A secure, collaborative, CLI-based password manager with end-to-end encryption.
PassMan is a modern command-line password manager built in Rust. It is designed for security-conscious users and teams who prefer terminal-based workflows. It features strong end-to-end encryption, multi-user collaboration capabilities, and comprehensive audit logging.
- 🔒 End-to-End Encryption: Uses Ed25519 for identity keys and AES-256-GCM for secret encryption.
- 👥 Team Collaboration: Native support for sharing secrets among multiple users via public key cryptography.
- 📝 Audit Logging: Tracks all changes (add, edit, delete, access) in an immutable changelog.
- 🪄 Interactive Wizards: Easy-to-use interactive prompts for adding and editing secrets.
- 📋 Clipboard Integration: Securely copy passwords to your clipboard with automatic clearing (TTL).
- 🔑 Password Generation: Built-in strong password generator with customizable complexity.
- 🤖 Automation Friendly: JSON output support for easy integration with scripts and other tools.
-
Initialize the Vault:
passman vault init
-
Add a Password:
passman add social/github --username myuser --email me@example.com # Or simply run interactive wizard: passman add social/github -
Get a Password:
passman get social/github
-
Copy Password to Clipboard:
passman clip social/github
Manage your cryptographic identity keys.
- Create a new key:
passman keys create <key-name>
- List keys:
passman keys list passman keys list --json
- Import a public key (for team members):
passman keys add <member-name> <path-to-public-key>
Manage the vault and its members.
- Initialize vault:
passman vault init
- Add a member to the vault:
passman vault add <member-name> <path-to-public-key>
- List vault members:
passman vault list passman vault list --json
CRUD operations for your secrets.
- Add a secret:
passman add <path> # Example: passman add servers/prod-db
- List secrets:
passman list passman list --json
- Read a secret:
passman get <path> passman get <path> --field password passman get <path> --field email
- Copy to Clipboard:
passman clip <path> passman clip <path> --field username passman clip <path> --ttl 30s
- Edit a secret:
passman edit <path>
- Delete a secret:
passman delete <path>
- Move/Rename a secret:
passman mv <old-path> <new-path>
- Generate a Password:
passman gen --length 20 --symbols
- View Changelog:
passman changelog passman changelog --json passman changelog --csv
- View Statistics:
passman stats passman stats --json
PassMan uses a configuration file to store user preferences.
- Location:
~/.passman/config.yaml - Purpose: Currently used to configure default settings for the password generator.
length: 16
include_digits: true
include_symbols: true
include_uppercase: true
no_ambiguous: falseYou can edit this file to change your default password generation preferences. CLI arguments (e.g., passman gen --length 20) will always override these settings.
PassMan allows multiple users to share a single vault.
- Alice initializes the vault and creates her key.
- Bob creates his key pair (
passman keys create bob) and sends his public key (bob.pub) to Alice. - Alice adds Bob to the vault:
passman vault add bob ./bob.pub
- Now, any secret Alice adds or edits will be encrypted for both Alice and Bob.
- Bob can sync the vault (e.g., via git) and decrypt secrets using his private key.
The project includes scripts to simulate usage scenarios.
- Single User Test:
./scripts/single_user.sh
- Multi-User Collaboration Test:
./scripts/multiple_users.sh
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.