An online keepass-like tool to manage password. client-side AES encryption!
Clone or download
schams-net and BenjaminHae Pin footer to the bottom of the viewport (#231)
This CSS updates pins the footer as a fixed-height element to the bottom of
the viewport.
Latest commit 10fa542 Jan 13, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Pin footer to the bottom of the viewport (#231) Jan 13, 2019
.travis.yml Drop check for PHP5.5 Jul 25, 2018
LICENSE Edit LICENSE (#65) Jul 20, 2016 Update Oct 3, 2018
initial.sql added server side pbkdf2 Apr 8, 2017
mechanism.xmind update mechanism image Mar 15, 2016 Create Aug 9, 2015

Password Manager

Build Status Codacy Badge License Environment Environment
'master' branch is a dev-branch, please download stable version from Release to use it.


Supports are available here for versions greater than v9.13
Please note, Password-Manager only supports HTTPS

This demo is for test ONLY! Do NOT put your real password there.
You can access the database for this demo here, with login username p2663268ro and password 12345678


  1. Client side encryption. Server only keeps the encrypted strings.
  2. Customized fields support. You can add and delete fields for the password manager. You might want a URL field to keep login URL for all your accounts.
  3. PIN login. You don't need to input your long login password everytime. Instead, you can use a short PIN, in your trusted devices.
  4. Files support. You can attach files to accounts. Of course, files are encrypted in your browser before they are uploaded.
  5. Tags support and searching support. This makes it easier to manage lots of accounts.
  6. Import/Export as CSV file.
  7. Easy to backup and recovery.
  8. Authentication control. Account/IP will be blocked for too many failed attempts. After a short time of no action, you'll sign out automatically.
  9. Friendly UI.


See wiki

How to use

See wiki

Web Browser Plugin

Chrome: Chrome Web Store

Firefox: Add-on

GitHub Project: PwChromeExtension by Benjamin.


This password manager can generate and store random strong passwords for users. Passwords are generated on users' browsers and then encrypted using AES256 (CBC mode). Key for encryption is generated by PBKDF2 based on login password (Password_1)
PBKDF2 with SHA512 is used for user identification check. Raw password will be mapped to a pseudo password with a key related to Password_1 before applying AES256. The mapping algorithm is alphabet and position based.
Some part of information in Password_1 won't involve in calculations for identity check, So password_1 can't be obtained by enumerating password_0 (used for authentication).


You can read more information about implementation in wiki.


You can easily add E-mail verification, Google authentication... in your version of password manager. Put your implementation inside src/rest/check.php, which is used for login authentication.


Please read the guide first.

All contributors to this project must agree their work to be published under MIT license ONLY (see LICENSE file) before submitting a pull request.