Stash is a graphical password and secret storage and management tool designed for collaboration, security and ease-of-use.
It features full end-to-end encryption and does not require a server component, giving you full control over who is able to access your secrets.
Stash will always be fully open-source without any subscriptions, "premium" features or hidden gotchas. You are free to use Stash in any environment, including commercially, as long as you respect the GPL license.
- Desktop application for Windows/Linux/Mac
- Asymmetric end-to-end encryption using RSA and AES256
- No server component required, secrets are stored and versioned by a simple git repository
- Stores login credentials or any type of secret files
- Fully featured user and access rights management
- Git-based data integrity protection and audit log
- Batteries included: No external tools, complex setup or command line usage required
For Debian or Ubuntu, add our Bintray repository to your sources, then install the package:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 379CE192D401AB61 echo "deb https://dl.bintray.com/doccrazy/deb stable main" | sudo tee -a /etc/apt/sources.list sudo apt update && sudo apt install stash-electron
Official Arch Linux packages are available in AUR named
Stash requires a git repository to store its data. It is highly recommended to use a private, password-protected repository. All data is encrypted, the server owner will never get access to your secrets. Some free choices:
- Bitbucket.org, free private repository for up to 5 users
- Perforce Helix TeamHub, free private repository for up to 5 users
- GitLab.com, unlimited free private repositories
- Self-hosted: Run
git init --bareon any accessible server
After creating the git repo, run Stash and navigate to the Settings page.
- Clone your repository to an empty folder by clicking Add, then selecting the Clone option.
- Configure your private key by clicking the highlighted Account status icon in the top right corner. You may either load an existing private key (e.g. SSH key, all formats incl. Putty supported), or generate a new key by clicking the button. You should always password-protect your private key.
⚠️Your private key is your access pass to your secrets. If you lose your key, you lose access to all your secrets, and there is no way of recovery. So keep your key safe and secure, back it up and never share it with anyone!
- Add yourself to the list of known users on the Users page (add user -> use my key). All users and public keys must be known to Stash. Do not forget to save your changes.
- Open the Browser page and initialize the repository permissions by authorizing yourself on the root folder: Right-click on the root folder, select Permissions, toggle your user and confirm with Save.
- Your repository is now fully set up and ready for you to start creating folders and secrets!
- Every change you make automatically creates a git commit. Use the flashing icon in the top right to push/share your changes.
Stash is a Node.js/React application running on Electron. To start development, you will need a recent Node.js/npm installation.
First, clone the repo via git:
git clone https://github.com/Doccrazy/stash-electron.git stash-electron
And then install dependencies with npm.
cd stash-electron npm install
Start the app in the
dev environment. This starts the renderer process in hot-module-replacement mode and starts a webpack dev server that sends hot updates to the renderer process:
npm run dev
To package apps for the local platform:
npm run package
To package apps for all platforms:
First, refer to Multi Platform Build for dependencies.
npm run package all
Versioning is done automatically based on git tags and commits. You should never have to set the version in
package.json manually. Every git commit on master publishes a snapshot release to bintray.
To create a final release, follow these steps to ensure the release is published correctly:
- Follow the guidelines of (Semantic Versioning)[https://semver.org/] to determine a version number.
CHANGELOG.mdis complete, then update the release date and version and push the changes.
- Wait for the Travis build to complete and publish a snapshot.
- Perform any necessary tests on the snapshot version.
- Draft a new Github release, using
vx.y.zas the tag name and
x.y.zas the release name.
- After Travis has uploaded the files, copy the notes from
CHANGELOG.mdand publish the release.
GPLv3 © M. Piepkorn