SimpleVault - Password Manager

SimpleVault is a web-based tool that allows you to manage passwords or other secret information in a safe way. All secret information is encrypted using strong encryption algorithms. SimpleVault is particularly useful if you need to manage your secret data, or if you want to share secret information within a working group with trusted members. But it can also be used as a common tool for users who don't trust each other.

This project is kindly hosted by sourceforge.net: http://sourceforge.net/projects/simplevault

Contents:


Features

More Features

Try it online

An online demo is available. (Please don't misuse the demo. The vault is regularly purged.)

Why is SimpleVault free?

SimpleVault can be downloaded and used for free and it's source code is available under the GPLv3 license. I give it away for free mainly because I'm intensively using other open source products and I want to give back something useful to the community.

Installation and Configuration

Prerequisites are: PHP4 or PHP5 with the mcrypt library.

Download and unpack the SimpleVault package to the directory <install-dir>. By default, /var/lib/simplevault/simplevault.txt is used as the vault file where all encrypted and unencrypted data is stored. This file should be readable and writeable by the web server. A different vault file can be configured in svconfig.php in the variable $vaultfname.

That's it. Go to <your-host>/<install-dir>/index.php and start creating entries.

In the default installation, the vault file contains 2 categories and 4 entries for demonstration purposes. All entries are encrypted with the passphrase toto. You can delete the entries interactively, or by emptying the vault file.

If you have problems please ask your questions in the support forum.

Configuration

In the configuration file svconfig.php (can initially be copied from svconfig.php-dist) there is a configuration section below the lines *** Settings.

Updating an Existing Installation

Simply replace the files index.php, sv.js, img/* and tpl-* with the new files from the distribution. Check svconfig.php-dist if there are new configuration parameters.

Usage

Quickstart

If you have questions please ask them in the support forum.

iPhone Interface

The iPhone interface currently only supports browsing, reading and decrypting items. Editing and creating new items will be added in a future version.

Technical Information

Security

This software has not been designed by a security specialist! SimpleVault is a best-effort approach with common sense security principles in mind. For example, in all input fields scripting tags are automatically filtered or escaped in order to prevent from cross site scripting attacks. But for a really serious application you may prefer one of the bullet proof commercial applications that are available on the market.

The most important functionality of SimpleVault is to encrypt all secret data that has to be stored. The encription uses strong encryption algorithms, and if a good password is used, it is virtually impossible to decrypt the data without knowing the password. This means that even if the vault file is stolen, the secret data is safe. Actually, the vault file could be made publicly accessible without any risk.

However, during the process of using SimpleVault, the secret data is unencrypted at certain times and locations. The red boxes in the table below indicate unencrypted secret data.


screen/keyboard
browser
network
web server
php script
filesystem
http






https






One obvious consequence is, that SimpleVault should only be used over the https protocol. And yes, in our case we use SimpleVault only on our local network behind a completely isolating firewall.

Known Security Risks and Leaks

These are the known potential security risks with SimpleVault:

There are probably more risks or leaks. Please report them in the forum.

Implementation

All data is stored in one text file - the vault file. As an example you can have a look at the demo vault file of the online demo. And this is the format of the vault file:

Credits

Various People have contributed to SimpleVault. Most of them are listed the comments in index.php.




Rolf Brugger, Dec 2011