Skip to content
/ vault-plugin-secrets-pwmanager Public

🔐 A plugin providing a comprehensive solution designed to integrate HashiCorp Vault's advanced secrets management capabilities into a user-friendly password management system.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gradientsearch/vault-plugin-secrets-pwmanager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

264 Commits
client
client
 
 
docs
docs
 
 
plugin
plugin
 
 
README.md
README.md
 
 

Repository files navigation

🔐 vault-plugin-secrets-pwmanager

This project creates a plugin that can be registered with HashiCorp Vault. The plugin is responsible for managing pwmanager user policies and user KV-V2 secret mounts, which store user passwords.

In addition to the plugin, a web client is provided to offer a user-friendly interface for interacting with the plugin’s password management capabilities. User passwords are encrypted client-side with a symmetric key before being sent to HashiCorp Vault. This ensures that if a HashiCorp Vault administrator views a user’s password, it will be encrypted. The user’s private key is stored in an encrypted bundle known as the User Unique Key (UUK). The UUK contains the necessary information to decrypt the user’s private key using a two-secret key derivation function. This private key can then decrypt the required keys for encrypting and decrypting data.

⚠️ Early Development - Not for Production Use

This repository is currently in early development. The code may be unstable, incomplete, or subject to significant changes. Do not use it in production environments at this time.

We recommend that you use this repository for testing and experimentation purposes only, and proceed with caution. Contributions and feedback are welcome as we continue to improve the project!

Milestone Demo

Note

I will continue to make short videos like this to show progress and review code, so future contributors can ramp up quickly. You can find these updates on my YouTube channel: @gradientsearch.

create-password-demo.mp4

In this demo, I showcase an open-source password manager I’m currently developing, which integrates with HashiCorp Vault via a Vault plugin. I walk through the process of registering a user, unlocking the password manager, and creating and viewing passwords. Additionally, I explain how password entries are stored in Vault using the KV-v2 secret engine, including the encryption and decryption processes, and how Vault policies control access to these entries.

Environment Setup Instructions

  1. Navigate to the plugin directory:

    cd plugin

  2. Run the make setup command:

    make setup

    This will:

    • Start the Vault server.
    • Configure the password manager.
    • Set up a test user.

  3. Navigate to the client directory:

    cd ../client

  4. Run the development server:

    npm run dev

    This will start a local webpage where you can begin working on the client-side code.

Register User Flow

register-flow drawio

License

The client code for this project is licensed under the MIT License. You are free to use, modify, and distribute this code, including for commercial purposes, provided that you include the original copyright notice and disclaimers.

The plugin code is licensed under the Mozilla Public License 2.0 (MPL-2.0). This is because I used the HashiCups demo as a starting point for developing the plugin. The MPL allows for the use, modification, and distribution of the code, but it requires that any modifications to the plugin code be released under the same MPL license.

About

🔐 A plugin providing a comprehensive solution designed to integrate HashiCorp Vault's advanced secrets management capabilities into a user-friendly password management system.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages