Password Generator + Secure Vault (MVP)

A minimal, fast, privacy-first password generator and encrypted vault.

Tech

• Next.js (App Router) + TypeScript + Tailwind CSS
• NextAuth (credentials)
• MongoDB (Mongoose)
• Client-side crypto: Web Crypto API (AES-GCM) + PBKDF2

Features

• Strong password generator (length slider, toggles, exclude look-alikes)
• Email/password auth
• Encrypted vault items (title, username, password, URL, notes) stored as a single ciphertext blob
• Client-side encryption — server never sees plaintext
• Copy to clipboard with auto-clear (~15s)
• Basic search

Crypto choice

AES-GCM for authenticated encryption, with keys derived via PBKDF2 (SHA-256, 256-bit AES key, high iteration count). Uses Web Crypto API in the browser so secrets never leave the client.

Getting started

1. Create .env.local in project root:

MONGODB_URI=mongodb+srv://USER:PASS@HOST/DB
NEXTAUTH_SECRET=some-long-random-string
NEXTAUTH_URL=http://localhost:3000

2. Install and run:

npm install
npm run dev

3. Visit http://localhost:3000.
   • Sign up at /signup.
   • Use the generator at /.
   • Open your vault at /vault.

Notes

• On signup, a per-user cryptoSalt is generated. Your vault unlocks client-side using a master password via PBKDF2, and items are encrypted as one JSON blob with AES-GCM. Only ciphertext and IV are stored in MongoDB.
• Clipboard clears itself by overwriting with an empty string after ~15s (may be limited by browser permissions).

Deploy

• Works well on Vercel + MongoDB Atlas. Ensure env vars are configured.

License

MIT