mitchell
/
selfpass
mirror of https://github.com/mitchell/selfpass.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
A self-hosted, single-user password manager. Deployable locally and to popular cloud platforms.
70 Commits 1 Branch 0 Tags 489 KiB
Go 48.6%
Dart 44.7%
Ruby 2.7%
Makefile 1.7%
HCL 1.3%
Other 1%
Go to file
mitchell 24d9d299ca Add terraform configuration; 
Modify docker-stack to configure secrets and volumes itself
 		2020-02-17 00:49:04 -05:00
client Update flutter related files after flutter upgrade 2020-02-15 17:58:33 -05:00
protobuf Add 'protobuf/' from commit '0d44cc4ab99f5c02ed865ebd0423777f375c5032' 2019-07-10 22:34:29 -04:00
services Add terraform configuration; 2020-02-17 00:49:04 -05:00
sp Auto-select sole credential for source 2019-09-17 02:19:40 -04:00
terraform Add terraform configuration; 2020-02-17 00:49:04 -05:00
.gitignore Add terraform configuration; 2020-02-17 00:49:04 -05:00
LICENSE Add README.md and LICENSE 2019-06-02 15:34:45 -07:00
README.md Swap main database to bolt; refactor sp list sorting 2019-07-22 20:24:00 -04:00

README.md

selfpass

This is the project home of selfpass, the self-hosted password manager. This project is a single-user password manager capable of encrypting/decrypting credentials and storing them remotely through encrypted transportation. All of which is deployable locally or to popular cloud platforms such as GCP and AWS.

It is still currently in development. However, the server is already capable of serving a gRPC based API using mutual TLS encryption, backed by BoltDB. It is also capable of being deployed in a semi-automated fashion locally and to GCP thanks to Docker.

Server Roadmap

Goal Progress Comment
Support credentials CRUD on gRPC API. 100%
Enable server-side mutual TLS, using cfssl. 100%
Deployable on Docker. 100%
Automatically deployable to GCP using docker-machine and Terraform. 50% TODO: Terraform
Automatically deployable to AWS using docker-machine and Terraform. 0%

sp CLI

In addition to the server there is sp, which is a fully fledged selfpass client capable of interacting with the whole selfpass API and creating AES-CBC encrypted credentials using a private key and master password. All of which is done using mutual TLS and an AES-GCM encrypted config.

CLI Roadmap

Goal Progress Comment
Support mutual TLS. 100%
Support credentials CRUD via gRPC. 100%
Support storage of certs, PK, and host in AES-GCM encrypted config. 100%
Support AES-CBC encryption of passes and OTP secrets, using MP and PK. 100%
Support AES-GCM encryption of local files, using MP and PK. 100%

Client

The newest addition to the selfpass project is the client built using Flutter, which makes it capable of targeting to iOS, Android, and Desktop. It supports all the same features as the CLI tool using GUIs, with all the same safety and encryption as the CLI.

Goal Progress Comment
Support mutual TLS. 100%
Support credentials CRUD via gRPC. 25% TODO: CUD
Support storage of certs, PK, and host in shared preferences, encrypted. 100%
Support AES-CBC encryption of passes and OTP secrets, using MP and PK. 100%

Other Info

Unplanned Goals

  • Sensitive financial info support.
  • Miscellaneous text/file encryption and storage support.
  • Vault separation.

Architectural 3rd-party Technologies in Use (and where)

  • Golang: services, sp, & protobuf
  • Dart: client & protobuf
  • Flutter: client
  • Go-Kit: services
  • gRPC/Protobuf: all
  • Cobra Commander & Viper Config: sp
  • BoltDB/Redis: services
  • Docker: services
  • Debian: docker images & machines