Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A password management app with support for sharing with groups.

This branch is 121 commits behind github-archive:master

Merge pull request #60 from soffes/master

Support MongoLab automatically
latest commit 318c58e173
@skalnik skalnik authored
Failed to load latest commit information.
app Refactor key handling
config MongoLab support
db
docs document the data format.
features Simplify setting of keypair in collection.
lib/tasks
log Houston, the bear is in the honeypot
public
script Remove phantomjs from script/bootstrap. Not the right place for it.
spec rsa controller should responds with text/plain
.env Document how to generate auth secrets
.evergreen Switch from capybara-webkit to poltergeist
.gitignore Add a boostrap
.rspec Houston, the bear is in the honeypot
.rvmrc Add .rvmrc
.travis.yml declare mongodb in services
CONTRIBUTING.md
Gemfile Switch from capybara-webkit to poltergeist
Gemfile.lock
Guardfile Remove routing specs from Guard
README.md Update README.md
Rakefile Setup travisci
config.ru Rename app classes

README.md

Swordfish Build Status

Swordfish is an experiment in builidng a group-optimized password management app. It is currently very alpha. Browse all the issues to see what features are planned.

mockup

Is it secure?

Storing passwords on a server might seem like filling a lake in Alaska with honey and expecting to keep bears out. I don't think it's like that. Why?

Even if an attacker gets access to your server or database, all secure items are encrypted client side. The server has no idea what it is storing and no way of decrypting it.

When you sign up, a RSA public/private keypair is generated in your browser. All sensitive data is encrypted with your private key, which is password-protected and never transferred to the server. No sensitive data is ever transmitted over the wire unless it is encrypted with secrets only available on the client.

Recommended Reading

Something went wrong with that request. Please try again.