URL: <https://savannah.gnu.org/task/?16729>
Summary: Submission of Vault manager
Group: Savannah Administration
Submitter: porducel
Submitted: ter 10 fev 2026 20:22:33
Should Start On: ter 10 fev 2026 00:00:00
Should be Finished on: sex 20 fev 2026 00:00:00
Category: Group Approval
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Unlocked
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: ter 10 fev 2026 20:22:33 By: porducel <porducel>
A new group has been registered at Savannah.
This group will remain inactive until a site admin approves
or discards the registration.
= Registration Administration =
Approving or discarding the registration must be done using the specific
[https://savannah.gnu.org/siteadmin/groupedit.php?group_id=12430 Group
administration] page, accessible only to site
administrators logged in as superusers.
= Registration Details =
* Name: *Vault manager*
* System Name: *mvaultmanager*
* Type: non-GNU software and documentation
* License: GNU General Public License v3 or later
----
== Description: ==
System Overview: Self-Hosted PHP Vault
This application is a single-file, zero-dependency secret manager designed for
high-security, self-hosted environments. It operates on a hierarchical storage
model (Manager -> Vaults -> Boxes), where data is persisted as isolated .dat
files on the local filesystem, eliminating the need for a database.
Cryptography & Security
The core security relies on AES-256-GCM authenticated encryption. Key
derivation is handled via PBKDF2-SHA256 (200,000 iterations) with random
16-byte salts and 12-byte nonces per payload, ensuring robust resistance
against rainbow table and brute-force attacks. The system includes an
automated Apache .htaccess generator to deny direct web access to data files
and a recursive "Deep Wipe" function for emergency uninstallation.
State Management & Architecture
Uniquely, the system bypasses standard PHP sessions and cookies to minimize
client-side artifacts. Instead, it uses an ephemeral Token-Based State System,
storing temporary context JSONs in a protected tmp/ directory that are
consumed and deleted immediately upon the next request.
Features & Utilities
* Deep Scan: A heuristic login mode that attempts to decrypt all found .dat
files across all directories using a single input password.
* Encrypted Backup: On-the-fly generation of AES-256 Encrypted ZIP archives
(7-Zip compatible) containing the vault structure.
* Hybrid Interface: A CLI-mimicking command parser integrated with a GUI for
visual secret masking and clipboard management.
== Other Software Required: ==
PHP >= 7.4
ext-openssl
ext-json
ext-zip
Apache HTTP Server
== Tarball URL: ==
https://savannah.gnu.org/submissions_uploads/AOjpWP-mv.tar.gz
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/task/?16729>
_______________________________________________
Mensagem enviada pelo Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
