No description or website provided.
Clone or download
Permalink
Failed to load latest commit information.
.tx Fix tx config Feb 12, 2018
appinfo Bump max version Apr 1, 2018
controller Reprase string. Ref #396 Nov 7, 2017
css Small css fixes Oct 29, 2017
docs Add docs about requesting vaults / credentials Jan 12, 2017
img Replace png with svg Oct 29, 2017
js Fix disabled edit save button after 2 different password entered. Fixes Oct 30, 2017
l10n [tx-robot] updated from transifex Sep 26, 2018
lib Make use of icon groups Oct 29, 2017
middleware Check HTTP_ORIGIN using isset Jan 19, 2017
migration Fixes Jan 11, 2017
sass Small css fixes Oct 29, 2017
templates Merge branch 'fix#451' of https://github.com/AK04/passman into AK04-f… Apr 1, 2018
tests Add icon service Aug 6, 2017
.dockerignore Added dockerfile Oct 19, 2016
.drone.yml Update drone config Jul 28, 2017
.drone.yml.sig Signed yaml file Jul 28, 2017
.gitignore Update ignore file Dec 21, 2016
.jshintrc Add JSHint, solve all problems Oct 7, 2016
.scrutinizer.yml Fix loading vault if it's already open. Ref #263 Oct 29, 2017
.travis.yml Update NodeJS Oct 29, 2017
AUTHORS.md Initial commit Sep 9, 2016
CHANGELOG.md This fixes the decryption error happening when auto login is enabled … Dec 28, 2016
CNAME Create CNAME Feb 5, 2017
CONTRIBUTING.md add link to nextcloud server wiki on how to sign commits Oct 29, 2017
COPYING Initial commit Sep 9, 2016
Dockerfile Fixes error #379, try2, removed cowsay comment to prevent error in ne… Nov 4, 2017
Gruntfile.js Fix font awesome not found. (Fixes #286) May 6, 2017
ISSUE_TEMPLATE.md Update Mar 16, 2017
LICENSE Initial commit Sep 7, 2016
Makefile Initial commit Sep 9, 2016
README.md Fix Nov 7, 2017
composer.json Add icons to credentials Oct 29, 2017
karma.conf.js Update karma config Aug 5, 2017
launch_phpunit.sh.sample PHPUnit fixes for custom locations May 7, 2017
package.json Lock jasmine core version Jul 30, 2017
personal.php Update personal.php Feb 21, 2018
phpunit.integration.xml Update phpunit Jul 1, 2017
phpunit.xml Update phpunit Jul 1, 2017
swagger.yaml Top level typos Jan 6, 2017

README.md

Passman

Passman is a full featured password manager.

Build Status Docker Automated buid Codacy Badge Codacy Badge Scrutinizer Code Quality

Contents

Screenshots

Logged in to vault

Credential selected

Edit credential

Password tool

For more screenshots: Click here

Features:

  • Vaults
  • Vault key is never sent to the server
  • Credentials are stored with 256 bit AES (see security)
  • Ability to add custom fields to credentials
  • Built-in OTP(One Time Password) generator
  • Password analyzer
  • Share passwords internally and via link in a secure manner.
  • Import from various password managers:
    • KeePass
    • LastPass
    • DashLane
    • ZOHO
    • Clipperz.is
    • EnPass
    • ocPasswords

For a demo of this app visit https://demo.passman.cc

Tested on

  • NextCloud 10 / 11
  • ownCloud 9.1+

External apps

Supported databases

  • SQL Lite*
  • MySQL / MariaDB*

*Tested on travis

Untested databases:

  • pgsql

Security

Password generation

Passman features a build in password generator. Not it only generates passwords, but it also measures their strength using zxcvbn.

Generate passwords as you like

Passwords are generated using the random functions from sjcl.

Storing credentials

All passwords are encrypted client side using sjcl which uses AES-256 bit. Users supply a vault key which is feed into sjcl as encryption key. After the credentials are encrypted they are send to the server, there they will be encrypted again. This time using the following routine:

Sharing credentials.

Passman allows users to share passwords (this can be turned off by an administrator).

API

For developers Passman offers an api.

Support Passman

Passman is open source, and we would gladly accept a beer (or pizza!)
Please consider donating

Code reviews

If you have any improvements regarding our code. Please do the following

  • Clone us
  • Make your edits
  • Add your name to the contributors
  • Send a PR

Or if you're feeling lazy, create an issue, and we'll think about it.

Docker

To run Passman with Docker you can use our test docker image. You have to supply your own SSL certs, self signed or Let's encrypt it doesn't matter.
Please note that the docker is only for testing purposes, as database user / password are hardcoded.

If you like to spiece up our docker image and make it a full fledged secure, production ready install, you're welcome to do so.
Please note that:

  • Port 80 and 443 are used
  • SSL is enabled (or disabled if certs not found)
  • Startup time of container must be less than 15 seconds

Example:

docker run -p 8080:80 -p 8443:443 -v /directory/cert.pem:/data/ssl/cert.pem -v /directory/cert.key:/data/ssl/cert.key brantje/passman

If you want a production ready container you can use the Nextcloud docker, and install passman as an app.

Development

Passman uses a single .js file for the templates. This gives the benefit that we don't need to request every template with XHR.
For CSS we use SASS so you need ruby and sass installed.
templates.js and the CSS are built with grunt. To watch for changes use grunt watch To run the unit tests install phpunit globally, and setup the environment variables on the launch_phpunit.sh script then just run that script, any arguments passed to this script will be forwarded to phpunit.

Main developers

  • Brantje
  • Animalillo

Contributors

Add yours when creating a pull request!

  • None

FAQ

Are you adding something to check if malicious code is executing on the browser?
No, because malicious code could edit the functions that check for malicious code.