PocketKey is a simple React app using Pocketbase for it's backend, allowing you to manage your 2FA backup keys (or really any other simple text data you want to store secure) in a simple and comfortable UI.
Your 2FA and backup keys are often the last chance to restore your accounts. Storing this data in your password manager defeats their purpose and setting up an additional password manager for it seems overkill.
Features:
- All data is encrypted before send and stored in Pocketbase
- Each stored key can be encrypted with an additional per-key password.
- Wrong passwords will still show random data making brute force attacks harder.
- Multi-user solution utilizing Pocketbase authentication flow
By default the app will look on 127.1.1.1 for your Pocketbase instance. If you have it installed in a different location, you can follow the steps below to set a custom Pocketbase destination.
To store your keys in Pocketbase you must login and prepare the database for connection.
- Create a new collection called "backup_keys"
- The collection needs the following additional fields:
- title (string)
- encryptedContent (string)
- encryptedContentlv (string)
- encryptedContentSalt (string)
- user (string)
- title, encryptedContent, and user must be set to "Nonempty"
- Set the collection API Rules to
@request.auth.id = userfor View, Create, Update, and Delete
- Deploy the app on your webserver by:
- Build the app directly from source with
npx vite buildand upload the "dist" folder - Or upload the existing "dist" folder onto your webserver
- Build the app directly from source with
- Adjust the Pocketbase connection if needed (See "Configurate a custom Pocketbase instance")
- Go to the web interface of the app and log in with your Pocketbase account
- If the login fails check that your Pocketbase is up and running, on the same machine, or if it is on a different machine make sure you have configured the
pocketbase-config.jsoncorrect. - Once logged in you can start storing your 2FA and backup keys.
To configure the PocketBase connection with an instance that is NOT running on the same machine (127.1.1.1) simply follow these steps:
- Copy the example configuration file
pocketbase-config.example.jsoninside your deployment folder, next to theindex.html. - Rename it to
pocketbase-config.json - Edit the file and adjust the "url" parameter to reflect your Pocketbase instance IP:
{
"url": "http://your-pocketbase-server:80"
}- Deploy the application with the configuration file in place
- Check successful connection: If the login with your Pocketbase account works the connection was successful.
Important note: If you host Pocketbase on a different IP, make sure you create an .htaccess file next to the
index.htmlallowing for CORS from that different IP. Otherwise the application will fail with CORS warnings in the console!
This has been a quick and dirty weekend project since I got frustrated with how to store my backup keys in a decent manner. The app is certainly not perfect and I am happy for contributions.
That said, deploy at your own risk. Maybe only use it locally like I do. Technically everything should be encrypted correctly but it is always good to be careful with sensitive information.