Command line password manager in Rust
Switch branches/tags
Nothing to show
Clone or download
Latest commit d436395 Dec 1, 2015
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib/tweetnacl tweetnacl stream header updated Oct 24, 2015
src Cleanup Nov 30, 2015
.gitignore gitignore updated Oct 11, 2015
Cargo.lock Cargo.lock update Nov 30, 2015
Cargo.toml Mlock fix after updating clib Nov 20, 2015
LICENSE License added Nov 30, 2015 Update Nov 30, 2015 bcrypt added Oct 12, 2015


Rustypass is a command line based password manager written in Rust. At this point, it is mainly a prototype done for fun.


  • Rustypass uses NaCl library for its crypto, specifically TweetNacl implementation which is included in the project.
  • The code is small and easily auditable, including all the crypto implementation (not rolling any new crypto here).
  • Database file contains:
    • DB version
    • Salt for Bcrypt
    • NaCl Secretbox structure serialized to bytes, encrypted with password derived from master password using Bcrypt.
  • Secretbox structure uses authenticated encryption (XSalsa20 + Poly1305) and contains database of entries serialized to JSON.
  • Passwords are stored in SecStr structure, which keeps them encrypted in the memory (= obfuscation).


First, you need to install Rust with Cargo, see the official page. Nightly build (tested on Nightly 1.6) is required, because Serde JSON serialization library uses some of the nightly features.

To compile and run the project, go to the project directory and run:

cargo build --release

Basic usage

  • rpass create <db_filename> - creates a new database
  • rpass open <db_filename> - opens up an existing database

Once you have your DB opened, you can add, copy or remove entries. To see all the available commands, type help.