Secure local password manager with Argon2/Fernet encryption and optional Shamir-based sharding
Project description
Sentry Vault
A security-focused local password manager with optional sharded storage.
🔐 About
Sentry Vault is an open-source, high-security password manager designed with privacy and security as its core principles. It provides a secure way to store and manage your credentials while ensuring that you remain in full control of your data.
🔑 Core Security Features
- Strong Encryption: Uses Argon2id for key derivation and Fernet for authenticated encryption
- Sharded Storage: Uses Shamir's Secret Sharing to split encrypted vault data into threshold-based shares
- Zero-Knowledge Architecture: Your master password never leaves your device
- Passphrase Generation: Create random, memorable, or PIN-style credentials from the CLI
🚀 Features
🔒 Core Functionality
- Secure Credential Storage: Store usernames and passwords in an encrypted local vault
- Sharded Vaults: Optional threshold-based sharding using Shamir's Secret Sharing
- Rich CLI Interface: Beautiful terminal interface with colorized output and progress bars
- Password Generator: Built-in tool for creating strong, random passwords
- Secure File Encryption: Encrypt/decrypt files using the same strong cryptography
🛡️ Security Features
- Argon2 for key derivation (memory-hard and resistant to GPU/ASIC attacks)
- Fernet authenticated encryption for confidentiality and integrity
- HMAC for data integrity verification
- Per-vault salt handling persisted with encrypted vault payloads
🛠 Installation
Prerequisites
- Python 3.10 or higher
- Poetry (for dependency management)
- OpenSSL (for cryptographic operations)
Quick Start
# Clone the repository
git clone https://github.com/agspades/sentry-vault.git
cd sentry-vault
# Install dependencies
poetry install
# Activate the virtual environment
poetry env activate
# Run the CLI
poetry run sentryvault --help
📜 Usage
Basic Commands
# Add a new credential
poetry run sentryvault add example.com username
# Retrieve a credential
poetry run sentryvault get example.com
# List all stored entries
poetry run sentryvault list
# Remove a credential
poetry run sentryvault delete example.com
# Change your master passphrase
poetry run sentryvault change-passphrase
# Generate a secure password
poetry run sentryvault generate-password --length 20
File Encryption
# Encrypt a file
poetry run sentryvault encrypt sensitive.txt sensitive.enc
# Decrypt a file
poetry run sentryvault decrypt sensitive.enc sensitive_decrypted.txt
🔧 Advanced Usage
Password Generation Options
# Generate a random password with specific requirements
poetry run sentryvault generate-password --length 20
# Generate a memorable passphrase and copy to clipboard
poetry run sentryvault generate-password --type memorable -c
🛡️ Security Best Practices
- Use a Strong Master Password: Choose a long, random passphrase
- Enable Sharding: Distribute shards across multiple secure locations
- Regular Backups: Keep regular backups of your vault in secure locations
- Secure Environment: Only run Sentry Vault on trusted, secure systems
- Keep Software Updated: Regularly update to the latest version for security patches
🧑💻 Contributing
We welcome contributions! Please read our Contribution Guidelines and sign the Contributor License Agreement before submitting pull requests.
Development Setup
# Install development dependencies
poetry install --with dev
# Run tests
poetry run pytest
# Format code
poetry run black .
# Check types
poetry run mypy .
📄 License
Sentry Vault is licensed under the GNU Affero General Public License v3.0. This is a strong copyleft license that ensures any modifications to the software must be released under the same license.
⭐ Support the Project
If you find Sentry Vault useful, please consider:
- Giving us a ⭐ on GitHub
- Reporting bugs or suggesting features
- Contributing code or documentation
- Spreading the word to others who might find it useful
🔒 "In a world of digital threats, your security is our mission."
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sentryvault-0.1.0.tar.gz.
File metadata
- Download URL: sentryvault-0.1.0.tar.gz
- Upload date:
- Size: 25.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.2 CPython/3.13.11 Linux/6.19.8-200.nobara.fc43.x86_64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b9d16520074b866b87ed65d8f807ba556855066afc9d878f4b9c5b71565b8d99
|
|
| MD5 |
b0e7d301afd831a9fde352a0f2f1dad9
|
|
| BLAKE2b-256 |
6b4af5aed20df583eea5e5d07a14e74c9abd641e4be7f7822f51d1687633f665
|
File details
Details for the file sentryvault-0.1.0-py3-none-any.whl.
File metadata
- Download URL: sentryvault-0.1.0-py3-none-any.whl
- Upload date:
- Size: 27.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.2 CPython/3.13.11 Linux/6.19.8-200.nobara.fc43.x86_64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
81d017387b2f1487ef1868857cb3f11966c257cfb1b96adc846fc48d6ad3a0b2
|
|
| MD5 |
e17f66410e3ed22ddd3ea8bd86a5342d
|
|
| BLAKE2b-256 |
ab95e7623ff332843c7102d7e27835eedc6a86c8aaaeefc9a95366b076f62843
|
