Buttercup: A NodeJS password manager
I've been using KeePass as a password manager for some time now. It has a lot of benefits; It's open-source, has free clients, and is widely used. Unfortunately, the user experience of KeePass is very inconsistent between platforms and mobile devices. The Mac OS apps that are free are unreliable and have some weird UI glitches and the Linux ones work alright aside from window management problems and clipboard issues.
On the whole, the KeePass clients are a pain to use with no unified interface or experience.
I started developing Buttercup, a NodeJS password manager, because of my displeasure with using KeePass on a daily basis. I wanted something I would enjoy to use, while feeling safe that all of my passwords were security stored. On top of that, I wanted my archives accessible - I'm constantly on the move and not having an easily accessible password archive is an issue I don't feel I should have to deal with in this day and age.
Buttercup encompasses some of the key concepts I want from my password manager.
Archives are encrypted using Node's crypto library with the AES 256bit GCM method, so the sensitive contents are handled in a very secure manner.
Buttercup's internal password generator provides a large number of options for generating strong, unique passwords.
Password archives are composed of a series of deltas that when run, construct the actual archive. By using deltas, archives can be merged together in the event of a potential save conflict.
I've frequently dealt with save conflicts using KeePass on my home and work PCs. Leaving one of the apps open with unsaved changes could create a situation where saving would mean losing password entries.
I'm always on the go, and don't like being tied down to one machine. I use ownCloud (personal cloud storage) to keep my files accessible, and I want my password archive file to be stored in the same way.
One concentration for Buttercup has been on archive accessibility, and the ability to load and save archives from many different types of data sources.
I've been developing on Linux, Mac and Windows for a variety of different projects, and I notice when there's an application or usability-experience that's lacking when performing common tasks.
Buttercup is built on Electron and NodeJS, and will be built for all three platforms. Additional features and patches will reach every platform at the same time, unlike the KeePass ecosystem.
Work in progress
Although Buttercup is primarily targeted towards desktop, end-user usage, it can easily be incorporated into other applications requiring a secure datastore:
var Buttercup = require("buttercup"); var archive = new Buttercup.Archive(), datasource = new Buttercup.FileDatasource("/var/tmp/session.bcup"), recordGroup = archive.createGroup("state"); recordGroup.createEntry("user") .setMeta("namepsace", "com.application.system") .setMeta("timestamp", Date.now().toString()); datasource.save(archive, "secure-password");
You can even use it to build your own password manager: The property and meta storage Buttercup provides makes it suitable to store any style of data structure that can be adapted to a key-value list. Buttercup is MIT - if you build an extension or use it in an application, please let me know so that I can talk about it here!