https://github.com/caball-ero/passanova
PassaNova is a full-featured password manager built with Python and Flask, designed for secure credential storage and retrieval. It emphasizes strong encryption, robust authentication, and modern web practices to ensure data protection and ease of use
https://github.com/caball-ero/passanova
aes-gcm argon2 flask html jinja pbkdf2 python sqlite
Last synced: about 2 months ago
JSON representation
PassaNova is a full-featured password manager built with Python and Flask, designed for secure credential storage and retrieval. It emphasizes strong encryption, robust authentication, and modern web practices to ensure data protection and ease of use
- Host: GitHub
- URL: https://github.com/caball-ero/passanova
- Owner: caball-ero
- Created: 2025-07-03T12:03:43.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2025-07-03T12:32:44.000Z (12 months ago)
- Last Synced: 2025-07-03T13:32:44.137Z (12 months ago)
- Topics: aes-gcm, argon2, flask, html, jinja, pbkdf2, python, sqlite
- Language: Python
- Homepage:
- Size: 9.77 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# PassaNova
**Secure, modern password manager built with Python & Flask.**
> PassaNova stores your credentials in an AES‑256‑GCM–encrypted vault, protected by an Argon2‑hashed master password. 100% local encryption, zero plaintext exposure.
---
## Features
- **Argon2‑protected master account** — strong, salted hashing
- **Full CRUD vault** — create, read, update, delete credentials
- **AES‑256‑GCM encryption** — per‑entry nonce & PBKDF2‑derived key
- **Re‑authentication gates** — sensitive operations prompt for password again
- **Modular OOP design** — separate `Cipher` (crypto) & `Vault` (data) classes
- **Flask Web UI** — clean, responsive templates
- **Logging & error handling** — secure logging without leaking secrets
---
## Architecture at a Glance
```
+------------+
| Browser |
+-----+------+ +-------------+
| HTTP(S) requests | Database |
+---------------v---------------+ | (SQLite) |
| Flask | +------+------+
| ┌──────────────┐ ┌────────┐ |
| | Routes | | Render | |
| | /login | | HTML | |
| └─────────┘ └───────┘ |
| | session auth | +------+------+
| +-----v-----+ +--------v---+ +------+------+
| | Cipher |<----->| Vault |<--| Cipher |
| +-----------+ +------------+ +-------------+
| (AES‑GCM) (CRUD ops) (Argon2) |
+------------------------------------------------------+
```
---
## Tech Stack
| Layer | Tech |
| -------- | --------------------------------------- |
| Language | Python 3.12 |
| Web | Flask, Jinja2 |
| Crypto | `cryptography` (AES‑GCM), `argon2‑cffi` |
| DB (dev) | SQLite (MySQL planned) |
| Frontend | HTML5, CSS (Bootstrap‑lite) |
---
## Quickstart
```bash
# 1. Clone repo
$ git clone https://github.com//PassaNova.git
$ cd PassaNova
# 2. Create & activate virtual env
$ python -m venv venv
$ source venv/bin/activate # Windows: venv\Scripts\activate
# 3. Install dependencies
$ pip install -r requirements.txt
# 4. Set a FLASK_SECRET_KEY env var or edit config.py
# 5. Run
$ python run.py
```
Open `http://127.0.0.1:5000` in your browser and create your master account.
---
## Security Notes
1. **Master Password** ➔ Argon2id (time_cost = 3, memory_cost = 64 MB, parallelism = 4)
2. **Vault Entries** ➔ AES‑256‑GCM with per‑entry 12‑byte nonce
3. **Key Derivation** ➔ PBKDF2‑HMAC‑SHA256, 100k iterations, unique 16‑byte salt per entry
4. **No credentials in logs** — errors are logged securely via `logging.exception()`.
---
## Roadmap
- Search & filtering interface
- 2‑Factor Authentication (TOTP)
- Migrate to MySQL for production
- Encrypted export / import
- Automated test suite (pytest)
---
## Contributing
Pull requests are welcome! Please open an issue first to discuss major changes.
1. Fork the repo & clone locally.
2. Create a feature branch: `git checkout -b feature/awesome`.
3. Commit & push: `git push origin feature/awesome`.
4. Open a PR.
---
## License
This project is licensed under the **MIT License** — see `LICENSE` for details.