PassWall Server is the core backend for open source password manager PassWall platform. Using this server, you can safely store your passwords and access them from anywhere.
I promise all the coffee you have ordered will be spent on this project
PassWall Server can be used with PassWall Desktop
- Pull passwall-server image from Docker Hub.
docker pull passwall/passwall-server
- Download the docker-compose.yml file and start the server with the following commands.
mkdir $HOME/passwall-server
cd $HOME/passwall-server
wget https://raw.githubusercontent.com/passwall/passwall-server/main/docker-compose.yml
docker-compose up -d
- Create a new user with passwall-cli.
docker exec -it passwall-server /app/passwall-cli
- Download and install any passwall client you want from paswall.io.
- Open your client and write http://localhost:3625 into the server url field. Login with your newly created user information.
API documentation available at Postman Public Directory
-
PassWall uses The Advanced Encryption Standard (AES) encryption algorithm with Galois/Counter Mode (GCM) symmetric-key cryptographic mode. Passwords encrypted with AES can only be decrypted with the passphrase defined in the config.yml file.
-
Endpoints are protected with security middlewares against attacks like XSS.
-
Against SQL injection, PassWall uses Gorm package to handle database queries which clears all queries.
-
There is rate limiter for signin attempts against brute force attacks.
These environment variables are accepted:
Server Variables:
- PORT
- PW_SERVER_USERNAME
- PW_SERVER_PASSWORD
- PW_SERVER_PASSPHRASE
- PW_SERVER_SECRET
- PW_SERVER_TIMEOUT
- PW_SERVER_GENERATED_PASSWORD_LENGTH
- PW_SERVER_ACCESS_TOKEN_EXPIRE_DURATION
- PW_SERVER_REFRESH_TOKEN_EXPIRE_DURATION
Database Variables
- PW_DB_NAME
- PW_DB_USERNAME
- PW_DB_PASSWORD
- PW_DB_HOST
- PW_DB_PORT
- PW_DB_LOG_MODE
-
Don't send too much commit at once. It will be easier for us to do a code review.
-
Be sure to take a look at the dev branch. The version I am working on is there.
-
First try to fix
// TODO:
s in the code. -
Then you can contribute to the development by following the mile stones.
-
Don't mess with the user interface. The design guide has not been released yet.