Your own password service, run for free, by you, on GitHub.
Developers can test locally or remotely and should evaluate security claims.
Read this on your new fork, and enable GitHub Actions.
Then, set up GitHub Pages from "actions" and set your "github-pages" environment to run on any branch or tag.
Finally, publish a pre-release (any tag name you create is fine).
Refresh the latest release until you see a link. In 8 clicks, you'll have a GitHub App on your fork and an updated release. Choose a master password, and you'd have a new login link. Keep your login link and master password privately on each device.
The service runs from UTC 12:03
until UTC 2:13
. To change this, clone your fork and run pnpm timer
.
During installation, you and your workflow exchange OPRF keys. Then, you and your workflows share encrypted messages using a shared secret. To yield that secret, a login workflow runs a key exchange with its own pepper and the salt in your login link. Then, you have a one-off session key for authenticated encryption.
Afterwards, your passwords are always encrypted both with an Argon2 hash unknown to your workflows and with your shared secret for each login session.
To update or delete you passwords,
- You need your master password
- AND your personal login link
Reset your master password if you reveal it as well as your login link. Don't give others write access to your fork:
If they have write access to your fork, they can erase your data.
When re-running installation workflow, first:
- Delete your old app
- Create a new pre-release
- Remove PRODUCTION-LOGIN
- Then navigate to your Pages site
- In environment.csv, set
REMOTE
toyour_username/public-quiz
. - Open a terminal, and clone your forked repository:
YOU=your_username
REPO_URL=$YOU/public-quiz
git clone git@github.com:$REPO_URL.git
cd public-quiz
Install pnpm
, node 18
, and dependencies:
wget -qO- https://get.pnpm.io/install.sh | sh -
pnpm env use --global 18
pnpm install -g node-gyp
CXX=gcc pnpm install
Run pnpm test:config
to cache your GitHub username and password.
Then run pnpm test
to run all client-side tests.
Run pnpm test:ideas
to start making new tests.
Run pnpm dev clean
, then open localhost:8000
in a browser. To clean up after manual tests, delete your old development app and remove .env
. Ensure pnpm dev clean
or pnpm dev
is running to resume testing. To update expired local installation tokens, run bash develop.bash UPDATE
.