GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ passwordcockpit β†’ Passwordcockpit

passwordcockpit / Passwordcockpit

Licence: bsd-3-clause
Passwordcockpit is a simple, free, open source, self hosted, web based password manager for teams. It is made in PHP, Javascript, MySQL and it run on a docker service. It allows users with any kind of device to safely store, share and retrieve passwords, certificates, files and much more.

Programming Languages

shell
77523 projects

Labels

dockermysqlwebopen-sourcedocker-imageopensourcewebappfreeresponsiveself-hostedrestfulpasswordpassword-managerpasswordsemberjsselfhostedpassword-vault

Projects that are alternatives of or similar to Passwordcockpit

Buttercup Core
🎩 The mighty NodeJS password vault
Stars: ✭ 340 (+900%)
Mutual labels:  password, password-manager, passwords, password-vault
Ownhealthrecord
This repository is about the OwnHealthRecord Application Web App
Stars: ✭ 162 (+376.47%)
Mutual labels:  self-hosted, selfhosted, mysql, webapp
Lesspass
πŸ”‘ stateless open source password manager
Stars: ✭ 4,879 (+14250%)
Mutual labels:  self-hosted, password, password-manager, passwords
keevault
Kee Vault is a password manager for your web browser. Password databases (Vaults) are encrypted using the KeePass storage format before being sent to a remote server for synchronisation across any modern device/browser
Stars: ✭ 57 (+67.65%)
Mutual labels:  password-manager, password, password-vault, passwords
Laracom
Laravel FREE E-Commerce Software
Stars: ✭ 1,570 (+4517.65%)
Mutual labels:  free, open-source, opensource
Avideo
Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP
Stars: ✭ 1,329 (+3808.82%)
Mutual labels:  free, open-source, opensource
Personal Management System
Your web application for managing personal data. <[email protected]>
Stars: ✭ 2,027 (+5861.76%)
Mutual labels:  self-hosted, selfhosted, free
Masterpassword
Project moved to https://gitlab.com/spectre.app
Stars: ✭ 1,122 (+3200%)
Mutual labels:  password-manager, passwords, password-vault
Waveline Server
Simple self-hosted music streaming server
Stars: ✭ 248 (+629.41%)
Mutual labels:  self-hosted, free, opensource
uptime-kuma
A fancy self-hosted monitoring tool
Stars: ✭ 27,425 (+80561.76%)
Mutual labels:  responsive, selfhosted, self-hosted
gpgpwd
Moved to GitLab
Stars: ✭ 22 (-35.29%)
Mutual labels:  password-manager, password, password-vault
web
Cloverleaf is a free, open source app to replace your password manager without storing your passwords anywhere.
Stars: ✭ 33 (-2.94%)
Mutual labels:  password-manager, self-hosted, password-vault
Startup Landing
Collection of free top of the line startup landing templates built using react/nextjs/gatsby. Free to download, simply edit and deploy! Updated weekly!
Stars: ✭ 176 (+417.65%)
Mutual labels:  opensource, webapp, responsive
Rooster
The simple password manager for geeks, built with Rust.
Stars: ✭ 106 (+211.76%)
Mutual labels:  password, password-manager, password-vault
Ultratabsaver
The open source Tab Manager Extension for Safari.
Stars: ✭ 178 (+423.53%)
Mutual labels:  free, open-source, opensource
Featherpasswordmanager
Highly portable extremely light-weight password manager that stores all your passwords in a local encrypted file.
Stars: ✭ 39 (+14.71%)
Mutual labels:  password, password-manager, passwords
password-list
Password lists with top passwords to optimize bruteforce attacks
Stars: ✭ 174 (+411.76%)
Mutual labels:  password-manager, password, passwords
Strongbox
A KeePass/Password Safe Client for iOS and OS X
Stars: ✭ 586 (+1623.53%)
Mutual labels:  password, password-manager, password-vault
Librehardwaremonitor
Libre Hardware Monitor, home of the fork of Open Hardware Monitor
Stars: ✭ 685 (+1914.71%)
Mutual labels:  free, open-source, opensource
Ethereum Development With Go Book
πŸ“– A little book on Ethereum Development with Go (golang)
Stars: ✭ 754 (+2117.65%)
Mutual labels:  free, open-source
View All Similar Projects βž”

Passwordcockpit logo

Passwordcockpit is a simple, free, open source, self hosted, web based password manager for teams. It is made in PHP, Javascript, MySQL and it run on a docker service. It allows users with any kind of device to safely store, share and retrieve passwords, certificates, files and much more.

GitHub license GitHub last release Docker pulls

Index

Usage

Installation is done with docker-compose. Please check out the official install instructions for more information.
Passwordcockpit docker images are provided within its Docker Hub organization.

To start, just copy docker-compose.yml to a folder and setup the configuration as shown in the "Available docker configurations" chapter. Finally run docker-compose up from terminal.

When the service is up, navigate to PASSWORDCOCKPIT_BASEHOST (e.g. https://passwordcockpit.com) and login.

The default username is admin. The system generate the default password: Admin123!, this can be overridden by specifying the PASSWORDCOCKPIT_ADMIN_PASSWORD variable.

Permissions

Global permissions

Each user can have following permissions:

⚫️ Nothing (a normal user)
πŸ‘₯ Create and manage users
πŸ“ Create folders
πŸ—„ Access to all directories
πŸ“Š Can view log

Folder permissions

Each folder has a list of associated users with their permissions:

⛔️ No access (A user cannot access a folder to which is not assigned)
πŸ‘ Read (A user can read the passwords from a folder to which he is associated)
✏️ Manage (The user can add, modify and delete passwords inside the folder)

Users can be associated to a folder even if they do not have permission from the parent folder.

Authentication

Authentication can be done with database stored password or LDAP.

LDAP

To use LDAP, users must exist in Passwordcockpit. The match of PASSWORDCOCKPIT_LDAP_ACCOUNTFILTERFORMAT is done with the username.

When LDAP is enabled it is no longer possible to modify the profile data, since they will be synchronized at each login.

Encryption

There are 3 levels of encryption:

  • Password PIN
  • SSL encryption for transfering data to the server
  • Database encryption for login informations, passwords and files.

Password PIN

A password can be crypted with a personal PIN in order to hide it from users with "Access to all directiories" permission and from users assigned to the same directory.

Available docker configurations

Container volume Description Example
/var/www/html/upload Contains passwords attached files. It is important to map for making data persistent. Access permissions of the host directory have to be the same as the user who runs docker. ./volumes/upload
/etc/ssl/certs/passwordcockpit.crt SSL certificate file for HTTPS, used to overwrite the self-signed auto generated file. IMPORTANT: specify read-only to avoid the overwrite of your certificate by the container certificate ./volumes/ssl_certificate/passwordcockpit.crt:/etc/ssl/certs/passwordcockpit.crt:ro
/etc/ssl/private/passwordcockpit.key SSL certificate key file for HTTPS, used to overwrite the self-signed auto generated file. IMPORTANT: specify read-only to avoid the overwrite of your certificate by the container certificate ./volumes/ssl_certificate/passwordcockpit.key:/etc/ssl/private/passwordcockpit.key:ro
Environment variable Description Example
PASSWORDCOCKPIT_DATABASE_USERNAME Username for the database username
PASSWORDCOCKPIT_DATABASE_PASSWORD Password for the database password
PASSWORDCOCKPIT_DATABASE_HOSTNAME Hostname of the database server mysql
PASSWORDCOCKPIT_DATABASE_DATABASE Name of the database passwordcockpit
PASSWORDCOCKPIT_BLOCK_CIPHER_KEY Key for passwords and files encryption. IMPORTANT: do not lose this key, without it you will not be able to decrypt passwords and files Q7EeZaHdMV7PMBGrNRre27MFXLEKqMAS
PASSWORDCOCKPIT_AUTHENTICATION_SECRET_KEY Key for encrypting JSON Web Tokens zfYKN7Z8XW8McgKaSD2uSNmQQ9dPmgTz
PASSWORDCOCKPIT_BASEHOST Base host of the Passwordcockpit service https://passwordcockpit.com
PASSWORDCOCKPIT_SWAGGER Enable swagger documentation, possible values: enable or disable. If enabled, documentation can be seen here: PASSWORDCOCKPIT_BASEHOST/swagger enable
PASSWORDCOCKPIT_SSL Enable SSL, possible values: enable or disable. If enabled the port 443 will be used, the system will generate a self-signed certificate that can be replaced with the one specified in the volumes configuration. If disabled the port 80 will be used. The two ports cannot be opened at the same time. enable
PASSWORDCOCKPIT_ADMIN_PASSWORD Admin password to log into passwordcockpit Password123!
PASSWORDCOCKPIT_AUTHENTICATION_TYPE Type of the authentication, possible values: ldap or password password
APACHE_RUN_USER For running the Apache variants as an arbitrary user. 1000
APACHE_RUN_GROUP For running the Apache variants as an arbitrary group. 1000
LDAP variables (only necessary if LDAP is enabled) Description Example
PASSWORDCOCKPIT_LDAP_HOST Hostname of the LDAP server ldap
PASSWORDCOCKPIT_LDAP_PORT Port of the LDAP server 389
PASSWORDCOCKPIT_LDAP_USERNAME Username for LDAP uid=name,cn=users,dc=passwordcockpit,dc=com
PASSWORDCOCKPIT_LDAP_PASSWORD Password for LDAP password
PASSWORDCOCKPIT_LDAP_BASEDN Base DN cn=users,dc=passwordcockpit,dc=com
PASSWORDCOCKPIT_LDAP_ACCOUNTFILTERFORMAT Filter to retrieve accounts, it match the username (&(memberOf=cn=group_name,cn=groups,dc=passwordcockpit,dc=com)(uid=%s))
PASSWORDCOCKPIT_LDAP_BINDREQUIRESDN Bind if DN is required, possible values: 'true' or 'false' 'true'

Available translations

Password cockpit is translated into:

  • English
  • Italiano
  • FranΓ§ais
  • Deutsch

Architecture and technologies

RESTful architecture diagram

The application itself follows the RESTful architecture.
To ease deployment into production, frontend and backend have been built and merged in a single docker image.

Frontend

The frontend is maintained on passwordcockpit/frontend. Frontend has been developed using Ember.js and Bootstrap.
The PIN password encryption is made with Stanford Javascritp Crypto Library, using AES-CCM.

Backend

The backend is maintained on passwordcockpit/backend.
The server side application logic is based on PHP Standard Recommendation (PSR) using Mezzio, Laminas Components and Doctrine.
HAL is used as a JSON specification to give a consistent and easy way to hyperlink between resources.
Login information are stored using Bcrypt.
Password entitites and files are crypted with laminas-crypt, using sha-256.
User sessions are handled with JWT tokens, encrypted with HS256.
All listed encryptions are customizable with a custom key, adding cryptographic salt to hashes to mitigate rainbow tables.
All API are documented with Swagger.

Database

Database uses mysql.

Security

To ensure the security to your Passwordcockpit instance:

  • Enable SSL (https) or put the service behind a reverseproxy with SSL.
  • Set your PASSWORDCOCKPIT_BLOCK_CIPHER_KEY and PASSWORDCOCKPIT_AUTHENTICATION_SECRET_KEY.
  • Set your PASSWORDCOCKPIT_ADMIN_PASSWORD.
  • Disable Swagger.

Vulnerabilities

If you find any vulnerability within the project, you are welcome to drop us a private message to: [email protected]. Thanks!

Contribute

Here you can find the steps to prepare the development environment.

Screenshots

Passwords manager

Password manager screenshot

Users manager

User manager screenshot

Mobile design

Mobile design screenshot

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].