Introducing ProgramMatek’s PHP Password Manager

Passwordcockpit logo

ProgramMatek’s PHP Password Manager, known as Passwordcockpit, is an innovative and secure web-based password manager designed for team collaboration. It is built using PHP, JavaScript, MySQL or MariaDB, and runs on a Docker service. With Passwordcockpit, users can safely store, share, and retrieve a wide range of sensitive information, including passwords, certificates, files, and more.

GitHub license

Features and Functionality

Passwordcockpit offers a comprehensive set of features that cater to different aspects of password management, team collaboration, and data security. Here are some key features:

Global Permissions

Each user in Passwordcockpit can be assigned specific permissions, including:

  • โšซ๏ธ Nothing (a normal user)
  • ๐Ÿ‘ฅ Create and manage users
  • ๐Ÿ“ Create folders
  • ๐Ÿ—„ Access to all directories
  • ๐Ÿ“Š Can view log

Folder Permissions

Folders in Passwordcockpit come with their own set of permissions. Users can be assigned different levels of access to individual folders, including:

  • โ›”๏ธ No access: A user cannot access a folder unless explicitly assigned.
  • ๐Ÿ‘ Read: A user can read passwords from a folder they are associated with.
  • โœ๏ธ Manage: A user can add, modify, and delete passwords within a folder.

Please note that users can be associated with a specific folder even if they do not have permissions from the parent folder.

Authentication Options

Passwordcockpit supports two authentication methods: database-stored password and LDAP.

  • To use LDAP, users must already exist in Passwordcockpit. The match is done based on the username.

  • When LDAP is enabled, the user profile data is synchronized during each login, which means the profile data cannot be modified within Passwordcockpit.

See also  Php Id Payment Method

Encryption

To ensure maximum security, Passwordcockpit offers three levels of encryption:

  • Password PIN: Users can encrypt passwords with a personal PIN, preventing access by users with “Access to all directories” permission or users assigned to the same directory.
  • SSL Encryption: All data transferred to the server is protected using SSL encryption.
  • Database Encryption: Login credentials, passwords, and files are encrypted within the database using strong encryption algorithms.

Architecture and Technologies Used

Passwordcockpit follows a RESTful architecture and combines both frontend and backend in a single Docker image for easy deployment. Here’s an overview of the technologies used:

Frontend

The frontend is developed using Ember.js and Bootstrap. Personal PIN password encryption is implemented using the Stanford JavaScript Crypto Library and AES-CCM.

Backend

The backend is built using Mezzio, Laminas Components, and Doctrine, following the PHP Standard Recommendation (PSR). HAL is adopted as a JSON specification for consistent and efficient resource hyperlinking. Login information is securely stored using Bcrypt, while password entities and files are encrypted using Laminas Crypt and SHA-256. User sessions are managed using JWT tokens, encrypted with HS256.

Database

Passwordcockpit utilizes either MySQL or MariaDB as the backend database.

Installation and Security Recommendations

Installation of Passwordcockpit is simplified with docker-compose. Detailed instructions can be found on the official ProgramMatek website here. Docker images for Passwordcockpit are available through the Docker Hub organization.

To ensure the security of your Passwordcockpit instance, we recommend the following best practices:

  • Enable SSL (HTTPS) or use a reverse proxy with SSL to protect your service.
  • Set strong values for PASSWORDCOCKPIT_BLOCK_CIPHER_KEY and PASSWORDCOCKPIT_AUTHENTICATION_SECRET_KEY.
  • Change the default admin password (PASSWORDCOCKPIT_ADMIN_PASSWORD) to a secure one.
  • Disable Swagger documentation when running in production. By default, the container runs with a non-root user (www-data).
See also  Sending USD to GCash: Everything You Need to Know

Updating and Vulnerability Reporting

To update Passwordcockpit, simply pull the new image, remove the old container, and start the new one. Before updating, it is essential to backup both the database and persistent files to ensure data integrity.

If you discover any vulnerabilities in the project, please report them privately to ProgramMatek’s security team at security@programmatek.com. We appreciate your support in making Passwordcockpit even more secure.

Conclusion

Passwordcockpit is available in multiple languages, including English, Italiano, Franรงais, and Deutsch. Its user-friendly interface and robust security features make it an ideal solution for teams seeking an efficient and secure password management system.

Give Passwordcockpit a try and experience the convenience of managing your passwords and sensitive information with ease!

ProgramMatek