โจ Your Credentials. Your Security. Your Rules. โจ
A modern, secure, self-hosted credential management application for storing and organizing your digital credentials with complete privacy and control.
๐ Quick Start โข ๐ฆ Installation โข ๐๏ธ Setup โข ๐ฑ PWA โข ๐ง Troubleshooting
- ๐ API Keys - Store and organize your API credentials
- ๐ Login Credentials - Username/password combinations
- ๐คซ Secrets - Sensitive configuration values
- ๐ซ Tokens - Authentication and access tokens
- ๐ Certificates - SSL certificates and keys
- ๐ Categories - Group credentials by service or type
- ๐ Tags - Flexible labeling system
- โก Priority Levels - Low, Medium, High, Critical
- ๐ Expiration Tracking - Never miss renewal dates
- ๐ Real-time Search - Find credentials instantly
- ๐ Row Level Security (RLS) - Database-level isolation
- ๐ End-to-End Encryption - Client-side encryption, zero-knowledge architecture
- ๐ค Multi-User Support - Support for multiple users on the same instance
- ๐ Secure Connections - HTTPS/TLS encryption
- ๐ Self-Hosted - Complete control over your data
- Zero-Knowledge Architecture - All encryption happens client-side
- AES-256-GCM Encryption - Industry-standard authenticated encryption
- Argon2id Key Derivation - Memory-hard, ASIC-resistant (with PBKDF2 fallback)
- Auto-Lock Protection - 15-minute inactivity timeout with activity detection
- Simplified Bcrypt Master Passphrase - Secure bcrypt-only authentication for new users
- Backwards Compatibility - Legacy wrapped DEK system maintained for existing users
- User-Controlled Reset - Secure emergency passphrase reset without admin backdoors
- Database-Only Storage - No localStorage usage except for database config
- Professional Security Audit - EXCELLENT security rating
- ๐ Dark Theme - Easy on the eyes
- ๐ฑ Responsive Design - Works on all devices
- โก Progressive Web App - Install like a native app
- ๐ Fast Performance - Built with Vite and React 19
- ๐จ Beautiful UI - Modern glassmorphism design
Get Keyper running on your own infrastructure in under 5 minutes!
- Node.js 18+ installed on your system
- Supabase account (free tier works perfectly!)
- Modern web browser (Chrome, Firefox, Safari, Edge)
# Install Keyper globally
npm install -g @pinkpixel/keyper
# Start the server (default port 4173)
keyper
# Or start with custom port
keyper --port 3000
# Open in your browser
# ๐ http://localhost:4173 (or your custom port)That's it! ๐ Follow the in-app setup wizard to configure your Supabase database.
Want to try Keyper before installing? Visit our hosted demo:
๐ keyper.pinkpixel.dev
Just enter your own Supabase credentials and start managing your encrypted credentials instantly! Your data stays completely private since all encryption happens in your browser.
Demo Usage:
- โ Completely Secure - Zero-knowledge architecture means your data never leaves your browser
- โ Real Functionality - Full Keyper experience with your own Supabase instance
- โ No Registration - Just bring your Supabase URL and anon key
โ ๏ธ Demo Limitations - Recommended for testing and light usage only- ๐ Self-Host for Production - Install locally for best performance and full control
Note: The demo uses the same secure architecture as self-hosted Keyper. Your Supabase credentials are stored only in your browser's localStorage and never transmitted to our servers.
npm install -g @pinkpixel/keyperAvailable Commands:
keyper- Start Keyper serverkeyper --port 3000- Start on custom portkeyper --help- Show help and usagecredential-manager- Alternative commandkeyper-dashboard- Another alternative
npx @pinkpixel/keypergit clone https://github.com/pinkpixel-dev/keyper.git
cd keyper
npm install
npm run build
npm start-
Visit supabase.com and sign up/login
-
Click "New Project"
-
Configure your project:
- Name:
keyper-db(or your preference) - Database Password: Generate a strong password
- Region: Choose closest to your location
- Name:
-
Wait 1-2 minutes for setup completion
-
In Supabase dashboard: Settings โ API
-
Copy these values:
- Project URL:
https://your-project.supabase.co - anon/public key:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
- Project URL:
-
Start Keyper:
keyper -
Database Setup: Configure your Supabase connection
- Enter your Supabase URL and anon key
- Copy and run the complete SQL setup script in Supabase SQL Editor
- The script creates tables with the latest security features:
raw_dekandbcrypt_hashcolumns for the new simplified security model- Backwards compatibility for existing users with legacy
wrapped_deksystem
- Test the connection
-
Master Passphrase: Create your encryption passphrase
- Choose a strong passphrase (8+ characters recommended)
- New users get the simplified bcrypt-only authentication system
- This encrypts all your credentials client-side with secure emergency reset capabilities
-
Start Managing: Add your first encrypted credential! ๐
Keyper works as a Progressive Web App for a native app experience!
- Open Keyper in Chrome/Edge/Firefox
- Look for the install icon in the address bar
- Click to install as a desktop app
- Access from your applications menu
- Open Keyper in your mobile browser
- Tap the browser menu (โฎ)
- Select "Add to Home Screen" or "Install App"
- Access from your home screen
- ๐ฑ Native app experience
- ๐ Faster loading times
- ๐ Offline functionality
- ๐ Background updates
- ๐ฒ Push notifications (coming soon)
โ "Connection failed: Database connection failed"
- Verify URL format - now supports any valid HTTP/HTTPS URL (v1.0.6+)
- โ
Cloud:
https://your-project.supabase.co - โ
Local:
http://localhost:54321,http://192.168.1.100:8000 - โ
Custom:
https://supabase.mydomain.com
- โ
Cloud:
- Use anon/public key, not service_role
- Check that your Supabase project is active
โ "relation 'credentials' does not exist"
- Run the complete SQL setup script in Supabase SQL Editor
- Ensure the script completed without errors
โ Dashboard shows "No credentials found"
- Click "Refresh App" button
- Clear browser cache and reload
- For PWA: Uninstall and reinstall the app
โ Can't enter new credentials after clearing configuration
- Refresh the page after clearing configuration
- Ensure you're using a valid HTTP/HTTPS URL (any format supported in v1.0.6+)
- Try clearing browser cache if form inputs appear stuck
โ Categories dropdown is empty when using custom username
- This issue has been resolved in the latest version
- Categories should now appear for all usernames (both default and custom)
- If still experiencing issues, try refreshing the page after setting your username
โ App doesn't show setup wizard after clearing database
- Clear browser cache and cookies for the site
- For Chrome/Edge: Settings โ Privacy โ Clear browsing data โ Cookies and cached files
- For Firefox: Settings โ Privacy โ Clear Data โ Cookies and Site Data + Cached Web Content
- Refresh the page to see the initial setup screen
โ Stuck in configuration loops or can't access settings
- Clear browser cache and localStorage completely
- Refresh the page and reconfigure your database connection
- Ensure your Supabase credentials are correct
- Use the built-in database health checks to verify table integrity
โ Multi-user vault conflicts
- Each user has their own isolated encrypted vault
- Switch users by changing the username in settings
- Refresh the page after switching users for proper vault isolation
- Each user's data is completely separate and encrypted individually
Forgot your master passphrase? No problem! Your encrypted data is completely safe and you can securely reset your passphrase:
Important: It's not possible to view your current master passphrase, but you can update/change it using our secure bcrypt-based reset system.
๐ Complete Reset Guide: For detailed step-by-step instructions, see our comprehensive Emergency Passphrase Reset Guide
Quick Overview:
- Access your Supabase dashboard and navigate to the
vault_configtable - Generate a new bcrypt hash using your desired new passphrase
- Replace the
bcrypt_hashvalue in your database - Login with your new passphrase
Security Benefits:
- โ No Backdoors: Complete elimination of admin override capabilities
- โ User Control: Only you can reset your own passphrase
- โ Data Safety: Your encrypted credentials remain completely safe
- โ Industry Standard: Uses proven bcrypt hashing technology
- โ Zero Knowledge: Hash-only storage ensures maximum security
- Check the Self-Hosting Guide
- Review browser console for errors (F12 โ Console)
- Verify Supabase project logs
- Use the master passphrase reset process above for password issues
- Report issues on GitHub
- โ Self-Hosted - Run on your own infrastructure
- โ Private Database - Your Supabase instance
- โ No Tracking - Zero telemetry or analytics
- โ Open Source - Fully auditable code
- ๐ Row Level Security - Database-level access control
- ๐ Encryption - Data encrypted at rest and in transit
- ๐ค User Isolation - Each user sees only their data
- ๐ก๏ธ Secure Authentication - Supabase Auth integration
- User Switching: When switching between different user accounts, refresh the page after logging out to ensure proper vault isolation
- Optimal Experience: This ensures clean cryptographic state and prevents any potential vault conflicts between users
- Frontend: React 19.1 + TypeScript
- Build Tool: Vite 7.0
- Styling: Tailwind CSS + shadcn/ui
- Backend: Supabase (PostgreSQL + Auth)
- State Management: TanStack Query
- Forms: React Hook Form + Zod
- PWA: Vite PWA Plugin + Workbox
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
We welcome contributions! Please see our Contributing Guide for details.
Created by Pink Pixel โจ
Dream it, Pixel it
- ๐ Website: pinkpixel.dev
- ๐ง Email: admin@pinkpixel.dev
- ๐ฌ Discord: @sizzlebop
- โ Support: Buy me a coffee
โญ Star this repo if Keyper helps secure your digital life! โญ