Warning
Status: Unmaintained — This project is no longer actively developed as of October 2024.
LibrePass Server is the cloud backend infrastructure for the LibrePass password manager, built with a focus on security, scalability, and reliability. The server provides APIs, database services, and synchronization capabilities that enable secure password management across multiple devices.
This project was a hobby project that served as an incredible learning experience. It taught me valuable lessons about:
- Backend architecture and microservices patterns with Spring Boot
- Cryptography and security implementation in backend systems
- Database design and optimization for sensitive data storage
- RESTful API design and authentication mechanisms
- Multi-module project structure with shared libraries
- Docker containerization and deployment strategies
- Cloud synchronization protocols and conflict resolution
While the project is no longer maintained, the codebase remains a testament to these learnings and serves as a reference implementation for secure backend password management systems.
- ✅ End-to-End Encryption — All passwords encrypted on client-side before transmission
- ✅ Secure API Authentication — Token-based authentication with database storage
- ✅ Password Vault Management — Create, read, update, and delete encrypted vaults
- ✅ Cross-Device Synchronization — Sync encrypted data across multiple devices
- ✅ User Account Management — Registration, login, and account settings
- ✅ Database Persistence — Reliable storage with Spring Data JPA
- ✅ Docker Support — Ready-to-deploy containerized application
- ✅ RESTful APIs — Clean, documented API endpoints for client applications
- ✅ TOTP Support — Two-factor authentication via Time-based One-Time Passwords
- ✅ Offline Sync — Handle client offline changes with server reconciliation
- Spring Boot — Modern Java/Kotlin web framework (v3.3.2)
- Kotlin — Primary language for type-safe development (v2.0.0)
- Java — JDK 21 (via Eclipse Temurin)
- Spring Data JPA — Database abstraction and ORM
- Cryptography — Custom libcrypto library for encryption/decryption
- GSON — JSON serialization and deserialization
- Docker — Multi-stage builds for optimized container images
- Maven — Project build and dependency management
The project is organized as a multi-module Maven structure:
LibrePass-Server/
├── server/ # Spring Boot REST API server
├── client/ # Client library for interacting with APIs
├── shared/ # Shared utilities and models
├── docker-compose.yml
├── Dockerfile # Multi-stage Docker build
└── pom.xml # Parent POM configuration
- server — Main Spring Boot application with REST endpoints and business logic
- client — Library for clients to interact with the LibrePass Server API
- shared — Shared code, models, and utilities used across modules
For detailed setup instructions, API documentation, and deployment guides, please refer to the LibrePass Documentation.
This backend implements several security measures:
- End-to-End Encryption — Passwords encrypted before transmission to server
- Secure Authentication — Database-stored tokens for request validation
- HTTPS Communication — All API traffic encrypted in transit
- Password Hashing — User credentials hashed using industry-standard algorithms
- No Plaintext Storage — Passwords never stored unencrypted in database
- Input Validation — All API inputs validated and sanitized
- Rate Limiting — Protection against brute force and DOS attacks
Note: This is a hobby project. For production use, consider security audits by professional security experts and follow established security best practices for sensitive data systems.
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0)
- LibrePass Android — Mobile client for Android
This hobby project taught me invaluable lessons about:
- ✅ Building scalable Spring Boot applications with multi-module architecture
- ✅ RESTful API design principles and best practices
- ✅ Spring Data JPA for database abstraction and ORM
- ✅ Dependency injection and inversion of control patterns
- ✅ Exception handling and error response standardization
- ✅ API versioning and backward compatibility
- ✅ Implementing end-to-end encryption in backend systems
- ✅ Secure password handling and hashing strategies
- ✅ Token generation and database-based validation
- ✅ User authentication and authorization flows
- ✅ HTTPS/TLS communication security
- ✅ Protecting sensitive user data at rest and in transit
- ✅ Rate limiting and DOS protection mechanisms
- ✅ Relational database design for encrypted data
- ✅ JPA entity relationships and constraints
- ✅ Database migration strategies
- ✅ Indexing and query optimization
- ✅ Handling concurrent access and transactions
- ✅ Multi-stage Docker builds for optimized images
- ✅ Docker Compose for local development and testing
- ✅ Environment configuration and secrets management
- ✅ Containerized application deployment patterns
- ✅ Microservices and modular architecture
- ✅ Cloud synchronization protocols
- ✅ Data consistency and conflict resolution
- ✅ Separation of concerns and SOLID principles
- ✅ Testing strategies for backend services
This project was a comprehensive learning experience that combined practical backend development with real-world security challenges. It provided insights into how secure cloud services work and the complexity involved in protecting sensitive user credentials.
Built with ❤️ as a learning experience in backend development and security