PassMan
Secure Local Password Manager
A secure, local-first password manager built with Rust that stores your passwords encrypted locally with military-grade encryption. Your data never leaves your device.
Project Screenshots
Click to enlarge
Click to enlarge
About the Project
PassMan is a secure, local-first password manager built with Rust that stores your passwords encrypted locally with military-grade encryption. Your data never leaves your device, ensuring complete privacy and security. š
#
- Local-First Storage: All data is stored locally on your device
- No Cloud Dependencies: Your data never leaves your device
- Memory Safety: Built with Rust for memory safety and performance
- Secure File Permissions: Vault files have restricted permissions (600)
#
- macOS: Native macOS application
- Linux: Native Linux application
- CLI Interface: Full command-line interface for power users
- Desktop GUI: Beautiful desktop application (coming soon)
#
- Vault Management: Encrypted vault files with secure storage
- Account Management: Store and organize multiple accounts
- Search & Filter: Quick search through your passwords
- Import/Export: Secure data migration capabilities
The project follows a modular architecture with three main components:
#
- Git
#
2. Build the project
3. Run the CLI
#
2. Add an account
3. List accounts
4. Generate a password
- Encryption: AES-GCM-256 for vault encryption
- Key Derivation: Argon2id with secure parameters
- Memory Safety: Sensitive data is zeroized after use
- File Permissions: Vault files have restricted permissions (600)
- No Network: No data is ever sent over the network
#
- [x] Backend library with core functionality
- [x] Data models and types
- [x] Encryption/decryption system
- [x] Password generation
- [x] Vault storage management
- [x] Authentication system
- [x] CLI tool with basic commands
#
- [ ] Cross-platform builds
- [ ] Comprehensive testing
- [ ] Documentation
#
- [ ] Browser extension
- [ ] Advanced features (2FA, etc.)
āØ Key Features
#
š Security & Privacy
- Military-Grade Encryption: AES-GCM-256 encryption with Argon2id key derivation- Local-First Storage: All data is stored locally on your device
- No Cloud Dependencies: Your data never leaves your device
- Memory Safety: Built with Rust for memory safety and performance
- Secure File Permissions: Vault files have restricted permissions (600)
#
š Cross-Platform Support
- Windows: Native Windows application- macOS: Native macOS application
- Linux: Native Linux application
- CLI Interface: Full command-line interface for power users
- Desktop GUI: Beautiful desktop application (coming soon)
#
š ļø Advanced Features
- Password Generation: Strong password generation with customizable options- Vault Management: Encrypted vault files with secure storage
- Account Management: Store and organize multiple accounts
- Search & Filter: Quick search through your passwords
- Import/Export: Secure data migration capabilities
šļø Architecture
The project follows a modular architecture with three main components:
āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā
ā Desktop GUI ā ā CLI Tool ā ā Backend Lib ā
ā (Tauri + ā ā (Rust) ā ā (Rust) ā
ā React/Next) ā ā ā ā ā
āāāāāāāāāāā¬āāāāāāāā āāāāāāāāāāā¬āāāāāāāā āāāāāāāāāāā¬āāāāāāāā
ā ā ā
āāāāāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāā
ā
āāāāāāāāāāāāāāā¼āāāāāāāāāāāāāā
ā Encrypted Vault ā
ā (Local JSON File) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāā
š Quick Start
#
Prerequisites
- Rust 1.70+ (install from [rustup.rs](https://rustup.rs/))- Git
#
Building from Source
1. Clone the repositorybash
git clone https://github.com/tarunjawla/passman.git
cd passman
2. Build the project
bash
cargo build --release
3. Run the CLI
bash
./target/release/passman --help
#
Using the CLI
1. Initialize a new vaultbash
passman init your-email@example.com
2. Add an account
bash
passman add "GitHub" --type social --url github.com --username user@example.com
3. List accounts
bash
passman list
4. Generate a password
bash
passman generate --length 16 --special --numbers
š Security Details
- Encryption: AES-GCM-256 for vault encryption
- Key Derivation: Argon2id with secure parameters
- Memory Safety: Sensitive data is zeroized after use
- File Permissions: Vault files have restricted permissions (600)
- No Network: No data is ever sent over the network
š¦ Project Structure
passman/
āāā backend/ # Core Rust library
ā āāā src/
ā ā āāā lib.rs # Public API
ā ā āāā models.rs # Data structures
ā ā āāā crypto.rs # Encryption/decryption
ā ā āāā storage.rs # Vault file management
ā ā āāā auth.rs # Authentication
ā ā āāā generator.rs # Password generation
ā ā āāā vault.rs # Main vault manager
ā āāā Cargo.toml
āāā cli/ # Command-line interface
ā āāā src/
ā ā āāā main.rs
ā āāā Cargo.toml
āāā desktop/ # Desktop GUI (Tauri)
ā āāā src-tauri/
āāā website/ # Marketing website
āāā Cargo.toml # Workspace configuration
š ļø Development Status
#
ā Completed (Phase 1)
- [x] Rust workspace setup- [x] Backend library with core functionality
- [x] Data models and types
- [x] Encryption/decryption system
- [x] Password generation
- [x] Vault storage management
- [x] Authentication system
- [x] CLI tool with basic commands
#
š§ In Progress
- [ ] Desktop GUI (Tauri + React)- [ ] Cross-platform builds
- [ ] Comprehensive testing
- [ ] Documentation
#
š Planned
- [ ] Mobile apps- [ ] Browser extension
- [ ] Advanced features (2FA, etc.)
Tech Stack
Frontend
TauriReactNext.jsTypeScriptTailwind CSS
Backend
RustAES-GCM-256Argon2idClap CLISerde JSON
Key Features
Local-First Storage - All data stored locally
Military-Grade Encryption - AES-GCM-256 with Argon2id
Cross-Platform Support - Windows, macOS, Linux
CLI Interface - Full command-line interface
Password Generation - Strong, customizable passwords
Secure Storage - Encrypted vault files
No Cloud Dependencies - Complete privacy
Memory Safety - Built with Rust