A secure, modern password management application with client-side encryption.
- Client-Side Encryption: All sensitive data is encrypted in the browser before being sent to the server using XChaCha20-Poly1305 encryption
- Password Generation: Built-in secure password generator with customizable options
- Advanced Search & Filtering: Find passwords quickly with powerful search functionality
- Password Strength Analysis: Visual indicators of password strength
- Group View: Organize passwords by category, domain, or strength
- Responsive Design: Works on desktop, tablet, and mobile devices
- Secure Authentication: User authentication with encryption key derivation using Argon2id
- Next.js: React framework for server-rendered applications
- React: JavaScript library for building user interfaces
- Tailwind CSS: Utility-first CSS framework
- libsodium-wrappers: For client-side cryptography operations
- Express.js: Web application framework for Node.js
- MongoDB: NoSQL database
- JSON Web Tokens (JWT): For secure authentication
- bcrypt: For server-side password hashing
- Zero-Knowledge Architecture: Your master password never leaves your device
- Client-Side Encryption: All vault items are encrypted before being sent to the server
- Secure Key Derivation: Password-based key derivation using Argon2id
- No Plain-Text Storage: Passwords are never stored in plain text, even in memory
- XChaCha20-Poly1305: Modern authenticated encryption for all vault items
- Session Management: Secure session handling with automatic timeouts
- Node.js (v14+)
- MongoDB (v4.4+)
- npm or yarn
- Clone the repository
git clone https://github.com/Akcthecoder200/Password-Vault.git
cd Password-Vault- Install dependencies for both client and server
# Install server dependencies
cd server
npm install
# Install client dependencies
cd ../client
npm install-
Create environment files
- Create a
.envfile in the server directory with the following variables:
PORT=4000 MONGODB_URI=mongodb://localhost:27017/password-vault JWT_SECRET=your_jwt_secret_key_here JWT_EXPIRY=24h- Create a
.env.localfile in the client directory:
NEXT_PUBLIC_API_URL=http://localhost:4000/api - Create a
-
Start the application
# Start the server
cd server
npm run dev
# In a new terminal, start the client
cd client
npm run dev- Open your browser and navigate to
http://localhost:3000
- Create an account with a strong master password
- Your encryption key is derived from this password - make sure to remember it!
- Log in with your credentials to access your vault
- Click "Add New Password" on the dashboard
- Enter the website details, username, and password
- All data is encrypted in your browser before being stored
- Use the search bar to find specific passwords
- Filter by website, username, or other criteria
- Sort by various fields including most recently used
- Navigate to the Password Generator tool
- Customize length and character types
- Generate and copy secure passwords
# Run server tests
cd server
npm test
# Run client tests
cd client
npm test# Build the client
cd client
npm run build
# Start the production build
npm startIf you see "Encryption is not initialized" errors:
- Clear browser cache and session storage
- Log out and log back in
- Ensure you're using the same password you registered with
If the client cannot connect to the server:
- Verify the server is running
- Check that the
NEXT_PUBLIC_API_URLenvironment variable is correct - Look for CORS issues in the browser console
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- libsodium for encryption
- Tailwind CSS for styling
- Next.js for the React framework
- MongoDB for database