PassM3nage

Offline-first Open Source Password Manager

PassM3nage

Your passwords. Your vault. Your control.

Offline-first password manager built with AES-256-GCM, Argon2id and zero telemetry.

Download View Source Code
Open source MIT licensed Written in Rust Auditable source code

Repository available on GitHub for audit, release assets, and installation instructions.

Local ownership

Keep vault files on your device. No cloud accounts, no server-side storage.

Transparent design

Open source code and reproducible builds let reviewers verify every step.

Security first

AES-256-GCM encryption, Argon2id key derivation, and fast local search in a compact tool.

Why PassM3nage

Local ownership, transparency, and simplicity

Cloud is not always the answer

Cloud storage adds an external dependency and a third-party breach surface. PassM3nage keeps credential data local and under your control.

Readable, auditable code

Open source repositories and build artifacts allow independent review of the vault format, encryption, and tool behavior.

Minimal operational surface

There is no background syncing, no telemetry, and no account registration. Vault files are managed by you.

Why another password manager?

Because many products are moving cloud-first.

Local vaults by default

PassM3nage stores encrypted vault files on your device. There is no mandatory account, no silent sync and no hidden server component.

No subscriptions, no telemetry

The binary is built to run locally and does not phone home. Your usage is your own, and the repository is the source of truth.

Open source from day one

The project is transparent, MIT licensed, and intended for technical users who want verifiable behavior.

Threat Model

What PassM3nage is designed to protect against — and what it is not

Protects against

  • ✓ Stolen vault filesEncrypted vaults remain protected unless the master password is known.
  • ✓ Offline brute-force attacksArgon2id slows attempts to derive keys from stolen data.
  • ✓ Unauthorized access to exported vaultsBackups are encrypted and require the same master password to unlock.
  • ✓ Credential exposure from cloud breachesNo cloud sync means no third-party vault copies to compromise.

Does not protect against

  • ✗ MalwareLocal malware can capture data while it is decrypted.
  • ✗ KeyloggersHardware or software keyloggers can record passwords during entry.
  • ✗ Compromised operating systemsA compromised OS can bypass local application controls.
  • ✗ Physical access to unlocked sessionAn unlocked machine can expose the app and decrypted vault in memory.

Features

Built for security and local control

Offline First

Everything runs locally. No network connectivity is required to open or manage your vault.

Vault Format V1

Documented binary format with versioning for long-term compatibility and auditability.

Memory Zeroization

Sensitive secrets are wrapped in secrecy types and cleared from memory when dropped.

AES-256-GCM Encryption

Vault records are encrypted using authenticated AES-256-GCM to protect confidentiality and integrity.

Argon2id Key Derivation

Master passwords are processed with Argon2id to slow brute-force attempts and resist GPU cracking.

Zero Telemetry

PassM3nage does not collect usage data. The project is designed to avoid background reporting entirely.

Open Source

Licensed under MIT with source code available for direct review and contribution.

Fast Local Search

Search within your local vault instantly to find service names and credential entries without waiting on remote services.

Screenshots

Inspect the interface before download

PassM3nage vault overview screenshot
PassM3nage login screen screenshot
PassM3nage entry detail screenshot

Security

How PassM3nage protects your credentials

Vault encryption

The vault file is encrypted with AES-256-GCM and integrity is verified before any data is accepted.

Master password concept

The master password is never stored. It derives the key material used to decrypt the vault and login metadata.

Argon2id

Master password keys are derived with Argon2id, a memory-hard function that raises the cost of offline cracking.

Memory zeroization

Credentials are handled with secrecy-safe types and cleared from memory when no longer required.

PassM3nage is intended for users who want a local security model that is explicit about what it protects and what it does not.

Open Source

Code you can review, rebuild, and trust

PassM3nage is published under an open source license with the source repository available on GitHub. That means security reviewers, auditors, and users can verify the implementation directly.

The project is built for reproducibility: the vault format, encryption primitives, and runtime behavior are all visible in source control.

Community review is the strongest control against hidden behavior. If you have an insight or improvement, it can be submitted through the repository.

View the repository

Download

Available builds

Linux

Planned. Linux support is on the roadmap and will be published when ready.

Check Releases

macOS

Planned. macOS builds are expected in a later release cycle.

Planned

FAQ

Questions developers and security professionals ask

Is PassM3nage free?

Yes. PassM3nage is free to download, use, and modify under its open source license.

Why offline-first?

Offline-first means your vault data never depends on remote services. This reduces external attack surface and keeps you in control of your credentials.

Can I sync my vault?

PassM3nage does not include built-in sync. You can sync encrypted vault files through your own tools if you accept the risks and trust the sync channel.

Is the project open source?

Yes. The full source code is hosted on GitHub for review, auditing, and contribution.

What encryption does it use?

PassM3nage uses AES-256-GCM for vault encryption and Argon2id for master password key derivation.