README
ΒΆ
PassWall Server
PassWall Server is the core backend for open source password manager PassWall platform. Using this server, you can safely store your passwords and access them from anywhere.
π Table of Contents
- Features
- Quick Start
- Development
- Makefile Commands
- Docker Deployment
- Environment Variables
- API Documentation
- Security
- Support
β¨ Features
- π Secure Password Storage - AES-GCM encryption
- π RESTful API - Well-documented API endpoints
- π³ Docker Support - Easy deployment with Docker Compose
- π Auto Migration - Database schema management
- π¦ Multiple Storage Types - Passwords, credit cards, bank accounts, notes, emails
- π‘οΈ Security Middlewares - XSS protection, SQL injection prevention, rate limiting
- π― JWT Authentication - Secure token-based authentication
π Quick Start
Using Docker Compose (Recommended)
- Start the server:
make up
- Create a new user:
docker exec -it passwall-server /app/passwall-cli
- Access the server:
Server URL: http://localhost:3625
Using Docker Hub Image
# Create directory
mkdir $HOME/passwall-server
cd $HOME/passwall-server
# Download docker-compose.yml
wget https://raw.githubusercontent.com/passwall/passwall-server/main/build/docker/docker-compose.yml
# Start services
docker-compose up -d
# Create user
docker exec -it passwall-server /app/passwall-cli
π» Development
Prerequisites
- Go 1.24+ (or latest)
- PostgreSQL 13+
- Docker & Docker Compose (optional)
- Make
Local Development Setup
- Clone the repository:
git clone https://github.com/passwall/passwall-server.git
cd passwall-server
- Install dependencies:
go mod download
- Install development tools:
make install-tools
- Start PostgreSQL:
make db-up
- Build and run:
make run
Development with Hot Reload
make dev
This will install and use Air for automatic reloading on code changes.
π¦ Makefile Commands
Run make help to see all available commands:
General
make help # Display help message
Build
make build # Build server and CLI binaries
make build-linux # Build for Linux
make build-darwin # Build for macOS
make build-all # Build for all platforms
make clean # Clean build artifacts
Development
make generate # Run go generate
make lint # Run golangci-lint
make test # Run tests
make test-coverage # Run tests with coverage report
make install-tools # Install development tools
Local Development
make run # Build and run server locally
make dev # Run with hot reload (air)
make create-user # Create a new user with CLI
Docker
make image-build # Build Docker image
make image-publish # Build and publish to Docker Hub
Docker Compose
make up # Start all services (builds if needed)
make down # Stop all services
make restart # Restart all services
make logs # Show logs
make ps # Show running services
Database
make db-up # Start PostgreSQL only
make db-down # Stop PostgreSQL
make db-logs # Show PostgreSQL logs
CI/CD
make ci # Run full CI pipeline
make check # Run lint and test
Information
make version # Show version information
make info # Show build information
π³ Docker Deployment
Build Docker Image
make image-build
Build and Publish to Docker Hub
# Login to Docker Hub first
docker login
# Build and publish
make image-publish
Custom Docker Image Tag
DOCKER_TAG=v2.0.0 make image-build
DOCKER_TAG=v2.0.0 make image-publish
π§ Environment Variables
Server Configuration
| Variable | Description | Default |
|---|---|---|
PORT |
Server port | 3625 |
PW_SERVER_USERNAME |
Admin username | - |
PW_SERVER_PASSWORD |
Admin password | - |
PW_SERVER_PASSPHRASE |
Encryption passphrase | - |
PW_SERVER_SECRET |
JWT secret | - |
PW_SERVER_TIMEOUT |
Server timeout | 2 |
PW_SERVER_GENERATED_PASSWORD_LENGTH |
Generated password length | 16 |
PW_SERVER_ACCESS_TOKEN_EXPIRE_DURATION |
Access token expire duration | 30m |
PW_SERVER_REFRESH_TOKEN_EXPIRE_DURATION |
Refresh token expire duration | 7d |
Database Configuration
| Variable | Description | Default |
|---|---|---|
PW_DB_NAME |
Database name | passwall |
PW_DB_USERNAME |
Database username | postgres |
PW_DB_PASSWORD |
Database password | password |
PW_DB_HOST |
Database host | localhost |
PW_DB_PORT |
Database port | 5432 |
PW_DB_LOG_MODE |
Enable DB logging | false |
PW_DB_SSL_MODE |
SSL mode | disable |
π API Documentation
API documentation is available at Postman Public Directory
π‘οΈ Security
-
AES-GCM Encryption - Passwords are encrypted with AES in Galois/Counter Mode. Passwords can only be decrypted with the passphrase defined in your configuration.
-
Security Middlewares - Endpoints are protected against XSS attacks and other common vulnerabilities.
-
SQL Injection Prevention - Using Gorm ORM which automatically sanitizes all queries.
-
Rate Limiting - Built-in rate limiter for signin attempts to prevent brute force attacks.
-
JWT Authentication - Secure token-based authentication with access and refresh tokens.
π₯ Clients
PassWall Server can be used with:
π Support
I promise all the support will be spent on this project!
π€ Contributing
For Contributors
- Don't send too many commits at once. It will be easier for us to do a code review.
- Be sure to check out the
devbranch. The latest development version is there. - First try to fix
// TODO:items in the code. - Follow the milestones for feature development.
- Don't modify the UI without design approval.
Development Workflow
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Running Tests
# Run all tests
make test
# Run tests with coverage
make test-coverage
# Run linter
make lint
# Run full CI pipeline
make ci
π License
This project is licensed under the MIT License - see the LICENSE file for details.
π Star History
If you like this project, please give it a β on GitHub!
Made with β€οΈ by the PassWall Team
Directories
Click to show internal directories.
Click to hide internal directories.