A modern, secure, and user-friendly password and secrets manager built in Rust
Features โข Installation โข Usage โข Security โข Contributing โข Documentation
PwGen-rust is a comprehensive password and secrets management solution designed for modern cybersecurity needs. Built with Rust for performance and security, it provides enterprise-grade encryption while maintaining an intuitive user experience.
- ๐ Military-Grade Security: AES-256-GCM encryption with Argon2 key derivation
- ๐จ Modern UI: Clean, responsive interface built with egui
- ๐ High Performance: Native Rust performance with optimized builds (30-40% smaller binaries)
- ๐ง Developer-Friendly: CLI and GUI interfaces for all workflows
- ๐ Cross-Platform: Windows, macOS, and Linux support with flexible build options
- ๐ฆ Self-Contained: No cloud dependencies, your data stays local
- ๐ Import/Export: Seamless migration from other password managers
- โก Optimized Builds: Multiple build profiles for different deployment scenarios
- Secure Storage: AES-256-GCM encrypted SQLite database
- Smart Generation: Customizable password generation with entropy analysis
- Advanced Search: Multi-field search with tags and filters
- Bulk Operations: Import/export from popular password managers
- Auto-Fill Ready: Organized for browser extension integration
- API Keys & Tokens: Secure storage with expiration tracking
- SSH Keys: Private/public key pair management with passphrase support
- Secure Documents: Encrypted file storage with checksum verification
- Environment Variables: Configuration and connection string management
- Database Connections: Secure credential storage for databases
- Custom Secrets: Flexible schema for any sensitive data
- CLI Interface: Full command-line functionality for automation
- Browser Import: Support for Chrome, Firefox, Safari, Edge, and more
- Backup & Restore: Encrypted backups with integrity verification
- Audit Logging: Comprehensive access and modification tracking
- Template System: Pre-configured templates for common services
- Responsive Design: Adaptive UI for different screen sizes
- Tabbed Interface: Organized navigation between different data types
- Quick Actions: One-click copy, edit, and delete operations
- Dark/Light Theme: Automatic theme detection and manual override
- Keyboard Shortcuts: Power-user friendly navigation
- Algorithm: AES-256-GCM (Galois/Counter Mode)
- Key Derivation: Argon2 (memory-hard, side-channel resistant)
- Salt Generation: Cryptographically secure random salt per database
- Memory Safety: Rust's ownership model prevents memory vulnerabilities
- Zero-Knowledge: Master password never leaves your device
- Secure Deletion: Memory zeroization for sensitive data
- Database Integrity: SQLite with WAL mode and integrity checks
- Input Validation: Comprehensive sanitization and validation
- Error Handling: Secure error messages without information leakage
- Audit Trail: Complete logging of all access and modifications
# Verify database encryption
sqlite3 ~/.config/pwgen/vault.db "SELECT hex(encrypted_password) FROM password_entries LIMIT 1;"
# Check file permissions
ls -la ~/.config/pwgen/- 30-40% smaller binaries with optimized builds
- Flexible build options for different platforms and requirements
- Reduced Windows SDK dependencies with minimal builds
- Enhanced security with modern cryptography (SHA-256 only)
# Coming soon! The snap package is currently pending approval
# Once approved, you'll be able to install with:
# sudo snap install pwgen-rust# Download the .dmg installer from GitHub releases
# https://github.com/HxHippy/PWGen/releases/latest# Download the NSIS installer from GitHub releases
# https://github.com/HxHippy/PWGen/releases/latest- Rust 1.75+ (Install Rust)
- Git
# Ubuntu/Debian
sudo apt install build-essential pkg-config libssl-dev libgtk-3-dev libxdo-dev
# Fedora/RHEL
sudo dnf install gcc gcc-c++ pkg-config openssl-devel gtk3-devel xdotool-devel
# Arch Linux
sudo pacman -S base-devel pkg-config openssl gtk3 xdotool# Clone the repository
git clone https://github.com/HxHippy/PWGen.git
cd PWGen
# Build release version (optimized for size)
cargo build --release
# Build minimal version (reduced Windows dependencies)
cargo build --release --no-default-features
# Build maximum size-optimized version
cargo build --profile min-size
# Install binaries
cargo install --path pwgen-cli
cargo install --path pwgen-gui
# Run the GUI
pwgen-gui
# Or use the CLI
pwgen-cli --helpcargo build --release- Features: Full clipboard support, document compression
- Platform: Complete cross-platform compatibility
- Size: Standard optimized build
cargo build --release --no-default-features- Features: Core functionality only
- Platform: Reduced Windows SDK requirements
- Size: Smaller binary with fewer dependencies
cargo build --profile min-size- Features: All features with maximum size optimization
- Platform: All platforms
- Size: 30-40% smaller than standard builds
# Clipboard support only
cargo build --release --no-default-features --features clipboard
# Document compression only
cargo build --release --no-default-features --features document-compression
# Both features
cargo build --release --features "clipboard,document-compression"# The snap package is currently pending approval
# Once approved, you'll be able to install with:
# sudo snap install pwgen-rustcargo install --git https://github.com/HxHippy/PWGenLaunch the desktop application:
pwgen-guiFirst Time Setup:
- Create a new vault with a strong master password
- Import existing passwords (optional)
- Start adding your credentials and secrets
Daily Usage:
- Passwords Tab: Manage website and application passwords
- Secrets Tab: Store API keys, SSH keys, and other sensitive data
- Generator Tab: Create secure passwords with custom rules
- Tools Tab: Import/export, backup/restore, and vault management
# Create a new vault
pwgen-cli vault create
# Add a password entry
pwgen-cli password add --site github.com --username user --password "secure123"
# Generate a password
pwgen-cli generate --length 20 --symbols
# Search entries
pwgen-cli search "github"
# Create a backup
pwgen-cli backup create ./my-backup.pwgen
# View all commands
pwgen-cli --help- Install the PwGen browser extension (coming Q1 2026)
- Enable the local API server:
pwgen-cli server start(in development) - Connect the extension to your local vault
- Enjoy seamless auto-fill capabilities
pwgen/
โโโ pwgen-core/ # Core cryptography and storage logic
โโโ pwgen-cli/ # Command-line interface
โโโ pwgen-gui/ # Desktop GUI application
โโโ pwgen-extension/ # Browser extension (planned)
โโโ scripts/ # Installation and setup scripts
โโโ docs/ # Comprehensive documentation
โโโ ui/ # Images, icons, and resources
- Language: Rust 2021 Edition
- GUI Framework: egui (immediate mode GUI)
- Database: SQLite with encryption
- Crypto: AES-256-GCM, Argon2 (secure, modern cryptography)
- CLI: clap for argument parsing
- Async Runtime: tokio (optimized features)
- Serialization: serde with JSON/TOML
- Image Processing: PNG decoder (lightweight replacement)
- Optional Features: Conditional compilation for platform-specific functionality
- Linux:
~/.config/pwgen/or~/.local/share/pwgen/ - macOS:
~/Library/Application Support/pwgen/ - Windows:
%LOCALAPPDATA%\pwgen\
# ~/.config/pwgen/config.toml
[database]
path = "vault.db"
backup_interval = "24h"
max_backups = 10
[security]
argon2_memory = 65536
argon2_iterations = 3
session_timeout = "15m"
auto_lock = true
[ui]
theme = "auto" # auto, light, dark
font_size = 14
window_size = [1200, 800]
[cli]
editor = "vim"
pager = "less"Import passwords from popular browsers:
- Google Chrome / Chromium
- Mozilla Firefox
- Microsoft Edge
- Safari
- Opera
- Brave
# Import from Chrome
pwgen-cli import --browser chrome
# Import from Firefox with profile selection
pwgen-cli import --browser firefox --profile workWe welcome contributions from the community! PwGen-rust is an open-source project that benefits from diverse perspectives and expertise.
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes and add tests
- Run the test suite:
cargo test - Submit a pull request
# Clone your fork
git clone https://github.com/HxHippy/PWGen.git
cd PWGen
# Install dependencies
cargo build
# Run tests
cargo test
# Run with debug logging
RUST_LOG=debug cargo run --bin pwgen-gui- Read our Contributing Guide
- Follow our Code of Conduct
- Check our Security Policy
- Review the Development Documentation
- Getting Started - First steps with PwGen
- User Manual - Comprehensive usage guide
- CLI Reference - Command-line interface documentation
- Import/Export Guide - Migrating from other password managers
- API Reference - Core library documentation
- Architecture Guide - System design and components
- Security Model - Cryptographic implementation details
- Extension Development - Building browser extensions
- ๐ Documentation
- ๐ Issue Tracker
- ๐ฌ Discussions
- ๐ง Security Issues
- ๐ฆ Follow @HxHippy on X/Twitter
- ๐ Visit HxHippy.com
- ๐ผ Kief Studio - AI Integration & Technology Consulting
- ๐ TRaViS - AI-Powered EASM without asset caps
- TRaViS - Threat Reconnaissance And Vulnerability Identification System
- Kief Studio - AI Integration and Technology Consulting Company
- HxHippy - @HxHippy on X/Twitter
- Rust - Systems programming language
- egui - Immediate mode GUI framework
- SQLite - Self-contained SQL database engine
- ring - Cryptographic primitives
- tokio - Asynchronous runtime
- The Rust community for excellent tooling and libraries
- Security researchers and auditors who help keep PwGen secure
- All contributors who make this project better
- Open source projects that inspired PwGen's design
- Core encryption and storage (AES-256-GCM)
- Password generation with full customization
- CLI interface with comprehensive commands
- Cross-platform GUI (egui-based)
- Search and filtering with tags
- Backup and restore functionality
- Browser password import (Chrome, Firefox, Safari, Edge, Opera, Brave)
- SSH key and API token management
- Secure document storage
- Advanced secrets management
- Responsive UI design
- Cross-platform installers
- v1.2: Build optimization with 30-40% smaller binaries
- v1.2: Conditional compilation for platform-specific features
- v1.2: Enhanced security with modern cryptography (SHA-256 only)
- v1.2: Flexible build profiles for different deployment scenarios
- v1.2: Reduced Windows SDK requirements
- Mobile apps (iOS/Android)
- Browser extensions
- API server for integrations
- TOTP/2FA integration
- Cloud sync with end-to-end encryption
- Hardware security key support
- Team collaboration features
- Advanced audit features
- Enterprise SSO integration
- Post-quantum cryptography
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
Copyright 2025 HxHippy, Kief Studio, TRaViS
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Made with ๐ฆ and โค๏ธ by the PwGen team