DEV Community

bloodSUCKER
bloodSUCKER

Posted on

I Built a Local Password Manager in Java — No Cloud, No Accounts, Just One Master Password

I Built a Local Password Manager in Java — No Cloud, No Accounts, Just One Master Password

Most password managers today want your data in the cloud. Sync, subscriptions, accounts, trust in someone else's servers.

I wanted the opposite: a small desktop app that keeps everything on my machine, encrypts secrets properly, and stays out of the way.

That's how SafeBox started.

What is SafeBox?

SafeBox is a minimalist password manager for Windows:

  • one master password for the whole vault
  • local storage only (~/.safebox/)
  • no servers, no cloud sync, no telemetry
  • light and dark theme
  • English and Russian UI

It's not trying to replace enterprise password platforms. It's for people who want a simple, offline vault on their own PC.

Download (Windows):

https://github.com/IAMBloodSUCKER/SafeBox/releases/download/v1.0.2/SafeBox-1.0.2.exe

Source code:

https://github.com/IAMBloodSUCKER/SafeBox

Why local-first?

Cloud sync is convenient, but it also means:

  • your encrypted vault still lives on someone else's infrastructure
  • you depend on their uptime, pricing, and security practices
  • the attack surface is bigger than "just my laptop"

SafeBox makes a different trade-off:

  • pro: full control, offline by default, no account required
  • con: no automatic sync between devices — you handle backups yourself

For many personal use cases, that's a fair deal.

What you can do

  • store logins, passwords, and notes
  • search by site or username
  • copy fields to clipboard (auto-cleared after 30 seconds)
  • generate passwords with custom rules
  • export / import encrypted .safebox backups
  • lock the vault after 5 minutes of inactivity
  • change the master password (all entries are re-encrypted)

The UI is intentionally simple: table on top, details below, no clutter.

How security works (short version)

SafeBox is local, but "local" doesn't mean "plain text".

Master password is never stored

On disk you get:

  • salt.bin — random salt for key derivation
  • safebox.db — SQLite database
  • a verifier (SHA-256 hash of the derived key), not the password itself

Suggested tags: java, security, opensource, desktop, showdev

Top comments (0)