABASE_URL` — your Supabase project URL\n   - `NEXT_PUBLIC_SUPABASE_ANON_KEY` — your Supabase anon key\n6. Push to `master` and the site will auto-deploy via `.github/workflows/deploy-web.yml`\n\n## Roadmap\n\n- [x] Core vault with AES-256-GCM encryption\n- [x] Desktop app with React UI\n- [x] Browser extension with form detection\n- [x] Local HTTP API for extension communication\n- [x] Browser extension save-new-credentials flow\n- [x] TOTP code generation\n- [x] Secure password generator\n- [x] Import from 1Password / Bitwarden / CSV\n- [x] Export to JSON / CSV\n- [x] Fuzzy search\n- [x] Password breach check via Have I Been Pwned\n- [x] Biometric unlock (Windows Hello)\n- [x] System tray with auto-lock\n- [ ] Full native messaging host support\n- [ ] iOS/Android app with native autofill\n- [ ] P2P sync over mDNS / WebRTC\n- [ ] Biometric unlock on macOS (Touch ID) and Linux\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzanni098%2Fhemdal","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzanni098%2Fhemdal","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzanni098%2Fhemdal/lists"}