Open Password Manager is an open source password manager with encrypted storage for various cloud providers, implemented as a cross-platform Flutter application.
- Passwords are encrypted in the database
- Works on iOS, Android, and the web
- Can be self-hosted on various providers
- No password-related data leaves the device unencrypted
- Data is synched across all your devices
- Export function for local backups
- Offline function
- Open source and transparent
- Firebase - Google's comprehensive app development platform
- Supabase - Open source Firebase alternative with PostgreSQL
- Appwrite - Self-hosted or cloud backend-as-a-service
- Choose your preferred backend provider
- Follow the setup guide for your chosen provider:
- Create your
config.jsonconfiguration file - Run the application:
flutter run
Open Password Manager uses a sophisticated encryption system that ensures your data is secure and accessible across all platforms:
- Client-Side Encryption: All data is encrypted on your device before being sent to the cloud
- Shared Salt Management: Encryption salts are stored in your backend to ensure compatibility across devices
- Platform Independence: Access your passwords seamlessly on web, mobile, and desktop
- Secure Authentication: Your login password is used for both authentication and encryption key derivation
- User Password: You create a password for authentication and encryption/decryption
- Authentication: Your password is used to authenticate with your chosen backend provider
- Key Derivation: A unique encryption key is derived from your password using PBKDF2
- Salt Storage: A unique salt is stored in your backend database for cross-platform consistency
- Data Encryption: All password entries are encrypted with AES-256-GCM before storage
- Cross-Platform Access: The same encrypted data can be decrypted on any platform you sign in from
Each backend provider requires a specific configuration file. Create a config.json file in your project root with the appropriate configuration for your chosen provider.
Firebase:
{
"provider": "firebase",
"firebaseConfig": {
"apiKey": "your-api-key",
"authDomain": "your-project.firebaseapp.com",
"projectId": "your-project-id",
"storageBucket": "your-project.appspot.com",
"messagingSenderId": "123456789",
"appId": "1:123456789:web:abcdef",
"measurementId": "G-XXXXXXXXXX",
"vaultCollectionPrefix": "vault",
"utilsCollectionName": "utils",
}
}Supabase:
{
"provider": "supabase",
"supabaseConfig": {
"url": "https://your-project.supabase.co",
"anonKey": "your-anon-key",
"vaultDbName": "your-password-table-name",
"utilsDbName": "your-utils-table-name"
}
}Appwrite:
{
"provider": "appwrite",
"appwriteConfig": {
"endpoint": "https://cloud.appwrite.io/v1",
"project": "your-project-id",
"databaseId": "opm-database",
"vaultCollectionId": "your-vault-collection-id",
"utilsCollectionId": "your-utils-collection-id",
}
}For detailed setup instructions including database configuration, see the setup guides linked above.
Open Password Manager implements multiple layers of security to protect your data:
- Algorithm: AES-256-GCM (Galois/Counter Mode)
- Key Derivation: PBKDF2 with 10,000 iterations
- Salt Management: Unique salts stored securely in your backend
- Transport Security: All data transmitted over HTTPS/TLS
The app uses a shared salt management system to ensure encrypted data works across all platforms:
- Shared Salt Storage: Encryption salts are stored in your backend database
- Consistent Keys: All platforms derive identical encryption keys from your master password
- Seamless Sync: Sign in on any device to access your encrypted passwords
- No Lock-In: Your data remains accessible regardless of the platform
- Your login password is used for authentication and encryption key derivation
- All encryption/decryption happens client-side before data transmission
- Backend providers store only encrypted data and authentication credentials
- Your stored passwords remain unreadable without your login password
Important: If you lose your login password, your data cannot be recovered. This is by design for maximum security.
- No backdoors or recovery mechanisms exist for encrypted data
- Export your passwords regularly as a backup
- Use a secure method to remember your login password
For technical implementation details, see lib/shared/infrastructure/repositories/cryptography_repository_impl.dart.
- Flutter (Latest stable version)
- Xcode (for iOS development)
- A backend provider account (Firebase, Supabase, or Appwrite)
-
Clone the repository
git clone https://github.com/xeladu/opm.git cd opm -
Install dependencies
flutter pub get
-
Configure your backend (see setup guides above)
-
Add Firebase Crashlytics (optional)
Firebase Crashlytics is used to monitor crash reports. It's already included in the code. All you need to do to is provide a Firebase configuration. If you already use Firebase as a backend, it will work out of the box. For other backend providers it is required to add the Firebase configuration additionally. -
Run the app
# Web flutter run -d chrome # Android flutter run -d android # iOS flutter run -d ios
lib/
├── features/
│ ├── auth/ # Authentication logic
│ └── vault/ # Password storage logic
├── shared/
│ ├── domain/ # Domain entities and repositories
│ ├── infrastructure/ # Implementation details
│ └── utils/ # Utilities and configurations
└── main.dart # Application entry point
This project follows Domain-Driven Design (DDD) principles:
- Domain Layer: Core business logic and entities
- Infrastructure Layer: External service implementations
- Presentation Layer: UI components and state management
State management is handled with Riverpod for type-safe dependency injection and reactive state.
You can contribute by
- suggesting new features
- filing bug reports
- work on existing tickets by creating a pull request
Thank you for your help!
This project is licensed under the MIT License - see the LICENSE file for details.