PaperVault
papervault.xyzStore secrets and passwords on encrypted paper with distributed keys. Designed to last generations. Open source, client-side only, works offline.
- Homepage: papervault.xyz
- GitHub: github.com/boazeb/papervault
- Web info: web-check.xyz/check/papervault.xyz
PaperVault Source Code
Author
Description
Paper vault for passwords and secrets
Homepage
https://papervault.xyzLicense
MIT
Created
03 Mar 26
Last Updated
06 Jul 26
Latest version
Primary Language
JavaScript
Size
2,672 KB
Stars
24
Forks
3
Watchers
24
Language Usage
Star History
Top Contributors
-
@boazeb (37)
-
@dependabot[bot] (5)
-
@lissy93 (4)
-
@BittuBarnwal7479 (1)
Recent Commits
-
BB (06 Jul 26)
feat(dist): ship the Windows binary as a .zip (~40MB vs ~110MB) Compress the Windows .exe with PowerShell Compress-Archive so the download roughly halves, matching the macOS .app zip and Linux tar.gz.
-
BB (06 Jul 26)
docs: README reflects the macOS menu-bar app
-
BB (06 Jul 26)
feat(dist): macOS app lives in the menu bar (replaces the Quit dialog) PaperVault.app's main executable is now a small AppKit menu-bar app (Swift) instead of a blocking osascript dialog: a lock icon in the menu bar with Open / Quit. Cleans up the server on Quit and on SIGTERM/SIGINT. Drops launcher.sh.
-
BB (06 Jul 26)
feat(dist): native app bundles for the standalone binaries macOS ships as a double-clickable PaperVault.app (icon + Quit dialog) in a zip; Linux as a tar.gz that preserves the execute bit; Windows unchanged. Fixes the non-runnable raw-download problem. Release 1.3.0.
-
BB (06 Jul 26)
docs: add standalone single-file executable to Quick Start
-
BB (06 Jul 26)
chore: release 1.2.0
-
Boaz Bechar (06 Jul 26)
feat: single-file executable (Node SEA) (#23) * feat: single-file executable build (Node SEA) Download-and-run binary for self-hosters — no npm, no build, no Electron. Serves the embedded build over localhost (a secure context, needed for the QR-scanner WASM, camera, and Web Crypto) and opens the browser. Builds macOS/Linux/Windows binaries on X.Y.0 tags via release-binaries.yml, attached to the release with SLSA provenance. Co-Authored-By: Claude Opus 4.8 <[email protected]> * ci(release-binaries): suppress reviewed zizmor findings cache-poisoning on the npm cache step (matches release.yml's existing suppression) and the superfluous-actions notice on action-gh-release. --------- Co-authored-by: Claude Opus 4.8 <[email protected]>
-
BB (06 Jul 26)
chore: release 1.1.0 (release.yml yarn→npm)
-
Bittu kumar (06 Jul 26)
docs: add contributing guide (#19) * docs: add CONTRIBUTING.md * refactor: update CONTRIBUTING.md
-
dependabot[bot] (05 Jul 26)
chore(deps): bump moment-timezone from 0.5.48 to 0.6.2 (#20) Bumps [moment-timezone](https://github.com/moment/moment-timezone) from 0.5.48 to 0.6.2. - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](https://github.com/moment/moment-timezone/compare/0.5.48...0.6.2) --- updated-dependencies: - dependency-name: moment-timezone dependency-version: 0.6.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] (05 Jul 26)
chore(deps): bump actions/github-script from 8 to 9 (#9) Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v8...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] (05 Jul 26)
chore(deps): bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 (#8) Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.5.6 to 0.5.7. - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/v0.5.6...v0.5.7) --- updated-dependencies: - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] (05 Jul 26)
chore(deps): bump trufflesecurity/trufflehog from 3.95.5 to 3.95.8 (#6) Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.95.5 to 3.95.8. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/v3.95.5...v3.95.8) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] (05 Jul 26)
chore(deps): bump actions/checkout from 6 to 7 (#5) Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
BB (05 Jul 26)
ci: fix ci.yml yarn→npm, mirror user boaz, pin scanner in dependabot - ci.yml: repo moved to npm in #3 but the CI workflow (#4) still used yarn (cache/install/build) → failed on every PR. Converted to npm. - mirror.yml: Codeberg username is 'boaz', not 'boazeb'. - dependabot.yml: ignore the deliberately-pinned QR scanner stack and skip major version bumps (only auto-PR minor/patch). Co-Authored-By: Claude Opus 4.8 <[email protected]>
-
BB (04 Jul 26)
ci(dependabot): enable weekly npm + github-actions update PRs Co-Authored-By: Claude Opus 4.8 <[email protected]>
-
Boaz Bechar (04 Jul 26)
Merge pull request #4 from lissy93-forks/add-ci-cd-workflows Adds CI/CD workflows
-
Alicia Sykes (04 Jul 26)
Merge branch 'main' into add-ci-cd-workflows
-
BB (04 Jul 26)
fix(scanner): pin scanner stack + self-host WASM sync; harden npm config Follow-up to #3. Pin @yudiel/react-qr-scanner 2.5.1 + overrides [email protected] / [email protected] so installed versions match the committed public/wasm/zxing_reader.wasm binary — the lockfile float in #3 desynced them and broke the QR scanner (offline + macOS Chrome). Add scripts/copy-wasm.js wired into start/build to keep public/wasm/ synced with the installed zxing-wasm and prevent silent skew. Harden: private:true, .npmrc ignore-scripts, vercel installCommand npm ci. Co-Authored-By: Claude Opus 4.8 <[email protected]>
-
Boaz Bechar (04 Jul 26)
Merge pull request #3 from lissy93-forks/dependency-update Dependency updates, and cleanup
-
Boaz Bechar (04 Jul 26)
Merge pull request #1 from lissy93-forks/allow-proceeding-while-online fix: allow proceeding even when offline check fails/wrong
-
Alicia Sykes (03 Jul 26)
Adds CI/CD workflows
-
Alicia Sykes (03 Jul 26)
update deps, rm yarn.lock, update docker script
-
Alicia Sykes (03 Jul 26)
fix: allow proceeding even when offline check fails/wrong
-
BB (31 May 26)
chore: bump packages to 0.1.1 (post-publish) After publishing v0.1.1 to npm, persist the version bumps so the git repo's package.jsons match what's on the registry. The internal `file:` deps have been restored by scripts/publish-prep.js restore for continued local development. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
-
BB (31 May 26)
fix: address 5 nits from internal review of bacc50e + cd007f6 All low-severity, none blocking, but worth cleaning up before publish. - tools.js: move TYPICAL_VALUE_CHAR_GUESS + estimateChars below all imports. Was wedged between two import groups; worked due to ESM hoisting but would trip any future import/first lint rule. - backup.js (--interactive): - Drop "Implies --no-yes" from help; it was just wrong. The two flags are independent and combine fine. - Skip the multiselect when only one ref matched. No point asking the user to space-select a single option. - init.js (Azure multiselect): - Lower threshold from >3 to >0 so KVs with 1-3 secrets also get the picker. The previous "filtering adds no value for small KVs" reasoning was wrong — even one secret might be too large. - Pre-check the previously-selected names via initialValues when running init in edit mode against an existing config, so prior selection intent isn't silently dropped. - kit.js (over-limit error): include freeText in the breakdown when it contributes. The old format said "X chars used by N entries" which was confusing if N was 0 and freeText was the culprit. Now reads "X chars used (N entries + freeText (Y chars))". All tests still pass: security-fixes (18 assertions), crypto roundtrip, .env parser (15 cases), init+config integration (6 cases), MCP e2e (10 cases), Azure adapter mock. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
-
BB (31 May 26)
fix(security): close 3 medium + 2 low findings from internal review Followup to bacc50e. None critical/high; medium issues were defensive gaps where a determined local attacker, a malicious MCP agent, or a DNS-rebinding attacker could obtain more than the threat model intended. Mediums: - M-1 (DNS rebinding): the localhost print server already rejected non-loopback remote addresses, but accepted any Host header. An attacker page using DNS rebinding (evil.com → 127.0.0.1) could bypass same-origin and read kit data from the user's session. Fix: validate Host header against the explicit loopback hosts {127.0.0.1, localhost, [::1]} with the actual listening port. - M-2 (name leakage in createKit error): the new "largest entries" hint added in bacc50e included plaintext secret names, which then flowed through err.message into both the audit log (which promises fingerprinted names by default) and MCP tool error responses (where agents shouldn't see secret material). Fix: keep the sizes, drop the names. User runs --interactive or inspects their source if they need to identify which entry is which. - M-3 (CLI --save mode): kit-runner.js wrote HTML files using the default umask (typically 0644 = world-readable). On shared systems another local user could read the saved files and, with the threshold of key share QRs, unlock the vault. Fix: mkdir 0o700 + writeFile 0o600 + post-chmod, matching what the MCP path already did. Lows: - L-1, L-2 (audit log permissions): ~/.papervault/ defaulted to 0755 and audit.log to 0644. The log never contains secret values but does contain action types, timestamps, source URIs, and (when PAPERVAULT_LOG_NAMES=1) plaintext names. Fix: mkdir 0o700 + chmod the dir + chmod the file after each append. All five fixes verified by /tmp/papervault-test/security-fixes-test.mjs (18 assertions, including raw http.request tests that defeat fetch's forbidden-header restriction so we actually exercise the Host check). Existing test suites still pass: MCP e2e, crypto roundtrip, .env parser, init+config integration, Azure adapter mock. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
-
BB (31 May 26)
feat: UX + safety pass on the 300-char vault limit The 300-char user-content cap is the same as the web app and is what keeps QR codes scannable on real paper. v0.1.0 enforced it but the ergonomics around hitting it were poor, especially with cloud sources that easily blow past it. Five focused fixes: - @papervault/cli (azure): drop the auto-added `notes: "contentType: X"` field. The user didn't ask for it and it silently ate ~15 chars per secret out of the 300-char budget. - @papervault/core (kit): when createKit refuses an over-limit vault, the error now lists the top-3 char-contributing entries by name so the user knows what to drop instead of guessing. - @papervault/cli (init): after the Azure auth probe succeeds, show a clack multiselect of secret names so the user picks the subset. Saves the picks as `select: "name1,name2,..."` in papervault.config.json so the first backup doesn't run against the whole KV by accident. - @papervault/mcp (dry_run): new `char_estimate` field with lower_bound (exact, from name lengths), rough_estimate (lower + 60 per secret as a value-length guess), and max_allowed. Agents can now reason about scope before committing to a fetch. - @papervault/cli (backup): new --interactive flag that adds a multiselect step after the glob filter but before fetching values. Useful for cloud sources with many entries when --select globs are clumsy. No code changes to the 300-char cap itself; that's deliberately unchanged to keep cross-app vault compatibility. We can revisit the cap later if cloud-KV-backup becomes a major use case. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
-
BB (31 May 26)
docs: lead MCP setup with `claude mcp add` for Claude Code users Previously the setup instructions only showed the JSON-edit path, which requires the user to find or create the right config file and restart the client. `claude mcp add -s user papervault -- npx -y @papervault/mcp` is a single command that does the same thing. - README.md: shows the CLI command first, JSON snippet stays as fallback for Cursor, Claude Desktop, and other clients - papervault-mcp/README.md: restructured Quick Start with Claude Code one-liner first, then JSON config for other clients. Global install option preserved for users who want the faster startup path Behaviour unchanged; docs-only patch. Will land on npm with the next publish (npm READMEs are frozen at publish time). Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
-
BB (31 May 26)
fix(mcp): do not echo bad input values in validateInteger error If an agent confuses parameters and passes a secret-shaped string as threshold / shares / max_secrets / limit, the previous error message would have echoed the value back in the tool response and persisted it to the audit log. Now the error only includes the type, not the value. Defensive change; no behavior difference for legitimate calls. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
PaperVault Website
Website
PaperVault.xyz - Cold Storage Vault for Digital Assets and Passwords
Store secrets on paper with threshold encryption. Encrypt passwords, seed phrases and recovery codes, split the key using Shamir's Secret Sharing, and print as QR codes.
Redirects
Does not redirect
Security Checks
1 security checks failed (64 passed)
- Top-Level Domain Highly Abused
Server Details
- IP Address 216.198.79.1
- Location Walnut, California, United States of America, NA
- ISP Vercel Inc
- ASN AS16509
Associated Countries
-
US -
CA
Safety Score
Website marked as risky
70%
Blacklist Check
papervault.xyz was found on 0 blacklists
- AntiSocial Blacklist
- Artists Against 419
- Badbitcoin
- Bambenek Consulting
- CERT Polska
- CoinBlockerLists
- CRDF
- CryptoScamDB
- EtherAddressLookup
- EtherScamDB
- Fake Website Buster
- MetaMask EthPhishing
- NABP Not Recommended Sites
- OpenPhish
- PetScams
- PhishFeed
- PhishFort
- Phishing.Database
- PhishStats
- PhishTank
- Phishunt
- RPiList Not Serious
- Scam.Directory
- SecureReload Phishing List
- Spam404
- StopGunScams
- Suspicious Hosting IP
- ThreatFox
- ThreatLog
- TweetFeed
- URLhaus
- ViriBack C2 Tracker
Website Preview
PaperVault Reviews
More Password Managers
-
End-to-end encrypted open source password and alias manager with built-in email server. AliasVault protects your privacy by creating alternative identities, passwords and email addresses for every website you use. Use the cloud version, or self-host and deploy within minutes via Docker.
-
Fully-featured, open source password manager with cloud-sync. Bitwarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. See also Vaultwarden, a self-hosted, Rust implementation of the Bitwarden server and compatible with upstream Bitwarden clients.
-
Hardened, secure and offline password manager. Does not have cloud-sync baked in, deemed to be gold standard for secure password managers. KeePass clients: Strongbox (Mac & iOS), KeePassDX (Android), KeeWeb (Web-based/ self-hosted), KeePassXC (Windows, Mac & Linux), see more KeePass clients and extensions at awesome-keepass by @lgg.
-
LessPass is a little different, since it generates your passwords using a hash of the website name, your username and a single main-passphrase that you reuse. It omits the need for you to ever need to store or sync your passwords. They have apps for all the common platforms and a CLI, but you can also self-host it.
-
The Standard Unix Password Manager
-
From the creators of ProtonMail, ProtonPass is a new addition to their suite of services. They have a full collection of user-friendly native mobile and desktop apps. ProtonPass is one of the few "trustworthy" providers that also offers a free plan.
About the Data: PaperVault
Change History
- Added #421
API
You can access PaperVault's data programmatically via our API. Simply make a GET request to:
https://api.awesome-privacy.xyz/v1/services/papervault The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.
Share PaperVault
Help your friends compare Password Managers, and pick
privacy-respecting software and services.
Share PaperVault and Awesome Privacy with your network!