Github: PassFX Repo
Webpage: PassFX Landing Page
After years of watching cloud first password managers get breached, acquired, or quietly change their terms of service, I decided the only one I could trust was one where I could read every line of code.
Two months later: PassFX, a terminal password manager that never touches a network.
The Problem
Every single password manager I tested ultimately requested that I send all of my passwords to another company’s server and then trust them not to mess anything up.
Although Cloud Sync is very easy to use, this greatly increases your risk.
I’m a terminal user, but every terminal based password manager I used had a user interface from 1987 and/or would require you to learn obscure command line switches in order to perform the most basic functions. I was looking for security and a user interface that did not force me to close my computer.
What PassFX Is
Local first, Offline Only, Password Manager with a Textual TUI.
Your Vault exists in ~/.passfx/ and NOWHERE ELSE
Security Model: If you want to get your passwords, they have to be physically on your computer AND have your Master Password. NO NETWORK = NO REMOTE ATTACKS. NO CLOUD = NO THIRD PARTY BREACHES. NO RECOVERY = NO BACKDOOR.
If you lose or FORGET your Master Password... GONE. Not a Bug; That's The Security Model.
Storing: Email Credentials, Credit Cards, Phone PINs, API Keys, 2FA Recovery Codes, Encrypted Notes.
Encryption: Fernet (AES-128-CBC + HMAC-SHA256), PBKDF2 with 480,000 Iterations, 256-Bit Salts. I did NOT create my own encryption — I READ THE RULES.
Who this is for:
PassFX is right for you if you are:
- Comfortable working from the Terminal
- Want to know how your Password Manager works
- Are okay with “Forgot my password”=“I lost my data”
- Think “Zero Network Code” is reassuring and not limiting
The Paranoid Parts
I spent more time on security testing than features. The test suite is 1.5x the production code:
- Passwords excluded from all logs
- Vault files contain zero plaintext (binary inspection)
- File permissions verified on every write
- Constant-time password comparison
- PBKDF2 iterations locked at exactly 480,000
A PR that weakens security parameters fails CI. Not "might fail"—will fail. Tests use exact equality, not minimums.
Clipboard auto-clears after 15 seconds. Because "pasted my database password into Slack" is nobody's favorite story.
What It Doesn't Have
- Cloud sync
- Mobile app
- Browser extension
- Breach scanning
- Telemetry
Every feature is attack surface. I wanted one thing: store credentials locally, encrypt properly, get out of the way.
The UI
Terminal apps don't have to look like tax software. Cyberpunk aesthetic matrix green, deep blue-black, neon accents. Keyboard navigation, mouse support, modal dialogs, searchable lists.
a to add, e to edit, d to delete, c to copy, Esc to go back.
It's a password manager, not a puzzle game.
Feedback Welcome
GitHub repo. Security model in SECURITY.md. Threat model is explicit about what it protects and what it doesn't.
Find a bug? Open an issue. Security vulnerability? Report privately via GitHub Security Advisories or security@dineshd.dev.
PRs are welcome as long as they don't weaken security. The tests will tell you if you tried.
Install
pip install passfx
passfx
First run creates your vault. Make the master password strong. There's no recovery, and that's the point.
Your passwords belong to you. Not to a company. Not to a cloud.
If that resonates, check it out.
Top comments (0)