Lib.rs

Authentication | Command line utilities
#password-manager #password-generator #cryptography #user-name

app forgot-my-password

A simple command-line password manager written in Rust

by TT1882

17 stable releases

Uses new Rust 2024

new 1.4.2 Jun 8, 2025
1.4.1 Jun 3, 2025
1.3.3 May 29, 2025
1.2.22 Jan 28, 2025

#28 in Authentication

Download history 1/week @ 2025-05-07 810/week @ 2025-05-28 191/week @ 2025-06-04

1,002 downloads per month

GPL-3.0 license

80KB
1.5K SLoC

FMP (Forgot My Password)

Latest Version Build Status GPLv3 License

A password manager written in memory-safe Rust.

Forgot My Password (FMP) is a password manager that safely allows you to generate, store, and manage your passwords in encrypted vaults. It uses GPG to protect your sensitive data.

Features

  • GUI: Intuitive and fast GUI
  • Create Vaults: Create encrypted vaults to store your passwords.
  • Modify Accounts: Add, delete, and rename accounts within a vault.
  • Passwords: Generate strong passwords and estimate their entropy.
  • Backups: Backup and restore vaults securely.
  • Modify Account Info: Update account usernames and passwords.
  • Cross-platform compatibility: FMP is available on Unix and Windows

Security

  • Encryption With GPG: All data is encrypted using GPG. Only users with the correct GPG key can decrypt the vault contents.
  • No Plaintext Passwords on Disk: All sensitive information is encrypted before being saved.
  • Sensitive Variables Cannot Be Written to Disk: Sensitive variables are not written to disk in any form except encrypted.
  • Sensitive Variables Are Obfuscated in Memory: The program uses secure memory handling (Rust’s secrecy crate, memory locking) to prevent secrets from being easily read from RAM.
  • Sensitive Variables Are Cleared from Memory: The program zeroizes (overwrites) memory holding secrets when they are no longer needed.
  • Memory Locking: System calls (like mlock) prevent sensitive memory from being swapped to disk.
  • File Permitions: Strict file permissions are placed on sensitive files.
  • Recipient Verification: Encryption is tied to a specific GPG recipient.
  • Cross-Platform Secure Handling: Secure memory and file handling are implemented for both Unix and Windows.

Installation

  1. Prerequisites: Before installing FMP, make sure the following are installed on your system:

See INSTALLATION.md for OS specific installations.

  1. Clone the Repository:

    git clone https://github.com/lwilk0/Forgot-My-Password.git
cd Forgot-My-Password

  2. Build and Install FMP:

    cargo build --release
cargo install --path .

Testing

Run all tests:

cargo test

Run specific tests:

cargo test --test vault_tests
cargo test --test crypto_tests

Note: Update the file in src/tests/recipient.txt to match a valid recipient in your GPG keyring.

Troubleshooting

Problem: fmp command not found after installation.
Solution: Make sure ~/.cargo/bin is added to your PATH:

export PATH=$PATH:~/.cargo/bin/

Problem: GPG key not found in your keyring.
Solution: Make sure the recipient email matches a key in your GPG keyring. Use:

gpg --list-keys

Contributing

Contributions are welcome! Please follow these steps to contribute:

  1. Fork this repository.
  2. Create a new branch for your feature or bug-fix.
  3. Submit a pull request with a detailed description of your changes.

Please ensure you run cargo test before submitting a pull request, as the workflow cannot do this for you, as testing requires user interaction.

License

This project is licensed under the GPLv3 License. See the LICENSE file for details.

Dependencies

~11–62MB
~1M SLoC