Skip to content

πŸ”‘ Javascript Secrets Vault - Multi-Platform Desktop Application

License

Notifications You must be signed in to change notification settings

armantaherian/buttercup-desktop

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation


Buttercup Desktop


Cross-platform, free and open-source password manager based on NodeJS.

Buttercup Build Status Build status Latest version Github All Releases Backers on Open Collective Sponsors on Open Collective encryption Chat securely on Keybase

image

About

Buttercup is a password manager - an assistant for helping you store all of your login credentials. Buttercup helps you keep your accounts safe and assists you when you want to log in - all you need to do is remember just one password: your master password.

This is the Desktop application in the Buttercup suite, and there's also a mobile app and browser extension so that you can access your credentials anywhere. You store your credentials (login information) in a secure archive, which can then be stored on your own computer or any of our supported cloud services (like Dropbox, for example).

Archives are encrypted using the AES specification, and cannot be read by anyone besides those with the master password. Brute-force decryption is not technically possible. You should not share your archive with anyone, but rest assured: your contents are safe.

Why you need software like Buttercup

Many of us have 10s or 100s of accounts, and it would be crazy to secure these with 1 or 2 passwords. Why? If an attacker gains access to one of the systems you have an account with, your password there may be easily stolen - if an attacker gets this it's highly likely they will try to log in to other accounts you have with the same password. If you're using the same password on more than one site, you risk having several accounts stolen if any one of them is breached.

Buttercup helps you by remembering all of your passwords, and because you no longer have to remember them yourself, you can use different passwords for every single site.

Protecting your details

Buttercup provides a secure way of storing your details, but it is only as secure as how you treat your master password and archive files.

Ensure that you never share your master password or use it anywhere other than with your archive. Never share or store your archive in a non-private environment. Always remember to make regular backups of your archive.

Download & Install

Head over to our website, or checkout the releases page to download different builds and versions.

If you're using macOS, you can also use Homebrew Cask to download and install Buttercup:

$ brew cask install buttercup

If you're using Windows, you can use Chocolatey to download and install Buttercup:

choco install buttercup

Platforms and Operating Systems

Buttercup is available for macOS (dmg), Windows (exe) and Linux (deb, rpm, tarball) (64bit only).

We actively support Buttercup on the following platforms:

  • MacOS (latest)
  • Windows 10
  • Ubuntu 18.04

Operating systems outside of these are not directly supported by staff - Issues will be followed on GitHub, however, and assistance provided where possible.

Arch Linux

Buttercup is also available for Arch Linux (32/64bit) (AUR). This release channel is maintained by our community.

Some users have reported segmentation faults on Arch - if you notice a similar issue, perhaps check out this solution.

Portability

Buttercup supports portable builds on the following platforms:

Portable versions for Windows and Mac will arrive in the not-so-distant future.

Encryption & Format

Buttercup uses a delta-system to manage archive changes and save conflicts. The archive, upon saving, is encrypted with AES 256bit CBC mode with a SHA256 HMAC. Encryption is performed once the password has been salted and prepared with PBKDF2 at between 200-250k iterations.

Because security with password storage is of the utmost importance, Buttercup will remain in alpha/beta release mode until some level of professional scrutiny has occurred. It is completely possible that security-related changes will occur, but this is inevitable and we handle every question and criticism with great care when it comes to the safety of using our software.

Features

Buttercup supports loading and saving credentials archives both locally and remotely. Remote archives can be stored in a variety of service providers like Dropbox, Google Drive and WebDAV-enabled services, such as Yandex.

Archives store groups and entries in a simple hierarchy. Both groups and entries can be moved into other groups. Deleted items are trashed before being removed permanently.

Buttercup has basic merge conflict resolution when 2 changes are made at once on the file (locally or remote).

WebDAV

Buttercup can connect to WebDAV-based services for the purpose of remotely-accessing vault files. Most WebDAV services and services supporting WebDAV are compatible.

Please note that Buttercup does not support self-signed certificates.

Importing and Exporting

You can import from other password managers (such as 1Password, Lastpass and KeePass) by opening your archive and choosing Import from the menu.

You can also export Buttercup vaults to CSV format.

Internationalization

Buttercup for Desktop supports the following languages:

  • English (Default)
  • Spanish
  • German
  • French
  • Russian
  • Farsi
  • Indonesian
  • Italian
  • Brazilian Portuguese
  • Ukrainian
  • Hungarian
  • Czech
  • Dutch
  • Turkish
  • Polish
  • Finnish
  • Catalan
  • Simplified Chinese
  • Romanian
  • Korean

Submitting internationalization configurations

We welcome the addition of new languages to the Buttercup platform. Please follow the style of the current translations.

If adding languages that are more specific than usual (eg. "pt_br" - Brazilian Portuguese), ensure that you separate the parts by an underscore _ and not a dash.

Development

If you're interested in developing Buttercup:

Install Dependencies & Run

$ npm install
$ npm run start

Package & Release

Install Dependencies

You will need some extra dependencies to build for different platforms on a single platform. Please refer to this guide and install required software for your platform.

Building libraries before releasing

$ npm run build

Package

To package the app and make installers for all supported platforms:

$ npm run release

This may take a while depending on how fast your computer is. All apps and installers will be in app directory.

To package only for the current platform:

$ npm run package:current

Or for a specific platform:

$ npm run package:mac
$ npm run package:win
$ npm run package:linux

NB:

The above is a naive release process, without signing. To sign, notarize and release, as is the standard approach, first export the following environment variables:

export GH_TOKEN=github_token
export WIN_CSC_LINK=file:///some/directory/buttercup_codesign.p12
export WIN_CSC_KEY_PASSWORD="codesign_password"
export APPLE_ID=apple_id
export APPLE_ID_PASSWORD=app_specific_password
export TEAM_SHORT_NAME=team_short_name # if your account is connected to multiple teams

Where GH_TOKEN is your GitHub token, WIN_CSC_LINK is the location of the p12 code signing certificate and WIN_CSC_KEY_PASSWORD is the certificate password.

You can generate an Apple App-Specific password here and find your team short name according to this guide.

Then run:

npm run release

Debugging

In case you need to access Buttercup logs, they are located in:

  • On Linux: ~/.config/Buttercup/log.log
  • On macOS: ~/Library/Logs/Buttercup/log.log
  • On Windows: %USERPROFILE%\AppData\Roaming\Buttercup\log.log

Contributors

Creation

Contributions

This project exists thanks to all the people who contribute. [Contribute].

We'd also like to thank:

We welcome contributions. Please read Contribution Guide before sending a PR.

Backers

Thank you to all our backers! πŸ™ [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

License

Released under GNU/GPL Version 3

About

πŸ”‘ Javascript Secrets Vault - Multi-Platform Desktop Application

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 98.5%
  • HTML 1.1%
  • Other 0.4%