Rendered at 16:06:07 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
tmpfs 13 hours ago [-]
I think local-first password managers are the way forward. Big tech companies already have way too much power and having them mediate our most important data is a bad precedent to set.
I like that you made this P2P, I designed one that sits on top of sqlite and is 100% local first but is not P2P, take a look if you are interested in some prior art in this space:
I decided to go with native apps all the way, Rust backend and Flutter front-end but kind of regret it now with how the Play/App stores are such a hassle to work with.
MegagramEnjoyer 1 hours ago [-]
Thanks for sharing! And I fully agree with you. The convenience that cloud providers bring is hard to match sometimes, but the tools exist to make it happen.
I'll check out your website and see what's up!
mune2gu-chan 14 hours ago [-]
Really clean concept. Keeping everything entirely on-disk instead of relying on a third-party cloud is something I've been wanting to see more of.
MegagramEnjoyer 1 hours ago [-]
Thank you! I'm a firm believer of this as well, especially with how things almost always turn out for venture backed companies. I feel like there's a push towards local-first and self-hosted solutions these days, and rightfully so.
hoistbypetard 18 hours ago [-]
> TL;DR: I dislike private-equity and venture funded companies messing with our security, so I created my own Password Manager which is local-first, free, open source and as transparent as it gets.
I do too! And I appreciate your transparency about the vibe coding. But nowhere in the repository that I've found so far do you say who is writing this. For something like a password manager, I kind of need to know who's responsible for it, and who's reviewing the LLM source code, what they've done before, what their business model is, etc.
Can you share?
MegagramEnjoyer 18 hours ago [-]
Fair enough. I like staying pseudonymous on the internet, but I also understand where you're coming from.
My name is Doug, based in Toronto, Canada. I've been a software engineer for over 10 years, working in various startups that handle very sensitive data (fintech, health tech, legal tech.) I've had the opportunity to build security-heavy software and directly handled sensitive info like SIN, bank details, patient histories etc.
Business model: This is essentially a passion project for me that I intend to keep working on - for usage within my family and the OSS community. This version of the app is always going to be free and open source. In the future if this were to ever take off and I now want to earn from it, I would probably do a business version with cloud storage (with self-host option)
The goal is offering an alternative that doesn't enshittify over time, secure, fully sovereign and convenient.
jdkaiwei 17 hours ago [-]
How's support for credit card form entries? That's the one thing that makes me miss 1Password as a current keepass user and will make me move over.
MegagramEnjoyer 2 hours ago [-]
It exists and is thoroughly tested for common cases, but there might be tricky form shapes that haven't been covered.
Give it a try and if you find anything, I'll prioritize fixing it. I'm really keen on getting a top-notch autofill engine.
shaunkoh 13 hours ago [-]
Congrats! How’s it compare vs self-hosted vaultwarden?
MegagramEnjoyer 1 hours ago [-]
[dead]
keepupnow 16 hours ago [-]
What ai tools are you using if I may ask, genuinely interested.
MegagramEnjoyer 1 hours ago [-]
I used Claude Opus during this project within Zed editor. Nothing else.
keepupnow 16 hours ago [-]
You built your own sync engine? Why?
MegagramEnjoyer 1 hours ago [-]
if you mean why I didn't choose a lib like automerge, yjs and instead handrolled it - that's because these libs are geared towards plaintext.
Bramble's sync is built around its own encrypted vault instead. When two devices conflict it just compares timestamps on the encrypted entries and keeps the newer one as-is, without ever unwrapping your per-entry keys to merge. Nothing off the shelf did that against my vault format, so the core is custom. It's a pretty simple implementation tbh
ramon156 10 hours ago [-]
Most sync engines are targeted towards being fast. I suppose for a PM you'd want one that's very resource efficienct. I'm just spitballing here, I'm not OP
keepupnow 3 hours ago [-]
It's a hard feature to get right, it is complex and networking across the internet is unreliable. I am an advocate for local-first and P2P, but I would like to see contributions to existing libraries rather then weaker implementations
I like that you made this P2P, I designed one that sits on top of sqlite and is 100% local first but is not P2P, take a look if you are interested in some prior art in this space:
https://saveoursecrets.com/
I decided to go with native apps all the way, Rust backend and Flutter front-end but kind of regret it now with how the Play/App stores are such a hassle to work with.
I'll check out your website and see what's up!
I do too! And I appreciate your transparency about the vibe coding. But nowhere in the repository that I've found so far do you say who is writing this. For something like a password manager, I kind of need to know who's responsible for it, and who's reviewing the LLM source code, what they've done before, what their business model is, etc.
Can you share?
My name is Doug, based in Toronto, Canada. I've been a software engineer for over 10 years, working in various startups that handle very sensitive data (fintech, health tech, legal tech.) I've had the opportunity to build security-heavy software and directly handled sensitive info like SIN, bank details, patient histories etc.
Business model: This is essentially a passion project for me that I intend to keep working on - for usage within my family and the OSS community. This version of the app is always going to be free and open source. In the future if this were to ever take off and I now want to earn from it, I would probably do a business version with cloud storage (with self-host option)
The goal is offering an alternative that doesn't enshittify over time, secure, fully sovereign and convenient.
Give it a try and if you find anything, I'll prioritize fixing it. I'm really keen on getting a top-notch autofill engine.
Bramble's sync is built around its own encrypted vault instead. When two devices conflict it just compares timestamps on the encrypted entries and keeps the newer one as-is, without ever unwrapping your per-entry keys to merge. Nothing off the shelf did that against my vault format, so the core is custom. It's a pretty simple implementation tbh