Deterministic, offline-first password manager that runs entirely in your browser. Passwords are derived using PBKDF2 and AES-GCM from either a master passphrase or BIP39 mnemonic. No passwords are ever stored; passwords are generated on-demand using cryptographic, secure hash functions.
Visit https://khromov.github.io/derivault/
flowchart TD
A[User Password Input] --> B[PBKDF2]
B -- Variable computation intensity --> C[Derived Master Key]
subgraph Key Generation
C --> D[PBKDF2]
SiteData[Site Data<br>email + domain + rotationRounds] --> D
D -- Variable computation intensity --> E[Site Specific Key]
E --> F[Convert to Password]
end
style B fill:#f9f,stroke:#333,stroke-width:2px
style D fill:#f9f,stroke:#333,stroke-width:2px
This application is built with SvelteKit, TypeScript, and Tailwind CSS using the shadcn-svelte component library. Install dependencies with npm install, then start the development server:
nvm use # install nvm first
npm i
npm run devCreate a production version with:
npm run buildPreview the production build with npm run preview.
Cryptographic operations are performed using the Web Crypto API. All password generation happens client-side - no data is ever transmitted to any server. The vault data (domains and usernames) is stored in localStorage, with the option to export/import using AES-GCM encryption.
npm run test:unit -- -u
However, keep in mind that the generatePassword tests should not change under any circumstances, as that messes up the password generation!
MIT License