Skip to content

w512/Kivarion

Repository files navigation

Kivarion logo

Kivarion

Kivarion is a modern, fast, and secure desktop password manager that works with the KeePass format (.kdbx files). Built with Tauri 2 and Vue 3, it provides a native user experience with a strong focus on security.

Key Features

  • Full KDBX 4 support — securely work with KeePass 2.x databases.
  • Secure decryption — uses Argon2 (WASM) for key derivation.
  • Flexible unlock — open a database with a master password, a key file, or both. The key file is remembered per database.
  • Create databases — make a brand-new .kdbx from the app, protected by a master password.
  • Three-column interface — convenient navigation with a group tree, entry list, and resizable detail panel.
  • Structure management — create, rename, and delete groups and entries.
  • Global search — the search field in the top bar filters entries across the entire database, regardless of the selected group. It searches the Title, UserName, URL, Notes, and custom fields by both name and value. Matching is case-insensitive and substring-based. Protected fields, including passwords and hidden custom fields, are excluded from search.
  • Attachment support — view, preview (images and PDFs), and export files attached to entries.
  • Website favicons — automatically fetch icons for entries through icon.horse.
  • Password generator — create strong passwords with configurable options.
  • Auto-save — immediately write changes to the file after every operation.
  • Personalization — supports light, dark, and system themes.
  • Native experience — integrates with the operating system through Tauri, including dialogs, filesystem access, and system paths.

Platform support

Kivarion targets desktop macOS, Windows, and Linux via Tauri. Some features are platform-specific:

  • Touch ID unlockmacOS only. On other platforms the biometric commands report "not supported" and the option is unavailable; unlock there is password-only.
  • Quick Look attachment previewmacOS only (uses qlmanage). In-app image/PDF preview and export work on all platforms.

Current limitations

These are known gaps (tracked in docs/ToDo.md), called out here so expectations are honest:

  • Attachments are view / preview / export only; adding, renaming, or deleting attachments inside Kivarion is not yet implemented.
  • Recycle Bin — deleting an entry moves it to the KeePass Recycle Bin (when the database has one enabled), but restoring items from the bin inside the app is not yet implemented (you can empty it).

Technology Stack

Component Technology
Core Tauri 2 (Rust)
Frontend Vue 3 (Composition API)
State Pinia
Routing Vue Router
KDBX kdbxweb
Crypto argon2-browser (Bundled WASM)
Styling Vanilla CSS (Variables & Glassmorphism)

Development

Bun is required.

# Install dependencies
bun install

# Run in development mode (Tauri + Vite)
bun run tauri dev

# Build the production version
bun run tauri build

# Lint and format
bun run lint          # ESLint (Vue + JS)
bun run format        # Prettier (write)
bun run format:check  # Prettier (verify only)

# Unit tests
bun test

Test Database

TestDatabase.kdbx is a sample database for local testing only. It contains no real secrets.

Password: 123

Project Structure

src/
├── main.js              # Vue and crypto engine initialization
├── App.vue              # Root component and global style tokens
├── store.js             # Pinia store (database, credentials, theme)
├── pages/               # Main screens: HomePage, DatabasePage, SettingsPage
├── components/          # Modular UI (modals, header, EntryDetail, GroupTree, etc.)
├── composables/         # Shared logic (auth, actions, resizing, icons, attachments)
├── crypto-init.js       # kdbxweb configuration for Argon2
├── dbHelper.js          # Low-level filesystem operations
└── utils.js             # Formatting and password generation utilities

src-tauri/
├── capabilities/        # Plugin permission configuration (http, dialog)
├── src/
│   ├── main.rs          # Rust entry point
│   └── lib.rs           # Plugin registration and custom commands
└── tauri.conf.json      # Tauri build configuration

Security

  • The master password is not persisted by default. If you enable Touch ID unlock, the password is stored in the macOS Keychain so it can be retrieved (as plaintext, into the app) after a successful biometric check. It is protected at rest by the OS Keychain, not "never stored". Touch ID is only triggered by an explicit action — Kivarion never prompts for it automatically.
  • Sensitive fields are handled through the kdbxweb library's ProtectedValue.
  • The webview has no direct filesystem access: all database/attachment file I/O goes through dedicated Rust commands operating only on a path you picked via a native dialog.
  • On macOS, previewing an attachment with Quick Look writes the decrypted file to a private temporary location and deletes it after the preview closes; the OS may still cache previews.
  • Saves are durable and atomic (temp file → fsync → rename), and detect external modification before overwriting. Rotating .bak backups (configurable in Settings) are kept next to the database; they are encrypted KDBX copies, not plaintext.

About

Kivarion is a modern, fast, and secure desktop password manager that works with the KeePass format (.kdbx files).

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors