Skip to content
/ vault Public

An open source multi-platform password manager, written in Rust.

rustyvault.com/

License

GPL-3.0 license
12 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dominikwilkowski/vault

BranchesTags

Repository files navigation

Vault logo
rustyvault.com

Vault

Discover this open source multi-platform password manager, crafted in Rust for top performance. It stays on your computer, featuring a heavily encrypted database that's easily accessible and boasts a user-friendly interface.

General

  • All edits and changes are non-destructive on secret fields
  • On first start the app generates a vault_config.toml file and asks you to pick a password
  • Once a password has been chosen the app creates a vault_db.toml file
  • Both files are saved by default in your app config folder determined by dirs and a sub folder called rusty-vault
  • The location of the vault_db.toml file can be changed in settings later (a change won't move the file but create a new file in the new location, the old file will persist in-line with our non-destructive policy)
  • The framework we use to render the GUI is floem

Encryption

We generate a new salt for each new password, using OsRng and then take the password + salt and hash it with argon2. We then use that hash to encrypt our database with aes-gcm-siv, a pure rust implementation of the AES-GCM-SIV (Misuse-Resistant Authenticated Encryption Cipher) (RFC 8452) cypher. The nonce is also generated with the same library and prepended to the cypher string before we base64 it and save it into the vault_db.toml file.

On lock we make sure we zeroize all fields.

How to run

The project comes with a dummy database to make testing easier with real data. To make sure you use that db over the system config db that would otherwise be installed automatically on the first run, run the app with the environment variable DEBUG set.

λ DEBUG=true cargo run

This will also allow you to run the database unencrypted which is not possible in "normal" mode.

Clearing memory when locked

We verify that the memory is clean when locked by running the below commands and looking at the output.

λ DEBUG=true cargo run
λ ps -e|grep vault
λ lldb --attach-pid <pip>
(lldb) process save-core <path>
(lldb) exit
λ cat <path> | strings | grep totally_secure_password

How to contribute

Make sure you run the following commands before sending us a PR:

λ cargo fmt -- -l
λ cargo clippy

Make sure you address clippy warnings as it will fail CI. It's ok to ignore clippy warnings where appropriate.

License

Copyleft (c) 2023 Licensed under the GNU GPL-3.0-or-later.

About

An open source multi-platform password manager, written in Rust.

rustyvault.com/

Topics

rust gui password-manager gui-application rust-lang

Resources

Readme

License

GPL-3.0 license

Security policy

Security policy
Activity

Stars

12 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases 4

v1.0.0-beta4 Latest
May 30, 2024
+ 3 releases

Contributors 4

  •  
  •  
  •  
  •  

Languages