Then I decided I got tired of (almost) every password manager wanting an email address, a subscription, and eventually a breach notification email. So I built my own. Something very simple, but useful.
It runs entirely on my hardware via docker/docker-compose. One master password unlocks the vault. Passwords are encrypted with Fernet (AES-128-CBC) using a key derived via Argon2id (the key never leaves my browser session). Change tabs -> it's gone. The server never sees it.
Stack is FastAPI + PostgreSQL on the backend, React on the frontend, plus a CLI (`dinopass`) for terminal access. Backups export as AES-256 encrypted ZIPs I decrypt with the master password. No external services involved in any of it. The password generator uses `crypto.getRandomValues` with rejection sampling to eliminate modulo bias. Probably unnecessary for most use cases but I'd already gone down the rabbit hole so I finished it ^_^.
It's a personal project I've been running daily. Sharing it in case anyone else is in the same situation of not wanting to depend on a third party for something this sensitive.
Thoughts, feedback and ideas are welcome!