Skip to content
/ keepsafe Public

KeepSafe — a local Java 21 Swing password manager that securely stores AES‑GCM–encrypted credentials (PBKDF2 key derivation) in PostgreSQL.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

emmanuelekopimo/keepsafe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
config
config
 
 
src/com/keepsafe
src/com/keepsafe
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

KeepSafe

KeepSafe is a small, local password manager prototype (Java 21 + Swing) that stores AES‑GCM–encrypted credentials in PostgreSQL. This repository contains a runnable skeleton with the main UI, DB wiring, and example services/DAOs to help you iterate quickly.

Screenshot

image

Highlights

  • Java 21, Swing UI (CardLayout)
  • PostgreSQL (JDBC) for persistent storage
  • PBKDF2 for key derivation and AES‑GCM for encryption
  • Minimal, opinionated architecture: config, db, dao, service, ui, security

Quick start

  1. Ensure PostgreSQL is running and reachable. Create a database and user, or update config/app.properties.
  2. Build and run with the JDK (no build tool required):
# compile
javac -d bin -cp 'lib/postgresql-42.7.7.jar' $(find src -name '*.java')

# run
java -cp 'bin:lib/postgresql-42.7.7.jar' com.keepsafe.app.Main

Configuration

Configuration is loaded from config/app.properties (defaults are provided in code). Key settings include:

  • db.url, db.user, db.password — JDBC connection
  • security.pbkdf2.iterations, security.pbkdf2.keylen — KDF params
  • clipboard.clear.millis — how long copied passwords remain on the clipboard

Database

On first run the app applies simple DDL for vault_meta and credentials. Migrations live in src/com/keepsafe/db/Migrations.java.

If you need to remove an existing vault from the DB (destructive): use the in-app Destroy Vault action from the Dashboard (it asks for an explicit typed confirmation). That removes all credentials and vault metadata and resets credential IDs.

You can also run SQL directly (destructive):

TRUNCATE TABLE credentials RESTART IDENTITY CASCADE;
DELETE FROM vault_meta WHERE id = 1;

Notes on security

  • The code uses PBKDF2 (HMAC-SHA256) for the master password and AES‑GCM for credential encryption. This is a learning prototype — treat it accordingly.
  • Sensitive byte arrays and char[] are wiped where practical, and the session key is kept only in memory while unlocked.

Development notes

  • Project layout: src/com/keepsafe/{app,config,db,dao,model,service,security,ui}.
  • The JDBC driver JAR is expected in lib/.
  • The UI is intentionally minimal to make it easy to iterate and to pair-program around.

Troubleshooting

  • Duplicate-vault insert errors: a vault_meta row already exists. Use the Destroy Vault action or delete vault_meta manually before creating a new vault.
  • If the app can't connect to the DB, check config/app.properties and that the PostgreSQL driver JAR is on the classpath.

License & contribution

This repository is a personal prototype; add a LICENSE and tests before wider use. Contributions and improvements are welcome.

About

KeepSafe — a local Java 21 Swing password manager that securely stores AES‑GCM–encrypted credentials (PBKDF2 key derivation) in PostgreSQL.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages