20 comments

  • tmpfs 1 day ago
    I think local-first password managers are the way forward. Big tech companies already have way too much power and having them mediate our most important data is a bad precedent to set.

    I like that you made this P2P, I designed one that sits on top of sqlite and is 100% local first but is not P2P, take a look if you are interested in some prior art in this space:

    https://saveoursecrets.com/

    I decided to go with native apps all the way, Rust backend and Flutter front-end but kind of regret it now with how the Play/App stores are such a hassle to work with.

    • MegagramEnjoyer 1 day ago
      Thanks for sharing! And I fully agree with you. The convenience that cloud providers bring is hard to match sometimes, but the tools exist to make it happen.

      I'll check out your website and see what's up!

  • VaradD09 4 hours ago
    This looks and sounds interesting! Where are the passwords stored locally? Like bramble (local) stores it or it creates a reserved disk space which is prohibited to access?
  • catapart 1 day ago
    This looks like something I've been looking for! Excited to give it a try! I don't even use a password manager because of the things you've seemed to work around here. It's been painful.

    Honestly, though, I'm most intrigued by your P2P solution. I've built a couple of web apps as custom html elements that use indexedDB for storage and I've been trying to figure out the sweet spot for syncing the data between apps. I think this nostr relay hits the mark as something people can feel comfortable not self hosting, while power users can host their own solution. Seems like a great solution, to me! Any advice as to some footguns with the approach? I'm very interested in giving it a try myself[0], so any notes you think would prevent some re-work would be really appreciated!

    [0] as a public domain/oss-licensed module, if there's a reasonable method of packaging it as a standalone library

  • ZenoArrow 23 hours ago
    What does this offer over other local-first password managers? For example, there are a fair few Android/iOS apps based on KeePass (I currently use https://www.keepassdx.com on my Android phone).
    • mieses 18 hours ago
      How this solves sync seems useful. If you use Google Drive and KeePass clients you will probably run into conflicts between keepass "safe save" and how google drive does file versioning, resulting in runaway duplication of your kdbx files. I started using Syncthing and KeePass. File version conflicts are rare but still happen. Including sync in the app seems like a good idea.

      It would be good to see screenshots of Bramble. The "sprawl of plugins and forks" in KeePass is why I use it. Many of the KeePass clients have modern UI's. I'll think about switching to Bramble when the sprawl begins.

    • MegagramEnjoyer 19 hours ago
      [flagged]
  • hoistbypetard 2 days ago
    > TL;DR: I dislike private-equity and venture funded companies messing with our security, so I created my own Password Manager which is local-first, free, open source and as transparent as it gets.

    I do too! And I appreciate your transparency about the vibe coding. But nowhere in the repository that I've found so far do you say who is writing this. For something like a password manager, I kind of need to know who's responsible for it, and who's reviewing the LLM source code, what they've done before, what their business model is, etc.

    Can you share?

    • MegagramEnjoyer 1 day ago
      Fair enough. I like staying pseudonymous on the internet, but I also understand where you're coming from.

      My name is Doug, based in Toronto, Canada. I've been a software engineer for over 10 years, working in various startups that handle very sensitive data (fintech, health tech, legal tech.) I've had the opportunity to build security-heavy software and directly handled sensitive info like SIN, bank details, patient histories etc.

      Business model: This is essentially a passion project for me that I intend to keep working on - for usage within my family and the OSS community. This version of the app is always going to be free and open source. In the future if this were to ever take off and I now want to earn from it, I would probably do a business version with cloud storage (with self-host option)

      The goal is offering an alternative that doesn't enshittify over time, secure, fully sovereign and convenient.

      • jdkaiwei 1 day ago
        How's support for credit card form entries? That's the one thing that makes me miss 1Password as a current keepass user and will make me move over.
        • MegagramEnjoyer 1 day ago
          It exists and is thoroughly tested for common cases, but there might be tricky form shapes that haven't been covered.

          Give it a try and if you find anything, I'll prioritize fixing it. I'm really keen on getting a top-notch autofill engine.

  • kevinak 23 hours ago
    Very cool! I like it!

    What about using Nostr relays to also back up your data passwords? I built a library called Tablinum around this idea. Local first but backed up to Nostr relays using NIP-59 gift wrapped events.

    https://tablinum.dev

  • ind-igo 19 hours ago
    This is really awesome. I've long wanted something like this, especially the local first with p2p sync. Why did you choose nostr over direct p2p with iroh which has dumb relay as fallback?
  • shaunkoh 1 day ago
    Congrats! How’s it compare vs self-hosted vaultwarden?
    • MegagramEnjoyer 1 day ago
      Thanks!

      Way less overhead than hosting your own vaultwarden instance, so way more user friendly with basically the same effect. The big difference is there's no server at all. With vaultwarden you're running a box that holds your whole vault and you have to keep it patched, backed up and secured (sysadmin skills basically). Bramble just syncs your devices directly so there's nothing to host or maintain = no single point of failure.

      One tradeoff is both devices need to be online at the same time, since there's no server in the middle holding your changes for later. For me that's worth it and intentional.

      • rsyring 7 hours ago
        What if I have multiple devices and some aren't currently online. Will they catch up when they do come back online?
        • MegagramEnjoyer 7 hours ago
          Exactly that. Once the devices are simultaneously online they will sync.
  • mune2gu-chan 1 day ago
    Really clean concept. Keeping everything entirely on-disk instead of relying on a third-party cloud is something I've been wanting to see more of.
    • MegagramEnjoyer 1 day ago
      Thank you! I'm a firm believer of this as well, especially with how things almost always turn out for venture backed companies. I feel like there's a push towards local-first and self-hosted solutions these days, and rightfully so.
  • bronlund 8 hours ago
    So how much of this is vibe-coded?
  • commandersaki 1 day ago
    How does it handle browser autofill. What if you have to fill in a box that has a non-standard label? These are things I rely on with 1Password.
  • banderberg 1 day ago
    When I hear P2P I imagine my data going through other people's devices - but it sounds like this is a private P2P network.
    • MegagramEnjoyer 1 day ago
      ah yes, I didn't even think of this! It's fully private and I'll update my copy to indicate that. Thank you!
  • commandersaki 16 hours ago
    Ah just realised no iOS release, that's a non-starter.
    • MegagramEnjoyer 7 hours ago
      I've submitted it for review. Fingers crossed it doesn't take long
  • rkagerer 6 hours ago
    Screenshots?
  • keepupnow 1 day ago
    What ai tools are you using if I may ask, genuinely interested.
    • MegagramEnjoyer 1 day ago
      I used Claude Opus during this project within Zed editor. Nothing else.
  • bix6 23 hours ago
    The only crypto you accept is Monero?
    • MegagramEnjoyer 7 hours ago
      yeah I really like monero, but will add more options soon
  • keepupnow 1 day ago
    You built your own sync engine? Why?
    • ramon156 1 day ago
      Most sync engines are targeted towards being fast. I suppose for a PM you'd want one that's very resource efficienct. I'm just spitballing here, I'm not OP
      • keepupnow 1 day ago
        It's a hard feature to get right, it is complex and networking across the internet is unreliable. I am an advocate for local-first and P2P, but I would like to see contributions to existing libraries rather then weaker implementations
    • MegagramEnjoyer 1 day ago
      if you mean why I didn't choose a lib like automerge, yjs and instead handrolled it - that's because these libs are geared towards plaintext.

      Bramble's sync is built around its own encrypted vault instead. When two devices conflict it just compares timestamps on the encrypted entries and keeps the newer one as-is, without ever unwrapping your per-entry keys to merge. Nothing off the shelf did that against my vault format, so the core is custom. It's a pretty simple implementation tbh

      • cicko 1 day ago
        This deserves a bit more explanation (sorry, on the phone, can't look at the code in the next couple of days). So, if I change the password and update it on the phone, then add a web site on the desktop, when they sync, the desktop entry will overwrite the new password? Hope it's not that simple.
      • jjnoakes 1 day ago
        Last writer wins may be sufficient for some folks but for me, any potential data loss in an app like this is a deal breaker. I hope you'll consider some kind of merge conflict detection and surfacing that to the user. Even keeping a list of deleted items and showing that can be a good start.
  • tamimio 23 hours ago
    It’s nice to always have more options but I don’t want it to be local, I lose the centralized system and having multiple devices syncing the pass database, or a turned off device, or an attack/ransom that took all your files including your passowrds, or your lost your device while traveling.. It’s better to have them secured somewhere safe and only accessible remotely, and there are plenty of self hosting options out there.
  • suhan07 1 day ago
    [flagged]
  • yr_animesh 14 hours ago
    [dead]