SimpleVault is a web-based tool that allows you to manage passwords or other secret information in a safe way. All secret information is encrypted using strong encryption algorithms. SimpleVault is particularly useful if you need to manage your secret data, or if you want to share secret information within a working group with trusted members. But it can also be used as a common tool for users who don't trust each other.
This project is kindly hosted by sourceforge.net: http://sourceforge.net/projects/simplevault
An online demo is available. (Please don't misuse the demo. The vault is regularly purged.)
SimpleVault can be downloaded and used for free and it's source code is available under the GPLv3 license. I give it away for free mainly because I'm intensively using other open source products and I want to give back something useful to the community.
Prerequisites are: PHP4 or PHP5 with the mcrypt library.
Download and unpack the SimpleVault package to the directory <install-dir>. By default, <install-dir>/vault/simplevault.txt is used as the vault file where all encrypted and unencrypted data is stored. This file should be readable and writeable by the web server. A different vault file can be configured in index.php in the variables $vaultdir and $vaultfile.
That's it. Go to <your-host>/<install-dir>/index.php and start creating entries.
In the default installation, the vault file contains 2 categories and 4 entries for demonstration purposes. All entries are encrypted with the passphrase toto. You can delete the entries interactively, or by emptying the vault file.
If you have problems please ask your questions in the support forum.
Simply replace the files index.php, sv.css and img/* with the new files from the distribution.
When the item has been created, a short message is displayed. The create dialog doesn't ask you to type in the passphrase twice. Therefore, in order to make sure that you typed in the correct passphrase, it is recommended to decrypt your new item right after it has been created.
of the item.
If you have questions please ask them in the support forum.
This software has not been designed by a security specialist! SimpleVault is a best-effort approach with common sense security principles in mind. For example, in all input fields scripting tags are automatically filtered or escaped in order to prevent from cross site scripting attacks. But for a really serious application you may prefer one of the bullet proof commercial applications that are available on the market.
The most important functionality of SimpleVault is to encrypt all secret data that has to be stored. The encription uses strong encryption algorithms, and if a good password is used, it is virtually impossible to decrypt the data without knowing the password. This means that even if the vault file is stolen, the secret data is safe. Actually, the vault file could be made publicly accessible without any risk.
However, during the process of using SimpleVault, the secret data is unencrypted at certain times and locations. The red boxes in the table below indicate unencrypted secret data.
|
|
screen/keyboard |
browser |
network |
web server |
php script |
filesystem |
|
http |
|
|
|
|
|
|
|
https |
|
|
|
|
|
|
One obvious consequence is, that SimpleVault should only be used over the https protocol. And yes, in our case we use SimpleVault only on our local network behind a completely isolating firewall.
These are the known potential security risks with SimpleVault:
All data is stored in one text file - the vault file. As an example you can have a look at the demo vault file of the online demo. And this is the format of the vault file:
These people have contributed to SimpleVault: Christian R., Reimar H.
Rolf Brugger, May '08