-
Notifications
You must be signed in to change notification settings - Fork 40
Home
Password-Manager is an online, Keepass-like password manager. Password encryption and decryption are done locally in your web browser by JavaScript. The backend stores encrypted data and authentication metadata, but it should not receive your raw saved passwords.
The current stable version is v11.08. Since v11.08, Password-Manager is split into:
- a static frontend under
src/frontend - a PHP REST backend under
src/backend - the database initialization file
src/initial.sql
For production, deploy the frontend only to a place you trust to serve unchanged static files, such as a locked-down static web host, GitHub Pages, or Cloudflare Pages. Deploy the backend separately on a PHP + MySQL/MariaDB server over HTTPS.
- Install Password-Manager using Installation.
- Open the frontend URL in your browser.
- Sign up if signup is enabled by the administrator.
- Log in with your master username and password.
- Add your password entries.
Due to client-side encryption, if you forget the login password used to encrypt your data, there is no practical way to recover the data. Keep a safe record of your master password and create backups regularly.
Click Add Entry.
Required fields:
-
Account (Item): the name of the account or service. -
Password: the password for that account. Leave this empty to let Password-Manager generate a random password.
Optional fields depend on the configured customized fields. The default configuration includes fields such as URL, username, comment, and tags.
After an entry is created, it appears in the main table.
- Click the wrench icon to edit or delete the entry.
- Click the eye/details icon to see extra fields, attached files, and MFA/TOTP codes if configured.
- Use the copy icon to copy a password to the clipboard.
When adding or editing an entry, you can store an MFA/TOTP setup for that saved account. Paste an otpauth:// URI, paste a Base32 setup key, or upload a compatible QR code image.
This is for the account entry itself, for example a GitHub or Google account stored inside Password-Manager. It is different from the master account 2FA described below.
Password-Manager supports TOTP-based 2FA for the Password-Manager master account.
After logging in, go to:
Settings -> Turn on 2FA
Scan the QR code with an authenticator app and store the shown secret in a safe place. If you lose the authenticator device, the secret is needed to regain access or disable 2FA.
Go to:
Settings -> Change Password
The password-change operation runs in the browser and can take some time because it has to re-encrypt data. Use a reliable computer and do not close the browser tab while the change is running.
After changing the login password, generate a new backup. Old backups require the login password that was current when the backup was created.
CSV export is intentionally routed through the recovery flow.
Recommended flow:
- Log in.
- Go to
Settings -> Back Up. - Generate
backup.txt. - Open the recovery page from the login page.
- Unlock the backup using the login password that was active when the backup was generated.
- Export CSV from the recovery page.
CSV export does not include files or password history. For a full clone that can be imported into another Password-Manager instance, use RAW export from the recovery page.
Treat exported CSV and RAW files as sensitive plaintext-equivalent data.
Go to:
Settings -> Account Activity
This page shows login history and trusted devices. Use it to review failed logins and disable PIN login on devices you no longer trust.