Welcome to Passman Next, a full-featured password manager, based on Passman, running in your Nextcloud.
This is a hobby project to counteract the stagnating development of the official Passman app.
Passman is stable and has been maintained and patched by me for many years. The Passman Next fork is designed to deliver updates faster and introduce new features more quickly.
Visit the “Passman General Talk” Telegram Group to participate in all sorts of topical discussions about Passman and its apps!
Screenshots
For more screenshots: Click here
- Multiple vaults
- Vault keys are never sent to the server
- 256-bit AES-encrypted credentials (see security)
- User-defined custom credentials fields
- Built-in OTP (One Time Password) generator
- Password analyzer
- Securely share passwords internally and via link
- Import from various password managers:
- KeePass
- LastPass
- DashLane
- ZOHO
- Clipperz.is
- EnPass
- ocPasswords
Try a Passman demo here.
- New Firefox and Chrome browser extension
- see project repo
- Android app
- Passman Svelte, a new standalone Passman web client
- Legacy Passman Nextcloud app
| Supported | Tested | Untested | |
|---|---|---|---|
| SQL Lite | • | ||
| MySQL / MariaDB | • | ||
| pgsql | • |
Passman can generate passwords and measure their strength using zxcvbn.
Generate passwords as you like
sjcl randomization.
All passwords are encrypted client side with sjcl using 256-bit AES. You supply a vault key which sjcl uses to encrypt your credentials. Your encrypted credentials are then sent to the server and encrypted yet again using the following routine:
- A key is generated using
passwordsaltandsecretfrom config.php (so back those up). - The key is stretched using Password-Based Key Derivation Function 2 (PBKDF2).
- Encrypt-then-MAC (EtM) is used to ensure encrypted data authenticity.
- Uses openssl with the
aes-256-cbccipher. - Initialization vector (IV) is hidden.
- Double Hash-based Message Authentication Code (HMAC) is applied for source data verification.
Passman allows users to share passwords. (Administrators may disable this feature.)
Passman offers a developer API.
Passman Next as well as the companion apps are open source, but we’ll gladly accept a beer or pizza! Please consider donating:
If you have any code improvements:
- Clone the repo
- Make your edits
- Add your name to the contributors
- Send a PR
Or, if you’re feeling lazy, create an issue, and we’ll think about it.
To run Passman with Docker, use our test Docker image. Supply your own self-signed SSL certs or use Let’s Encrypt. Please note: The Docker image is for testing only as database user / password are hardcoded.
If you’d like to spice up our Passman Docker image into a full-fledged, production-ready install, you’re welcome to do so. Please note:
- Port 80 and 443 are used
- SSL is enabled (or disabled if no certs are found)
- Container startup time must be less than 15 seconds
Example:
docker run -p 8080:80 -p 8443:443 -v /directory/cert.pem:/data/ssl/cert.pem -v /directory/cert.key:/data/ssl/cert.key brantje/passman
If you want a production-ready container, use the Nextcloud Docker and install Passman as an app.
- Passman uses a single
.jsfile for templates which minimizes XHR template requests. - CSS uses SASS, so Ruby and SASS must be installed.
templates.jsand the CSS are built withgrunt.- Watch for changes using
grunt watch. - Run unit tests — Install phpunit globally, setup environment variables in the
launch_phpunit.shscript, and run the script. All arguments passed tolaunch_phpunit.share forwarded to phpunit.
- binsky
- Brantje
- Animalillo
Add yours when creating a pull request!
- Newhinton
- HolgerHees
Are you adding something to check if malicious code is executing on the browser? No, because malicious code can edit functions that check for malicious code.