pm - A Git based password manager

pm is the project I've been working on for the past month and it is what the title above says - a Git based terminal password manager.

Inspiration

A few months ago, I realized I was creating accounts in lots of services (ChatGPT, Spotify, ResumeWorded etc) and this meant that I was creating lots of passwords. I was also creating a lot of throwaway accounts just to try out the services provided by an application. As I kept doing this, my password list just grew and every time I came across a login page, I would have to retry a couple of times to correctly guess the password I might have assigned to the service. Sigh... guessing my own password is basically just hacking myself, isn't it?

Anyway, I realized my need for a password manager. But I was/am not willing to pay for password managers and I don't trust the free ones.

This is how the idea for pm was born - I would store all my passwords on my local device and sync them to other devices (when necessary) using a remote, private git repository. Now that Github allows creation of private repositories for free of cost, I could easily use that feature to store my passwords securely on Github.

What's more? I could make it a terminal based app as well since I am on the terminal quite a bit.

A peek into the idea

So, how would the entire thing work? Well, my basic idea was as follows:

1. The user has one master password which is used to encrypt and decrypt the stored passwords using AES encryption.
2. Every stored password would have 3 main components: a domain (ex: github.com), a username (ex: my_cool_username) and (obviously) the password itself.
3. The user should have a git directory where all his passwords would be stored.
4. Every stored password would be recorded in a file in the above directory and the name of the file would be randomly generated while the contents of the file would be the encrypted details mentioned in point no 2.

Tools of the trade

Okay, so I have a basic idea for the project. Now what do I use to bring this project to life? I need this app to be cross-platform since I work on both Windows and Linux machines. I am comfortable with writing code in C and NodeJS but the latter fits the bill better since it is cross-platform and has quite a few pre-built libraries out there.

Speaking of pre-built libraries, if I wanted to get this project done within a reasonable time frame I had to use them. Building every functionality for this app from scratch would be a huge waste of time and it would end up with me losing motivation to finish the project. So, if there was an existing and reliable solution out there for my needs, I used it.

Since this was a terminal app based on Node.js and Git, there were 3 primary components to this app:

1. Nodejs itself
2. Commander - an NPM library to simplify parsing CLI based commands and options.
3. simple-git - another NPM library that provides an API for NodeJS to interact with the Git command line.

Other packages that I used were:

1. inquirer - a library to simplify getting input from the user on the terminal. It handles various inputs like text input, password input, multi-select etc.
2. cli-table3 - a library to render tables on the command line to present information to the user in a pleasant fashion instead of raw text.
3. crypto-js - a package for encrypting and decrypting strings of texts. I used this library instead of the native crypto library in NodeJS since I was having trouble with AES-128 encryption.

The actual execution

With the requirements adequately clear, it was now just a matter of execution.

Using the above tools in my arsenal, I started implementing features one after another everyday.

I built the ability to initialize a git directory for your passwords, basic CRUD operations for the stored passwords and changing the master password (which would also update the encrypted values of all the stored passwords) and then some more. I encountered a few setbacks but was able to fix the issues or circumvent them - this was only possible since I had planned most of the details ahead and was concentrating on the big picture.

My initial investment into planning the code structure for the project actually paid off since, for every feature I had to implement later on, I had already built all the necessary abstractions in prior features.

Now the next step was to release my app. This meant I had to package my app into an executable for the 3 major platforms (Windows, Linux and Mac) and then allow users to download my app. How do I do this now?

Releasing an executable

Well, in comes Github Actions. Github Actions is a CI/CD feature native to Github. You can use pre-existing or custom workflows to automate building and testing your application. You can also, thankfully, package your entire node application into a single executable and allow the user to download the packaged app on their system using Github Releases.

While Github Actions is a great tool to learn, I didn't need to learn all of it just yet. So, instead of diving into the nitty-gritty details, I just put together a basic solution to build my application for different platforms by following a Youtube series (do watch this series if you need an introduction to Github Actions - the creator explains the basic concepts really well).

To package my NodeJS application on different platforms, I used Vercel 's pkg package. While it was recently deprecated, it still serves its purpose really well.

So, how does my project look now? You tell me. You can download it here and all you need to run it is git on your system.

Conclusion

Well, this is my project. I plan to continue developing it - especially since I will be using it myself. I started this project not just because I wanted a password manager but also because I needed a personal win. I am happy with how this entire project turned out but there is still work to do. If you read all the way till here, thank you for your interest.

P.S: I have posted more details and screenshots about my project on LinkedIn. Check it out here: https://lnkd.in/g7wKWpbJ