I don't trust password managers. So I built one.

The Problem ## What PassFX Is ## Who this is for: ## The Paranoid Parts ## What It Doesn't Have ## The UI ## Feedback Welcome ## Install Github: PassFX Repo Webpage: PassFX Landing Page After years of watching cloud first password managers get breached, acquired, or quietly change their terms of service, I decided the only one I could trust was one where I could read every line of code. Two months later: PassFX, a terminal password manager that never touches a network. Every single password manager I tested ultimately requested that I send all of my passwords to another company’s server and then trust them not to mess anything up. Although Cloud Sync is very easy to use, this greatly increases your risk. I’m a terminal user, but every terminal based password manager I used had a user interface from 1987 and/or would require you to learn obscure command line switches in order to perform the most basic functions. I was looking for security and a user interface that did not force me to close my computer. Local first, Offline Only, Password Manager with a Textual TUI. Your Vault exists in ~/.passfx/ and NOWHERE ELSE Security Model: If you want to get your passwords, they have to be physically on your computer AND have your Master Password. NO NETWORK = NO REMOTE ATTACKS. NO CLOUD = NO THIRD PARTY BREACHES. NO RECOVERY = NO BACKDOOR. If you lose or FORGET your Master Password... GONE. Not a Bug; That's The Security Model. Storing: Email Credentials, Credit Cards, Phone PINs, API Keys, 2FA Recovery Codes, Encrypted Notes. Encryption: Fernet (AES-128-CBC + HMAC-SHA256), PBKDF2 with 480,000 Iterations, 256-Bit Salts. I did NOT create my own encryption — I READ THE RULES. PassFX is right for you if you are: I spent more time on security testing than features. The test suite is 1.5x the production code: A PR that weakens security parameters fails CI. Not "might fail"—will fail. Tests use exact equality, not minimums. Clipboard auto-clears after 15 seconds. Because "pasted my database password into Slack" is nobody's favorite story. Every feature is attack surface. I wanted one thing: store credentials locally, encrypt properly, get out of the way. Terminal apps don't have to look like tax software. Cyberpunk aesthetic matrix green, deep blue-black, neon accents. Keyboard navigation, mouse support, modal dialogs, searchable lists. a to add, e to edit, d to delete, c to copy, Esc to go back. It's a password manager, not a puzzle game. GitHub repo. Security model in SECURITY.md. Threat model is explicit about what it protects and what it doesn't. Find a bug? Open an issue. Security vulnerability? Report privately via GitHub Security Advisories or [email protected]. PRs are welcome as long as they don't weaken security. The tests will tell you if you tried. First run creates your vault. Make the master password strong. There's no recovery, and that's the point. Your passwords belong to you. Not to a company. Not to a cloud. If that resonates, check it out. Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse COMMAND_BLOCK: pip install passfx passfx Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: pip install passfx passfx COMMAND_BLOCK: pip install passfx passfx - Comfortable working from the Terminal - Want to know how your Password Manager works - Are okay with “Forgot my password”=“I lost my data” - Think “Zero Network Code” is reassuring and not limiting - Passwords excluded from all logs - Vault files contain zero plaintext (binary inspection) - File permissions verified on every write - Constant-time password comparison - PBKDF2 iterations locked at exactly 480,000 - Browser extension - Breach scanning