This application allows complete password management for multiple types of services (web, ssh, phones, wifi, etc ...).
The data of each application is stored encrypted in the database.
The encryption of this data is done using the value of
APP_KEY
as salt, so it is very important not to regenerate this key or you will lose access to all registered applications.
Don't even think about installing this project in an environment without HTTPS protection
The main features are:
- User Management.
- Team management.
- Access to applications limited by teams.
- Multiple types of data records.
- Encryption in database.
- Authentication by certificate and double factor with Google Authenticator.
- Using certificate, you can to disable password auth.
- Logged every time a user accesses, consults or updates an application.
- Allows private or shared applications.
- Limited access by country.
- It has a chrome extension that connects via API and directly accesses the credentials of the web you are visiting.
- API Password control on every different IP.
This project has an extension for Google Chrome that you can download at https://github.com/eusonlito/Password-Manager-Chrome
- Apache2 (nginx does not support authentication with certificate limited to certain routes)
- PHP 8.0 or higher (php-curl php-imagick php-mbstring php-mysql php-zip)
- MySQL 8.0
- ImageMagick
If PHP 8 is not the default PHP version on your system you must use the binary prefix to exeucte composer
and artisan
, for example:
php8.0 /usr/local/bin/composer install --no-scripts --no-dev
php8.0 /usr/local/bin/composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi
php8.0 artisan key:generate
-
Create the database in MySQL.
-
Clone the repository.
git clone https://github.com/eusonlito/Password-Manager.git
- Install composer dependencies (remember that we always use the PHP 8.0 binary).
composer install --no-scripts --no-dev && composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi
- Configure the file
.env
with the necessary data.
cp .env.example .env
- Generate the application key. Remember to backup this key in a secure location (
.env
>APP_KEY
).
php artisan key:generate
- Regenerate the caches.
composer artisan-cache
- Launch the initial migration.
php artisan migrate
- Launch the seeder.
php artisan db:seed --class=Database\\Seeders\\Database
- Configure the cron task for the user related to the project:
* * * * * cd /var/www/password.domain.com && php artisan schedule:run >> storage/logs/artisan-schedule-run.log 2>&1
- Create the main user.
php artisan user:create --email=user@domain.com --name=Admin --password=StrongPassword2 --admin
-
Configure the server for web access with
DOCUMENT_ROOT
inpublic
. -
Profit!
The platform update can be done easily with the composer deploy
command executed by the user who manages that project (usually www-data
).
This command performs the following actions:
"git checkout .",
"git pull",
"@composer env-version --ansi",
"@composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi",
"@php artisan migrate --force --ansi",
"@php ./vendor/bin/php-cs-fixer fix --ansi --quiet",
"@php artisan maintenance:opcache:preload"
In order to authenticate with a certificate, we must add the following configuration in Apache's VirtualHost
:
<Location /user/profile/certificate>
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
<Location /user/auth/certificate>
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
SSLCACertificateFile /var/www/password.domain.com/resources/certificates/certificates.pem
The /user/profile/certificate
location allows obtaining the certificate identifier automatically from the user profile itself, and /user/auth/certificate
is the authentication path by certificate.
The OptRenegotiate
option allows Apache to independently renegotiate the connection per path, something that nginx does not support.
Create User:
php artisan user:create {--email=} {--name=} {--password=} {--admin} {--readonly} {--teams=}
User update:
php artisan user:update {--id=} {--email=} {--name=} {--password=} {--certificate=} {--tfa_enabled=} {--admin=} {- readonly=} {--enabled=} {--teams=}
I need help to improve english translations on this project.
Default locale files are located in resources/lang/es
and should be translated into resources/lang/en
.
Also, I need to translate the English Readme.
Thanks!