Silmaril is a zero-knowledge, open-source password manager. Security is at the heart of its design: your data remains encrypted locally, and nothing is ever stored in plaintext on any remote server.
- Zero-knowledge encryption: only the user with the master password can decrypt the data.
- Secure password generator: create strong, customizable passwords.
- Import/export feature: import / export data from a csv file (coming soon)
- Front: Angular 21 / Tailwindcss
- Api: .net 10 / EF core
- Database: PostgreSQL
docker-compose up --build# setup local database (⚠️ for test and dev purpose, do not use it as production database ⚠️)
# requirement : docker
./api/Api/Database/create.sh
./api/Api/Database/run.sh
# psql "host=localhost port=5432 user=userpg password=root"
# front
cd front
pnpm install
pnpm start
# running on http://localhost:4200
# api
cd api
export Jwt__SecretKeyBase64='your-jwt-secret-key-base64' # requires a 256 bits key length
export Jwt__ValidIssuer='valid-issuer'
export Jwt__ValidAudience='valid-audience'
dotnet ef database update -p Api/Api.csproj -s Api/Api.csproj
cd Api
dotnet run
# running on http://localhost:5000- User password hashed using Argon2id https://en.wikipedia.org/wiki/Argon2
- Authentication using JWT signed with HS256
- The master password never leaves your device
- Keys derived from master password on client side using PBKDF2
- The backend can only see the encrypted data
- AES-256-GCM encryption for data entries
- Fork the repo
- Create a feature/bug branch
- Submit a Pull Request
- Follow code style and security best practices
This project is released under the MIT License.
- 🎨 Desktop & mobile GUI
- 🌍 Import/export to other managers (KeePass, Bitwarden…)
- 🧑🤝🧑 Multi-user collaboration with encrypted sharing