A modern, secure password management application built with Electron and React, featuring strong encryption and a beautiful user interface.
- 🔐 Strong Encryption: All vaults are encrypted using AES-256-GCM with PBKDF2 key derivation
- 🏠 Multiple Vaults: Create and manage multiple password vaults
- 🎨 Modern UI: Beautiful dark theme with Material-UI components
- 🔒 Secure Storage: Passwords are never stored in plain text
- 📱 Cross-Platform: Works on Windows, macOS, and Linux
- 🔑 Password Generation: Built-in secure password generator
- 📋 Copy to Clipboard: Easy copying of usernames, passwords, and URLs
- 🔍 Search: Quick search through your password entries
- Zero-Knowledge Architecture: Your master password is never stored
- Strong Key Derivation: PBKDF2 with 100,000 iterations
- Authenticated Encryption: AES-256-GCM prevents tampering
- Secure Context: Runs in isolated Electron context with CSP
- Memory Protection: Sensitive data cleared from memory when possible
Grab the latest build for your platform from the Releases page. No need to clone the repo or install Node.
| OS | Download |
|---|---|
| macOS | .dmg (installer) or .zip (portable) |
| Windows | *-Setup.exe (installer) or portable .exe |
| Linux | .AppImage (portable) or .deb (Debian/Ubuntu) |
Unsigned builds. The app is not yet code-signed, so your OS will warn that the developer is unidentified. This is expected:
- macOS: right-click the app → Open → Open (only needed the first time). Or run
xattr -dr com.apple.quarantine "/Applications/Secure Password Manager.app".- Windows: on the SmartScreen prompt click More info → Run anyway.
- Linux (AppImage):
chmod +x Secure*.AppImagethen run it.
Option A — standalone binary (no Node required). Download the file for your platform from the Releases page, then:
# macOS / Linux
chmod +x vault-macos-arm64 # or vault-linux-x64, etc.
sudo mv vault-macos-arm64 /usr/local/bin/vault
vault info# Windows: rename vault-windows-x64.exe to vault.exe and add its folder to PATH
vault infoOn macOS the binary is also unsigned — if it's blocked, run
xattr -d com.apple.quarantine vault once.
Option B — via npm (requires Node.js 20.10+):
npm install -g @benzid.wael/secure-vault
vault infoThe CLI and the desktop app share the same encrypted vaults on disk.
- Node.js 20.10.0 or higher
- npm 9.0.0 or higher
- Git
-
Clone the repository:
git clone https://github.com/benzid-wael/secure-vault.git cd secure-vault -
Install dependencies:
npm install
See docs/RELEASING.md for how releases are built and published.
To run the application in development mode with hot-reload:
# Start both renderer and main processes in development mode
npm run dev:electron
# Or start them separately in different terminals
# Terminal 1 - Start React development server
npm run dev:renderer
# Terminal 2 - Start Electron main process
npm run dev:mainCreate an unoptimized development build:
npm run build:allCreate an optimized production build:
# Build both renderer and main processes
npm run build:all
# Verify the build
npm run verify-buildPackage the application for distribution:
# Package for current platform
npm run package
# Package for specific platforms
npm run package:mac # macOS
npm run package:win # Windows
npm run package:linux # LinuxTo run the production build:
# Build the application first
npm run build:all
# Then run the production build
npm run start:prod- Launch the application
- You'll see the vault selector with a default vault
- The default vault password is
changeme123(change this immediately for security) - Or create a new vault with a strong master password
- Click "Create New Vault" from the main screen
- Enter a unique vault name
- Create a strong master password (the app will show password strength)
- Confirm your password
- Click "Create Vault"
- Unlock your vault
- Click the "+" floating action button
- Fill in the password details:
- Title (required)
- Username/Email (required)
- Password (required) - use the generate button for strong passwords
- URL (optional)
- Notes (optional)
- Click "Add"
- Search: Use the search bar to quickly find passwords
- Copy: Click the copy icon next to any field to copy it to clipboard
- View: Click the eye icon to show/hide passwords
- Edit: Click the menu (⋮) and select "Edit"
- Delete: Click the menu (⋮) and select "Delete"
- Use a Strong Master Password: Your master password should be long, unique, and memorable
- Regular Backups: Export your vault data regularly (feature coming soon)
- Keep Software Updated: Always use the latest version
- Secure Your Device: Use device encryption and lock screens
- Don't Share Master Passwords: Each user should have their own vault
secure-password-manager/
├── public/
│ ├── electron.js # Electron main process
│ ├── preload.js # Secure IPC bridge
│ └── index.html # HTML template
├── src/
│ ├── components/ # React components
│ │ ├── VaultSelector.js
│ │ ├── VaultLogin.js
│ │ ├── CreateVault.js
│ │ └── PasswordManager.js
│ ├── App.js # Main React app
│ └── index.js # React entry point
└── package.json # Dependencies and scripts
- Algorithm: AES-256-GCM (Galois/Counter Mode)
- Key Derivation: PBKDF2 with SHA-512, 100,000 iterations
- Salt: 32-byte random salt per vault
- Authentication: Built-in authentication tag prevents tampering
- Vaults are stored in the user's application data directory
- Each vault is a separate encrypted JSON file
- No sensitive data is stored in plain text
- Electron main process handles all file operations
- Renderer process has no direct file system access
- Context isolation prevents code injection
- Content Security Policy (CSP) prevents XSS attacks
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
If you encounter any issues or have questions, please open an issue on the GitHub repository.