PassWall Server is the core backend for open source password manager PassWall platform. Using this server, you can safely store your passwords and access them from anywhere.
License
GitHub issues
Build Status
Coverage Status
Docker Pull Status
Deploy
- Features
- Quick Start
- Development
- Makefile Commands
- Docker Deployment
- Environment Variables
- API Documentation
- Security
- Support
- π Secure Password Storage - AES-GCM encryption
- π RESTful API - Well-documented API endpoints
- π³ Docker Support - Easy deployment with Docker Compose
- π Auto Migration - Database schema management
- π¦ Multiple Storage Types - Passwords, credit cards, bank accounts, notes, emails
- π‘οΈ Security Middlewares - XSS protection, SQL injection prevention, rate limiting
- π― JWT Authentication - Secure token-based authentication
- Start the server:
make up
- Create a new user:
docker exec -it passwall-server /app/passwall-cli- Access the server:
Server URL: http://localhost:3625
# Create directory mkdir $HOME/passwall-server cd $HOME/passwall-server # Download docker-compose.yml wget https://raw.githubusercontent.com/passwall/passwall-server/main/build/docker/docker-compose.yml # Start services docker-compose up -d # Create user docker exec -it passwall-server /app/passwall-cli
- Go 1.24+ (or latest)
- PostgreSQL 13+
- Docker & Docker Compose (optional)
- Make
- Clone the repository:
git clone https://github.com/passwall/passwall-server.git
cd passwall-server- Install dependencies:
go mod download
- Install development tools:
make install-tools
- Start PostgreSQL:
make db-up
- Build and run:
make run
make dev
This will install and use Air for automatic reloading on code changes.
Run make help to see all available commands:
make help # Display help message
make build # Build server and CLI binaries make build-linux # Build for Linux make build-darwin # Build for macOS make build-all # Build for all platforms make clean # Clean build artifacts
make generate # Run go generate make lint # Run golangci-lint make test # Run tests make test-coverage # Run tests with coverage report make install-tools # Install development tools
make run # Build and run server locally make dev # Run with hot reload (air) make create-user # Create a new user with CLI
make image-build # Build Docker image make image-publish # Build and publish to Docker Hub
make up # Start all services (builds if needed) make down # Stop all services make restart # Restart all services make logs # Show logs make ps # Show running services
make db-up # Start PostgreSQL only make db-down # Stop PostgreSQL make db-logs # Show PostgreSQL logs
make ci # Run full CI pipeline make check # Run lint and test
make version # Show version information make info # Show build information
make image-build
# Login to Docker Hub first docker login # Build and publish make image-publish
DOCKER_TAG=v2.0.0 make image-build DOCKER_TAG=v2.0.0 make image-publish
| Variable | Description | Default |
|---|---|---|
PORT |
Server port | 3625 |
PW_SERVER_USERNAME |
Admin username | - |
PW_SERVER_PASSWORD |
Admin password | - |
PW_SERVER_PASSPHRASE |
Encryption passphrase | - |
PW_SERVER_SECRET |
JWT secret | - |
PW_SERVER_TIMEOUT |
Server timeout | 2 |
PW_SERVER_GENERATED_PASSWORD_LENGTH |
Generated password length | 16 |
PW_SERVER_ACCESS_TOKEN_EXPIRE_DURATION |
Access token expire duration | 30m |
PW_SERVER_REFRESH_TOKEN_EXPIRE_DURATION |
Refresh token expire duration | 7d |
| Variable | Description | Default |
|---|---|---|
PW_DB_NAME |
Database name | passwall |
PW_DB_USERNAME |
Database username | postgres |
PW_DB_PASSWORD |
Database password | password |
PW_DB_HOST |
Database host | localhost |
PW_DB_PORT |
Database port | 5432 |
PW_DB_LOG_MODE |
Enable DB logging | false |
PW_DB_SSL_MODE |
SSL mode | disable |
API documentation is available at Postman Public Directory
-
AES-GCM Encryption - Passwords are encrypted with AES in Galois/Counter Mode. Passwords can only be decrypted with the passphrase defined in your configuration.
-
Security Middlewares - Endpoints are protected against XSS attacks and other common vulnerabilities.
-
SQL Injection Prevention - Using Gorm ORM which automatically sanitizes all queries.
-
Rate Limiting - Built-in rate limiter for signin attempts to prevent brute force attacks.
-
JWT Authentication - Secure token-based authentication with access and refresh tokens.
PassWall Server can be used with:
I promise all the support will be spent on this project!
- Don't send too many commits at once. It will be easier for us to do a code review.
- Be sure to check out the
devbranch. The latest development version is there. - First try to fix
// TODO:items in the code. - Follow the milestones for feature development.
- Don't modify the UI without design approval.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
# Run all tests make test # Run tests with coverage make test-coverage # Run linter make lint # Run full CI pipeline make ci
This project is licensed under the MIT License - see the LICENSE file for details.
If you like this project, please give it a β on GitHub!
Made with β€οΈ by the PassWall Team