Skip to content

ama-bit/vault-keeper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
vault_keeper.py
vault_keeper.py
 
 

Repository files navigation

Vault Keeper ☢️

Python Password Vault (Educational Demo)

  • Vault Keeper is a beginner-friendly Python learning project demonstrating how a simple in-memory password manager works.

  • The goal is to understand password encryption, key derivation, and secure handling in a safe, interactive session.

  • This is not a production-ready password manager.

Objective

  1. Learn how passwords can be encrypted at rest (in memory).

  2. Understand encryption vs hashing.

  3. Practice deriving keys from a master password (PBKDF2-HMAC-SHA256).

  4. Safely manage secrets in a session-only vault.

  5. Think critically about security assumptions and limitations.

What Vault Keeper Does ❓

  • Derives an encryption key from a master password.

  • Encrypts password entries before storing them in memory.

  • Decrypts data only after successful authentication.

  • Demonstrates secure-storage patterns and workflow.

  • Provides an interactive CLI for adding and viewing entries.

Vault Keeper is NOT:

❌ A production password manager.

❌ A replacement for audited security tools.

❌ Safe for real credentials.

How It Works 🔎

At a high level:

  1. User creates a master password.

  2. A cryptographic key is derived from the master password using PBKDF2.

  3. Password entries are encrypted in memory with XOR (for demo purposes).

  4. Entries remain in memory only; nothing is saved to disk.

  5. Data is decrypted only with the master password.

Educational Threat Model

Vault Keeper assumes a local, educational environment.

Defends against:

  • Storing plaintext passwords in memory carelessly.

Demonstrating encryption/decryption workflow.

Does not defend against:

  • Malware or keyloggers.

  • Weak master passwords.

  • OS compromise or advanced cryptographic attacks.

⚠️ This threat model is intentionally limited for learning purposes.

Tools 🧰

  • Python standard library

  • hashlib (PBKDF2 key derivation)

  • secrets (random salt generation)

  • getpass (hidden password input)

  • json (dict serialization for encryption/decryption)

(All operations occur in memory, no files are written.)

How to Run ⏯️

  1. Ensure Python 3.9+ is installed

  2. Clone the repository

  3. Navigate to directory: cd vault-keeper

  4. Run:

python vault-keeper.py

Example of Output

====================================
    Welcome to Vault Keeper!
====================================

Create master password:
✔ Vault initialized.

Add entry:
Service: github
Username: v4u1t-k33p3r
Password: ********
✔ Entry added to vault (in-memory).

View vault:
{
  "github": {
    "username": "v4u1t-k33p3r",
    "password": "badpassword321"
  }
}

Exit program:
Thank you & Goodbye!

Security Notes 🔏

  • Master password strength is important.

  • XOR encryption is for demonstration only and not secure for real passwords.

  • Vault exists only in memory; restarting the script clears all data.

License

  • MIT License - see LICENSE for details.

About

A beginner friendly project for configuring a basic encrypted password manager in Python.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages