Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nextcloud/passman
🔐 Open source password manager with Nextcloud integration
https://github.com/nextcloud/passman
hacktoberfest nextcloud passman password-manager
Last synced: 27 days ago
JSON representation
🔐 Open source password manager with Nextcloud integration
- Host: GitHub
- URL: https://github.com/nextcloud/passman
- Owner: nextcloud
- License: agpl-3.0
- Created: 2016-09-07T11:30:00.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2024-05-23T01:08:40.000Z (5 months ago)
- Last Synced: 2024-05-23T02:52:37.055Z (5 months ago)
- Topics: hacktoberfest, nextcloud, passman, password-manager
- Language: JavaScript
- Homepage: https://passman.cc
- Size: 13.9 MB
- Stars: 771
- Watchers: 45
- Forks: 107
- Open Issues: 130
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: COPYING
- Authors: AUTHORS.md
Awesome Lists containing this project
- awesome-nextcloud - passman - Password Manager for NC (Apps / Official)
- awesome-starred - nextcloud/passman - 🔐 Open source password manager with Nextcloud integration (hacktoberfest)
- awesome-open-source-systems - Passman - Open source password manager with Nextcloud integration. (Password Manager / Uptime Monitoring)
README
# Passman
Passman is a full featured password manager.[![Build Status](https://travis-ci.org/nextcloud/passman.svg?branch=master)](https://travis-ci.org/nextcloud/passman)
[![Docker Automated buid](https://img.shields.io/docker/build/brantje/passman.svg)](hub.docker.com/r/brantje/passman/)
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/749bb288c9fd4592a73056549d44a85e)](https://www.codacy.com/app/brantje/passman?utm_source=github.com&utm_medium=referral&utm_content=nextcloud/passman&utm_campaign=Badge_Grade)
[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/749bb288c9fd4592a73056549d44a85e)](https://www.codacy.com/app/brantje/passman?utm_source=github.com&utm_medium=referral&utm_content=nextcloud/passman&utm_campaign=Badge_Coverage)
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/nextcloud/passman/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/nextcloud/passman/?branch=master)## Join us!
Visit the [“Passman General Talk” Telegram Group](https://t.me/passman_general) to participate in all sorts of topical discussions about Passman and its apps!## Contents
* [Screenshots](https://github.com/nextcloud/passman#Screenshots)
* [Features](https://github.com/nextcloud/passman#features)
* [External apps](https://github.com/nextcloud/passman#external-apps)
* [Security](https://github.com/nextcloud/passman#security)
* [Password generation](https://github.com/nextcloud/passman#password-generation)
* [Storing credentials](https://github.com/nextcloud/passman#storing-credentials)
* [Support passman](https://github.com/nextcloud/passman#support-passman)
* [Development](https://github.com/nextcloud/passman#development)
* [API](https://github.com/nextcloud/passman#api)
* [Docker](https://github.com/nextcloud/passman#docker)
* [Maintainers](https://github.com/nextcloud/passman#main-developers)
* [Contributors](https://github.com/nextcloud/passman#contributors)## Screenshots
![Logged in to vault](http://i.imgur.com/ciShQZg.png)![Credential selected](http://i.imgur.com/3tENldT.png)
![Edit credential](http://i.imgur.com/Iwm3hUe.png)
![Password tool](http://i.imgur.com/ZYkN70r.png)
For more screenshots: [Click here](http://imgur.com/a/giKVt)
## Features:
* Multiple vaults
* Vault keys are never sent to the server
* 256-bit AES-encrypted credentials (see [security](https://github.com/nextcloud/passman#security))
* User-defined custom credentials fields
* Built-in OTP (One Time Password) generator
* Password analyzer
* Securely share passwords internally and via link
* Import from various password managers:
- KeePass
- LastPass
- DashLane
- ZOHO
- Clipperz.is
- EnPass
- [ocPasswords](https://github.com/fcturner/passwords)
Try a Passman demo [here](https://demo.passman.cc).## Tested on
- Nextcloud 14For older Versions see the [Releases Tab](https://github.com/nextcloud/passman/releases)
## External apps
* [Firefox / chrome extension](https://github.com/nextcloud/passman-webextension)
* [Android app](https://github.com/nextcloud/passman-android)## Database Compatibility
| | Supported | Tested | Untested |
| :--- | :---: | :---: | :---: |
| SQL Lite | • | | |
| MySQL / MariaDB | • | | |
| travis | | • | |
| pgsql | • | | |## Security
### Password generation
Passman can generate passwords *and* measure their strength using [zxcvbn](https://github.com/dropbox/zxcvbn).
![](http://i.imgur.com/2qVBUfM.png)Generate passwords as you like
![](http://i.imgur.com/jcRicOV.png)
Passwords are generated using `sjcl` randomization.### Storing credentials
All passwords are encrypted client side with [sjcl](https://github.com/bitwiseshiftleft/sjcl) using 256-bit AES.
You supply a vault key which sjcl uses to encrypt your credentials. Your encrypted credentials are then sent to the server and encrypted yet again using the following routine:
* A key is generated using `passwordsalt` and `secret` from config.php *(so back those up)*.
* The key is [stretched](http://en.wikipedia.org/wiki/Key_stretching) using [Password-Based Key Derivation Function 2](http://en.wikipedia.org/wiki/PBKDF2) (PBKDF2).
* [Encrypt-then-MAC](http://en.wikipedia.org/wiki/Authenticated_encryption#Approaches_to_Authenticated_Encryption) (EtM) is used to ensure encrypted data authenticity.
* Uses openssl with the `aes-256-cbc` cipher.
* [Initialization vector](http://en.wikipedia.org/wiki/Initialization_vector) (IV) is hidden.
* [Double Hash-based Message Authentication Code](http://en.wikipedia.org/wiki/Hash-based_message_authentication_code) (HMAC) is applied for source data verification.### Sharing credentials
Passman allows users to share passwords. *(Administrators may disable this feature.)*## API
Passman offers a [developer API](https://github.com/nextcloud/passman/wiki/API).## Support Passman
Passman is open source but we’ll gladly accept a beer *or pizza!* Please consider donating:
* [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6YS8F97PETVU2)
* [Patreon](https://www.patreon.com/user?u=4833592)
* [Flattr](https://flattr.com/@passman)
* bitcoin: 1H2c5tkGX54n48yEtM4Wm4UrAGTW85jQpe## Code reviews
If you have any code improvements:
* Clone us
* Make your edits
* Add your name to the contributors
* Send a [PR](https://github.com/nextcloud/passman/pulls)Or, if you’re feeling lazy, create an issue and we’ll think about it.
## Docker
To run Passman with [Docker](https://www.docker.com/), use our test Docker image. Supply your own self-signed SSL certs or use [Let’s Encrypt](https://letsencrypt.org/). Please note: The Docker image is for _testing *only*_ as database user / password are hardcoded.
If you’d like to *spice up* our Passman Docker image into a full-fledged, production-ready install, you’re welcome to do so. Please note:
* Port 80 and 443 are used
* SSL is enabled (or disabled if no certs are found)
* Container startup time must be less than 15 secondsExample:
```
docker run -p 8080:80 -p 8443:443 -v /directory/cert.pem:/data/ssl/cert.pem -v /directory/cert.key:/data/ssl/cert.key brantje/passman
```
If you want a production-ready container, use the [Nextcloud Docker](https://hub.docker.com/_/nextcloud/) and install Passman as an app.## Development
* Passman uses a single `.js` file for templates which minimizes XHR template requests.
* CSS uses SASS, so Ruby and SASS must be installed.
* `templates.js` and the CSS are built with `grunt`.
* Watch for changes using `grunt watch`.
* Run unit tests — Install phpunit globally, setup environment variables in the `launch_phpunit.sh` script, and run the script. All arguments passed to `launch_phpunit.sh` are forwarded to phpunit.## Main developers
* Brantje
* Animalillo## Contributors
Add yours when creating a [pull request](https://help.github.com/articles/creating-a-pull-request/)!
* Newhinton
* [binsky](https://github.com/binsky08)
* [HolgerHees](https://github.com/HolgerHees)## FAQ
**Are you adding something to check if malicious code is executing on the browser?**
No, because malicious code can edit functions that check for malicious code.