GitPassword
Encrypt and store passwords, notes, and files in your own Git repository: offline-first, auditable, and syncable.
GitPassword is a desktop application for managing passwords, notes, and encrypted files.
It stores your data in a Git repository directory: encryption and decryption are performed locally on your device, the repository stores only encrypted data, and it can sync with your own remote via Git.
Core Interfaces
- Repository Settings
- Remote URL
- Local Path
- SSH Username (optional)
- SSH Private Key (optional)
- Buttons: Continue, Cancel
- Login/Register
- Fields: Username, Password
- Option: Remember credentials
- Buttons: Login, Register
- Left Filters
- Passwords
- Notes
- Files
- Favorites
- Conflicts
- Trash
- Details Top Bar
- Save, Delete
- Additional action for files: Export file
Item Types
Passwords
Supports various structured types (such as login credentials, payment cards, identity information, SSH keys, secure notes). Common fields include: Title, Username, Password, Website, Notes, Folder, Favorite.
The password field supports show/hide, copy, and "Generate Secure Password".
Notes
Fields: Title, Content.
Files
Fields include: Filename, Size, Type, Notes, Folder, Favorite.
File items support "File Preview" (depending on file type and version capabilities) and "Export File".
File contents are encrypted before leaving your device. The current public version describes it as a Git-backed vault: file items are written to the local repository as encrypted vault data and can sync via your configured Git remote.
Syncing and Conflicts
- Local Repository Mode: If you choose local repository only without configuring a remote, sync function will be disabled.
- Conflict Handling Strategies: Choose to prioritize remote, prioritize local, or manually resolve conflicts.
- Conflict Resolution: When a conflict is detected, the "Conflicts" entry appears on the left, letting you compare versions and choose which to keep.
Security Boundaries (Important)
- The remote repository should be treated as a storage and synchronization medium for encrypted data. Plaintext sensitive information should never appear in the repository.
- Git providers can still see normal Git metadata, such as repository name, branch names, commit times, object sizes, and access logs.
- The security strength depends on: the strength of your GitPassword password, the security of the device itself, and the remote repository access controls (such as private repositories and 2FA).
- The current implementation uses PBKDF2-SHA256 key derivation with 100,000 iterations and a 32-byte salt; vault content is encrypted using AES-256-CBC.