A password management app with support for sharing with groups.

Fork: Get a copy of this app


Available Actions:

Star Watch View live app Fork: Get a copy of this app


A password management app with support for sharing with groups.

Git clone URL:

Buildpack URL:

This app uses:

  • shared/postgres

Swordfish Build Status

Swordfish is an experiment in building a group-optimized password management app. It is currently very alpha. Browse all the issues to see what features are planned.


Is it secure?

Storing passwords on a server might seem like filling a lake in Alaska with honey and expecting to keep bears out. I don't think it's like that. Why?

Even if an attacker gets access to your server or database, all secure items are encrypted client side. The server has no idea what it is storing and no way of decrypting it.

When you sign up, a RSA public/private keypair is generated in your browser. All sensitive data is encrypted with your private key, which is password-protected and never transferred to the server. No sensitive data is ever transmitted over the wire unless it is encrypted with secrets only available on the client.

Recommended Reading

Working on Swordfish

Use the bootstrap script to get the environment set up.


Now you will need to run the database migrations before you run the server.

bundle exec rake db:create db:migrate

Finally you can start the application.

script/rails s

Running the tests requries PhantomJS. If you're on Mac OS X you can use homebrew to install this for you.

brew install phantomjs

If you hack on Swordfish and end up adding or editing features you will want to run the tests.

bundle exec rake

Want to join the core team?