PassFX_
The offline, local-first terminal password manager.
Built for security-conscious operators who demand complete control over their credentials. No cloud. No sync. No compromise. Your secrets stay on your machine, encrypted with military-grade Fernet encryption.
// SYSTEM ARCHITECTURE
PassFX is a single-binary terminal application. No daemon processes, no background services, no network connections. When you run PassFX, it loads your encrypted vault into memory, operates entirely locally, and securely wipes memory on exit.
Your vault file is a single encrypted blob using industry-standard Fernet encryption (AES-128-CBC with HMAC-SHA256). The master key is derived from your passphrase using PBKDF2 with 480,000 iterations.
user@host:~$ passfx// SECURITY PRINCIPLES
[ AIR GAP ]
PassFX operates in complete air-gap mode. Zero network calls, zero DNS lookups, zero telemetry. Your credentials never leave your machine.
[ AES-256 ]
Industry-standard Fernet encryption provides authenticated encryption. AES-128-CBC with HMAC-SHA256 ensures both confidentiality and integrity.
[ ZERO TRACE ]
No analytics. No crash reports. No usage tracking. PassFX collects exactly zero data about you or your usage patterns.
// OPERATIONAL WORKFLOW
[ INITIALIZE ]
Create your vault with a strong master passphrase
[ INTERACT ]
Add, view, search, and manage your credentials
[ SECURE ]
Exit and your vault is automatically encrypted
[ INITIALIZE ]
Create your vault with a strong master passphrase
[ INTERACT ]
Add, view, search, and manage your credentials
[ SECURE ]
Exit and your vault is automatically encrypted
// AUDIT & VERIFY
[ OPEN SOURCE ]
PassFX is fully open source under the MIT License. Every line of code is available for inspection. No hidden backdoors, no proprietary encryption, no trust required—verify everything yourself.
→ ./src/passfx