Show HN: I've built Dinopass, a self-hosted password manager (github.com)
Then I decided I got tired of (almost) every password manager wanting an email address, a subscription, and eventually a breach notification email. So I built my own. Something very simple, but useful.
It runs entirely on my hardware via docker/docker-compose. One master password unlocks the vault. Passwords are encrypted with Fernet (AES-128-CBC) using a key derived via Argon2id (the key never leaves my browser session). Change tabs -> it's gone. The server never sees it.
Stack is FastAPI + PostgreSQL on the backend, React on the frontend, plus a CLI (`dinopass`) for terminal access. Backups export as AES-256 encrypted ZIPs I decrypt with the master password. No external services involved in any of it. The password generator uses `crypto.getRandomValues` with rejection sampling to eliminate modulo bias. Probably unnecessary for most use cases but I'd already gone down the rabbit hole so I finished it ^_^.
It's a personal project I've been running daily. Sharing it in case anyone else is in the same situation of not wanting to depend on a third party for something this sensitive.
Thoughts, feedback and ideas are welcome!
1 comment
[ 2.7 ms ] story [ 15.5 ms ] threadGot tired of juggling .env files, environment variables, and various tools that either felt too heavy or required external services.
Ended up building a small tool for my own workflow where secrets stay in an encrypted local store and get injected at runtime when needed.
It’s interesting how many people independently arrive at similar solutions once they try to simplify things and reduce the trust surface.