Enterprise-grade password manager with military-level security, offline-first architecture, and duress mode protection.
- AES-256-GCM Encryption — Bank-level encryption for all stored data
- Argon2id Password Hashing — Quantum-resistant key derivation
- Zero-Knowledge Architecture — Your master password never leaves your device
- Offline-First Design — No cloud, no tracking, no data leaks
- 🔑 Two-Factor Authentication (TOTP) — Compatible with Google Authenticator, Authy
- 📸 Failed Login Photo Capture — Captures photos of unauthorized access attempts
- 🥷 Duress/Pseudo Mode — Show fake vault under coercion (configurable panic password)
- 📊 Activity Logging — Track all vault access with detailed analytics
- 🔄 Encrypted Backups — Export/import with password-protected encryption
- 10 Premium Themes — Dark, Light, Cyberpunk, Dracula, Ocean, and more
- 13 Languages — English, Russian, Spanish, German, French, Arabic, Hindi, etc.
- Custom Window Controls — Frameless design with smooth animations
- Smooth Scrolling — Polished UI with Framer Motion animations
- Node.js 18+ (Download)
- Rust 1.70+ (Install)
- Tauri CLI (Setup Guide)
# Clone the repository
git clone https://github.com/ar3love/x-pass.git
cd x-pass
# Install dependencies
npm install
# Run in development mode
npm run tauri dev
# Build for production
npm run tauri build- Create your master password (min. 8 characters)
- Enable 2FA (recommended) — Scan QR code with authenticator app
- Start adding passwords to your vault!
Latest version: v0.3.1 (January 08, 2026)
| Platform | File | Size | Download Link |
|---|---|---|---|
| 🪟 Windows (MSI EN) | X-PASS_0.3.1_x64_en-US.msi | ~191 MB | Download |
| 🪟 Windows (MSI RU) | X-PASS_0.3.1_x64_ru-RU.msi | ~191 MB | Download |
| 🪟 Windows (NSIS) | X-PASS_0.3.1_x64-setup.exe | ~191 MB | Download |
| 🍎 macOS | — | — | Coming soon (build from source available) |
| 🐧 Linux | — | — | Coming soon (build from source available) |
Notes:
- All Windows installers are for x64 (Windows 10 1809+ / Windows 11 recommended).
- After installation, the app size is approximately 7 MB.
- macOS and Linux builds will be added in upcoming releases.
- You can always build from source if needed: Build Instructions
For older versions or source code, check the full Releases page.
┌──────────────────────────────────────────────────────────────────────┐
│ USER AUTHENTICATION │
└────────┬─────────────────────────────────────────────────┬────────────┘
│ │
┌────▼─────┐ ┌──────────┐ ┌─────▼──────┐
│ Master │ │ OTP │ │ Pseudo │
│ Password │ │ Code │ │ Password │
└────┬─────┘ └─────┬────┘ └─────┬──────┘
│ │ │
┌────▼─────────┐ ┌─────▼──────────┐ ┌────▼─────────┐
│ Argon2id │ │ TOTP Verify + │ │ Argon2id │
│ (salt+hash) │ │ Decrypt Recov │ │ (check vs │
└────┬─────────┘ └─────┬──────────┘ │ pseudo hash)│
│ │ └────┬─────────┘
│ │ │
┌────▼──────────────────────────▼────────────────────▼─────────┐
│ Derive 256-bit AES-256-GCM Encryption Key │
└────┬──────────────────────────────────────────────────────────┘
│
┌────▼──────────────────────────────────────────────┐
│ Is Key Valid? (Test decrypt first entry) │
└────┬─────────────────────────────────┬─────────────┘
│ ✅ Valid (Real) │ ❌ Invalid (Pseudo)
│ │
┌────▼───────────────┐ ┌──────▼──────────────┐
│ AES-256-GCM │ │ Check Pseudo │
│ Decrypt Real Data │ │ Settings │
└────┬───────────────┘ └──────┬──────────────┘
│ │
┌────▼───────────────┐ ┌──────▼──────────────┐
│ 💾 SQLite Database │ │ Show Fake Entries │
│ Real Passwords │ │ OR Empty Vault │
└────────────────────┘ └─────────────────────┘
┌──────────────────────────────────────────────────────────────────────┐
│ FAILED LOGIN HANDLING │
├──────────────────────────────────────────────────────────────────────┤
│ Wrong Password → 📸 Capture Photo → Encrypt → Store in DB │
│ → 📊 Log Activity with Timestamp │
└──────────────────────────────────────────────────────────────────────┘
- No Master Password Storage — Only Argon2id hash stored with unique salt
- Per-Entry Encryption — Each password encrypted with AES-256-GCM + unique nonce
- OTP Recovery System — Master key encrypted with OTP-derived key (no password storage)
- Pseudo Mode Protection — Wrong password triggers fake vault or data wipe
- Memory Wiping — Sensitive data cleared from RAM after use
- Photo Evidence — Failed login attempts captured and encrypted
- Offline-First — All operations happen locally, no network calls
Scenario: Someone forces you to unlock your vault under threat.
Solution: Set up a panic password that shows a fake vault with decoy data.
- Go to Settings → Security → Pseudo Mode
- Create a secondary password
- Choose action: Show Fake Vault or Wipe Real Data
- Generate fake entries automatically
// Real password → Real vault
login("my-real-password") // ✅ Accesses actual passwords
// Panic password → Decoy vault
login("panic-123") // ⚠️ Shows fake LinkedIn/Gmail entries
| Language | Code | Status |
|---|---|---|
| 🇬🇧 English | en |
✅ Complete |
| 🇷🇺 Russian | ru |
✅ Complete |
| 🇪🇸 Spanish | es |
✅ Complete |
| 🇩🇪 German | de |
✅ Complete |
| 🇫🇷 French | fr |
✅ Complete |
| 🇸🇦 Arabic | ar |
✅ Complete |
| 🇮🇳 Hindi | hi |
✅ Complete |
| 🇮🇩 Indonesian | id |
✅ Complete |
| 🇮🇹 Italian | it |
✅ Complete |
| 🇯🇵 Japanese | ja |
✅ Complete |
| 🇰🇷 Korean | ko |
✅ Complete |
| 🇧🇷 Portuguese | pt |
✅ Complete |
| 🇨🇳 Chinese | zh |
✅ Complete |
Want to add your language? Contribute here!
| Theme | Preview |
|---|---|
| 🌙 Dark | Default dark mode with blue accents |
| ☀️ Light | Clean minimalist light theme |
| 💜 Cyberpunk | Neon purple with glitch effects |
| 🧛 Dracula | Popular purple/pink dark theme |
| 🌊 Ocean | Calming blue gradient |
| 🏜️ Sand | Warm beige desert theme |
| 🌅 Sunset | Orange/purple gradient |
| ☢️ Toxic | Radioactive green |
| 🎆 Neon | Bright cyan/magenta |
| 🌈 Fallout | Post-apocalyptic amber |
x-pass/
├── src/ # React frontend
│ ├── components/ # UI components
│ ├── context/ # React contexts (Auth, Theme, Pseudo)
│ ├── pages/ # Main pages (Login, Vault, Settings)
│ └── assets/ # Translations, images
│
├── src-tauri/ # Rust backend
│ ├── src/
│ │ ├── password_manager.rs # Core vault logic
│ │ ├── otp.rs # TOTP 2FA
│ │ ├── pseudo_mode.rs # Duress mode
│ │ ├── activity_logger.rs # Security logging
│ │ ├── backup.rs # Encrypted export/import
│ │ └── lib.rs # Main entry point
│ └── Cargo.toml # Rust dependencies
│
├── docs/ # Documentation
│ ├── images/ # Screenshots & diagrams
│ └── architecture.md # Technical deep dive
│
└── README.md # You are here!
# Windows
npm run tauri build -- --target x86_64-pc-windows-msvc
# macOS (Intel)
npm run tauri build -- --target x86_64-apple-darwin
# macOS (Apple Silicon)
npm run tauri build -- --target aarch64-apple-darwin
# Linux
npm run tauri build -- --target x86_64-unknown-linux-gnu# Enable verbose logging
RUST_LOG=debug npm run tauri devWe welcome contributions! Please see CONTRIBUTING.md for guidelines.
- 🐛 Report bugs — Open an issue
- 🌍 Translate — Add new language files
- 🎨 Design — Create new themes
- 💻 Code — Fix bugs or add features
- 📝 Documentation — Improve guides
This project is licensed under GPL-3.0 with additional commercial restrictions.
- ✅ Free for personal use, education, and open-source projects
- ❌ Commercial entities (revenue > $1M/year) require a separate license
- 📧 Contact: [ar3love@outlook.com] for commercial licensing
See LICENSE for full terms.
Built with these amazing technologies:
- Tauri — Rust-powered desktop framework
- React — UI library
- Material-UI — Component library
- Argon2 — Password hashing
- AES-GCM — Encryption standard
- 🐛 Bug Reports: GitHub Issues
- 💬 Discussions: GitHub Discussions
- 📧 Email: ar3love@outlook.com
- 🌐 Website: https://arelove.github.io/x-pass/
Made with ❤️ by arelove
⭐ Star this repo if you find it useful! ⭐