/Password-Manager

Self-hosted Password Manager based on Laravel 9 + PHP 8 + MySQL 8. Gestor de Contraseñas basado en Laravel 9 + PHP 8 + MySQL 8.

Primary LanguagePHPMIT LicenseMIT

Castellano

Password Manager

This application allows complete password management for multiple types of services (web, ssh, phones, wifi, etc ...).

The data of each application is stored encrypted in the database.

The encryption of this data is done using the value of APP_KEY as salt, so it is very important not to regenerate this key or you will lose access to all registered applications.

Don't even think about installing this project in an environment without HTTPS protection

The main features are:

  • User Management.
  • Team management.
  • Access to applications limited by teams.
  • Multiple types of data records.
  • Encryption in database.
  • Authentication by certificate and double factor with Google Authenticator.
  • Using certificate, you can to disable password auth.
  • Logged every time a user accesses, consults or updates an application.
  • Allows private or shared applications.
  • Limited access by country.
  • It has a chrome extension that connects via API and directly accesses the credentials of the web you are visiting.
  • API Password control on every different IP.

This project has an extension for Google Chrome that you can download at https://github.com/eusonlito/Password-Manager-Chrome

Requirements

  • Apache2 (nginx does not support authentication with certificate limited to certain routes)
  • PHP 8.0 or higher (php-curl php-imagick php-mbstring php-mysql php-zip)
  • MySQL 8.0
  • ImageMagick

If PHP 8 is not the default PHP version on your system you must use the binary prefix to exeucte composer and artisan, for example:

php8.0 /usr/local/bin/composer install --no-scripts --no-dev
php8.0 /usr/local/bin/composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi
php8.0 artisan key:generate

Installation

  1. Create the database in MySQL.

  2. Clone the repository.

git clone https://github.com/eusonlito/Password-Manager.git
  1. Install composer dependencies (remember that we always use the PHP 8.0 binary).
composer install --no-scripts --no-dev && composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi
  1. Configure the file .env with the necessary data.
cp .env.example .env
  1. Generate the application key. Remember to backup this key in a secure location (.env > APP_KEY).
php artisan key:generate
  1. Regenerate the caches.
composer artisan-cache
  1. Launch the initial migration.
php artisan migrate
  1. Launch the seeder.
php artisan db:seed --class=Database\\Seeders\\Database
  1. Configure the cron task for the user related to the project:
* * * * * cd /var/www/password.domain.com && php artisan schedule:run >> storage/logs/artisan-schedule-run.log 2>&1
  1. Create the main user.
php artisan user:create --email=user@domain.com --name=Admin --password=StrongPassword2 --admin
  1. Configure the server for web access with DOCUMENT_ROOT in public.

  2. Profit!

Update

The platform update can be done easily with the composer deploy command executed by the user who manages that project (usually www-data).

This command performs the following actions:

"git checkout .",
"git pull",
"@composer env-version --ansi",
"@composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi",
"@php artisan migrate --force --ansi",
"@php ./vendor/bin/php-cs-fixer fix --ansi --quiet",
"@php artisan maintenance:opcache:preload"

Certificate Authentication

In order to authenticate with a certificate, we must add the following configuration in Apache's VirtualHost:

<Location /user/profile/certificate>
        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>

<Location /user/auth/certificate>
        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>

SSLCACertificateFile /var/www/password.domain.com/resources/certificates/certificates.pem

The /user/profile/certificate location allows obtaining the certificate identifier automatically from the user profile itself, and /user/auth/certificate is the authentication path by certificate.

The OptRenegotiate option allows Apache to independently renegotiate the connection per path, something that nginx does not support.

Commands

Create User:

php artisan user:create {--email=} {--name=} {--password=} {--admin} {--readonly} {--teams=}

User update:

php artisan user:update {--id=} {--email=} {--name=} {--password=} {--certificate=} {--tfa_enabled=} {--admin=} {- readonly=} {--enabled=} {--teams=}

Help!

I need help to improve english translations on this project.

Default locale files are located in resources/lang/es and should be translated into resources/lang/en.

Also, I need to translate the English Readme.

Thanks!

Screenshots

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager

Password-Manager