PHPCredLocker is a secure web-based repository for credentials. Intended for teams who need to share credentials, the system aims to store all content securely
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


See for documentation.

Copyright (C) 2012 B Tasker Released under GNU Affero GPL V3 - - All rights not explicitly permitted by the license are reserved

(Version 1 was released under GNU GPL V2, later versions are only available under the AGPL)

I'm not an interface designer, so the template is very rough around the edges. It's designed to support custom templates though so you can skin and brand as you see fit.

Passwords are encrypted with either OpenSSL or MCrypt (depending what you have available). The system is intended for use over a https connection, though steps have been taken to help reduce the likelihood of credential compromise over a http connection. Still it's STRONGLY recommended that connections be made over https to ensure that all credentials are protected in transit.

You can view a demo at including all developed plugins.

Issue Tracking

The project is managed within a private JIRA instance, however a HTML mirror of issues/features is maintained at

If you think you've found a bug, or want to ask a question, send an email to phpcredlocker AT

Why the AGPL?

As a rule, I release most software under the GNU GPL V2 (or sometimes 3), PHPCredlocker is different however.

Given the intended use-case of CredLocker, it's not the operator who is 'at risk'. It's those who own the systems/sites that the stored credentials allow access to. Therefore, it's only right that they at least be given opportunity to inspect the source of the system holding their credentials.

The AGPL works in exactly the same way as the GPL, but with an additional caveat - If you're running CredLocker as a web service, the users must be able to download a copy of the source.