Skip to content

bradybridges/password-manager

Repository files navigation

Password Manager

A local, encrypted desktop password manager built with Python and tkinter. Credentials are stored entirely on your machine — no cloud sync, no accounts, no network requests.

Features

  • Multiple vaults — create and manage as many named vaults as you need, each with its own master password
  • Credential fields — title, username, password, URL, and notes (with scrolling support for long entries)
  • Strong encryption — AES-256 via Fernet, key derived with PBKDF2-HMAC-SHA256 at 600,000 iterations
  • Password show/hide toggle and one-click copy to clipboard
  • Change master password — re-encrypts the vault with a fresh salt
  • Delete vault — permanently removes a vault and all its entries
  • Import/export — back up or transfer vaults as portable .vault files via File > Export Vault / File > Import Vault
  • Wayland clipboard support — on Linux/Wayland, clipboard copy and paste work correctly via wl-clipboard

Requirements

  • Python 3.14+
  • uv
  • Linux/Wayland only: wl-clipboard for clipboard support (sudo pacman -S wl-clipboard / sudo apt install wl-clipboard)

Getting Started

git clone https://github.com/bradybridges/password-manager.git
cd password-manager
uv run main.py

uv handles installing Python dependencies (cryptography, Pillow) automatically.

Usage

  1. Create a vault — on first launch, click New Vault, enter a name and master password, then click Create.
  2. Unlock a vault — select a vault from the list on the login screen, enter the master password, and press Enter or click Unlock.
  3. Add credentials — click + Add, fill in the fields (only Title is required), and click Save.
  4. View/edit/delete entries — select an entry in the list to see its details. Use Edit or Delete in the toolbar.
  5. Copy a password — click the copy icon next to the password field in the detail view.
  6. Lock the vault — click Lock Vault in the top bar to return to the login screen. Credentials are cleared from memory.

Vault Storage

Vaults are stored locally at a platform-specific path:

Platform Path
Linux $XDG_DATA_HOME/password-manager/vaults/ (defaults to ~/.local/share/password-manager/vaults/)
macOS ~/Library/Application Support/Password Manager/vaults/
Windows %APPDATA%\Password Manager\vaults\

Each .vault file is a JSON document containing a base64-encoded salt and the Fernet-encrypted credentials. The master password never leaves your machine and is not stored anywhere.

Security

  • Encryption: AES-128-CBC + HMAC-SHA256 via Fernet (from the cryptography library)
  • Key derivation: PBKDF2-HMAC-SHA256, 600,000 iterations, 16-byte random salt per vault
  • Vault files are written atomically (.tmpos.replace) and set to chmod 0o600
  • Changing the master password generates a new salt and re-derives the key from scratch

Warning: There is no password recovery. If you forget your master password, the vault data cannot be decrypted.

Building a Standalone Executable

To produce a standalone executable that runs without Python or uv:

uv run pyinstaller -y password_manager.spec

The output is placed in dist/Password Manager/. The build/ and dist/ directories are not committed to version control.

About

Offline password manager with AES-encrypted vaults. Built with Python/tkinter, no cloud required.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages