I’ve been playing with password managers on and off for a long time. The first personal desktop app that I wrote was called JPasskeep and was written in Java Swing to explore Java’s cryptography and UI design and interaction patterns. It was a good experience and helped me get a gig as the UI engineer on a nifty Android project many years later. I’ve used JPasskeep on and off over the years, mostly on consulting gigs when I needed to store passwords on various development machines, and storing them as .env files just made me sad.
My own personal passwords and secrets have been happily stored in 1Password for years, though 1Password’s pivot to a subscription model and hosting has been making me feel uncomfortable for a while. I’ve always been a paranoid sort, and working for almost a decade in security engineering has made me even more paranoid of relying on someone else’s security and good behaviour. Not to say that 1Password have been bad, but I’ve never updated to their subscription model, and the clock has been ticking on the old versions of 1Password that I still use with constant nags about needing to update to the latest and greatest.
So once again I was thinking of dusting off JPasskeep for my own use. However, it is only a Java desktop app, and it is totally not suitable for use on mobile devices. However, Progressive Web Apps (PWAs) are. After some experimenting and tinkering with JavaScript cryptography APIs I would like to introduce Secrets. It is an in-browser password manager, with optional sharing of data between devices through an intermediary backend service that does not know what it is storing. It is a properly installable PWA and works nicely on both mobile and desktop environments.
Hope you find it useful.