LibrePass
LibrePass is an open‑source password manager designed for privacy and reliability. It pairs an end‑to‑end encrypted data model with a Kotlin/Spring backend for sync, and modern native/mobile clients for an excellent user experience.
Overview
LibrePass focuses on a strong security model and practical UX:
- End‑to‑end encryption: vaults are encrypted client‑side using modern cryptography.
- Zero‑knowledge: the server never sees plaintext secrets; only encrypted blobs are stored.
- Multi‑device sync powered by a Kotlin/Spring Boot backend with token‑based auth.
- Modern clients built with Kotlin/Compose and responsive web UI for accessibility.
Architecture
Clients
Native Android (Jetpack Compose) and desktop/web clients handle all crypto operations locally. Keys never leave the device. Data is synced via secure REST/gRPC endpoints.
Backend
Kotlin + Spring Boot service orchestrates account management, device sessions, and encrypted vault storage. Deployed in Docker containers with CI for automated builds.
Data Model
Vault items (logins, notes, TOTP seeds) are serialized and encrypted using authenticated encryption. Metadata is minimized to reduce side‑channel leakage.
Security
Derivation via a strong KDF, per‑item nonces, and key rotation support. All transport uses TLS.
Key Features
- Password and secure note vaults
- Device‑level encryption with zero‑knowledge sync
- Autofill and quick search (mobile/desktop)
- TOTP support
- Offline‑first with conflict‑aware sync
- Dockerized backend for easy deployment