This application allows complete password management for multiple types of services (web, ssh, phones, wifi, etc ...).
The data of each application is stored encrypted in the database.
The encryption of this data is done using the value of
APP_KEY
as salt, so it is very important not to regenerate this key or you will lose access to all registered applications.
Don't even think about installing this project in an environment without HTTPS protection
The main features are:
- User Management.
- Team management.
- Access to applications limited by teams.
- Multiple types of data records.
- Encryption in database.
- Authentication by certificate and double factor with Google Authenticator.
- Using certificate, you can to disable password auth.
- Logged every time a user accesses, consults or updates an application.
- Allows private or shared applications.
- Limited access by country.
- It has a chrome extension that connects via API and directly accesses the credentials of the web you are visiting.
- API Password control on every different IP.
This project has an extension for Google Chrome that you can download at https://github.com/eusonlito/Password-Manager-Chrome
- Apache2 (nginx does not support authentication with certificate limited to certain routes)
- PHP 8.1 or higher (php-curl php-imagick php-mbstring php-mysql php-zip)
- MySQL 8.0
- ImageMagick
If the default version of your server is lower than PHP 8.1 you must use the binary prefix to execute composer
and artisan
, for example:
php8.1 ./composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi
php8.1 artisan key:generate
-
Create the database in MySQL.
-
Clone the repository.
git clone https://github.com/eusonlito/Password-Manager.git
- Copy the
.env.example
file as.env
and fill in the necessary variables.
cp .env.example .env
- Install composer dependencies (remember that we always use the PHP 8.1 binary).
./composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi
- Generate the application key. Remember to backup this key in a secure location (
.env
>APP_KEY
).
php artisan key:generate
- Regenerate the caches.
./composer artisan-cache
- Launch the initial migration.
php artisan migrate
- Launch the seeder.
php artisan db:seed --class=Database\\Seeders\\Database
- Configure the cron task for the user related to the project:
* * * * * cd /var/www/password.domain.com && php artisan schedule:run >> storage/logs/artisan-schedule-run.log 2>&1
- Create the main user.
php artisan user:create [email protected] --name=Admin --password=StrongPassword2 --admin
-
Configure the server for web access with
DOCUMENT_ROOT
inpublic
. -
Profit!
The platform update can be done easily with the composer deploy
command executed by the user who manages that project (usually www-data
).
Currently only for testing (no certificate support).
- Clone the repository
git clone https://github.com/eusonlito/Password-Manager.git
- [OPTIONAL] Copy file
docker/.env.example
to.env
and configure your own settings
cp docker/.env.example .env
- [OPTIONAL] Copy file
docker/docker-compose.yml.example
todocker/docker-compose.yml
and configure your own settings
cp docker/docker-compose.yml.example docker/docker-compose.yml
- Build docker images (will ask for the sudo password)
./docker/build.sh
- Start containers (will ask for the sudo password)
./docker/run.sh
- Create the admin user (will ask for the sudo password)
./docker/user.sh
-
Open your web browser and goto http://localhost:8080
-
Remember to add a web server (apache2, nginx, etc...) as a proxy to add features as SSL.
- Update the project source
git pull
- Build docker images (will ask for the sudo password)
./docker/build.sh
- Start containers (will ask for the sudo password)
./docker/run.sh
- Open your web browser and goto http://localhost:8080
In order to authenticate with a certificate, we must add the following configuration in Apache's VirtualHost
:
<Location /user/profile/certificate>
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
<Location /user/auth/certificate>
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
SSLCACertificateFile /var/www/password.domain.com/resources/certificates/certificates.pem
The /user/profile/certificate
location allows obtaining the certificate identifier automatically from the user profile itself, and /user/auth/certificate
is the authentication path by certificate.
The OptRenegotiate
option allows Apache to independently renegotiate the connection per path, something that nginx does not support.
Create User:
php artisan user:create {--email=} {--name=} {--password=} {--admin} {--readonly} {--teams=}
User update:
php artisan user:update {--id=} {--email=} {--name=} {--password=} {--certificate=} {--tfa_enabled=} {--admin=} {- readonly=} {--enabled=} {--teams=}
I need help to improve english translations on this project.
Default locale files are located in resources/lang/es
and should be translated into resources/lang/en
.
Also, I need to translate the English Readme.
Thanks!