SVPassman Documentation

Version 0.1.1  ·  Last updated March 2025

Welcome to the SVPassman documentation. SVPassman is a local-first, zero-knowledge password manager built with Rust and Tauri. This guide covers everything you need to know to install, configure, and use SVPassman effectively.

Quick note: SVPassman stores all data locally. Nothing is sent to external servers (unless you explicitly configure remote sync). Your master password is never transmitted anywhere.

What is SVPassman?

SVPassman is a desktop application that lets you securely store and manage:

  • Passwords — website logins with username, password, and URL
  • Credit Cards — card numbers, expiry dates, and CVV (encrypted)
  • SSH Keys — private keys for server access
  • TOTP / 2FA — time-based one-time passwords for two-factor authentication
  • Secrets — arbitrary text or key-value pairs

All data is encrypted with AES-256-GCM using a key derived from your master password via Argon2id.

Installation

SVPassman is available for macOS, Windows, and Linux. Download the appropriate installer from the releases page.

macOS

  1. Download the .dmg file from the releases page
  2. Open the DMG and drag SVPassman to your Applications folder
  3. On first launch, right-click the app and select "Open" to bypass Gatekeeper
  4. The app is notarized by Apple — you only need to do this once

Windows

  1. Download the .msi installer from the releases page
  2. Run the installer — Windows may show a SmartScreen warning for new publishers
  3. Click "More info" → "Run anyway" to proceed
  4. SVPassman will be available in your Start Menu

Linux

  1. Download the .AppImage or .deb package
  2. For AppImage: chmod +x SVPassman.AppImage && ./SVPassman.AppImage
  3. For deb: sudo dpkg -i svpassman_0.1.1_amd64.deb
System requirement: SVPassman requires a 64-bit operating system. macOS 11+, Windows 10+, or a modern Linux distribution with WebView2 / WebKitGTK support.

First Launch

When you launch SVPassman for the first time, you'll be prompted to set up your vault.

Creating Your Profile

  1. On the welcome screen, click Create New Vault
  2. Choose a username for your local profile
  3. Set your master key — this is the password that protects your entire vault
  4. Confirm the master key
  5. Click Create Vault

Your vault is now created and encrypted. You'll be taken to the main dashboard.

Switching Profiles

SVPassman supports multiple local profiles. From the unlock screen, use the Switch Profile button to manage multiple vaults on the same machine — useful for separating personal and work credentials.

Master Key

Your master key is the single password that protects your entire vault. It is never stored anywhere — not on your device, not on any server. Only you know it.

Critical: If you forget your master key, your vault is permanently inaccessible. There is no recovery mechanism. Write it down and store it securely.

Choosing a Strong Master Key

  • Use at least 16 characters
  • Mix upper and lowercase letters, numbers, and symbols
  • Consider a passphrase — a string of random words is both memorable and strong
  • Never reuse a password you use elsewhere

How Keys Are Derived

SVPassman uses Argon2id to derive the encryption key from your master password. Argon2id is intentionally slow and memory-intensive, making brute-force attacks computationally expensive.

master_password → Argon2id (time=2, mem=64MB) → encryption_key
encryption_key  → AES-256-GCM → encrypted vault

Changing Your Master Key

  1. Navigate to Settings → Change Master Key
  2. Enter your current master key
  3. Enter and confirm your new master key
  4. Click Save Changes
  5. You will be signed out and need to unlock with the new key

Biometric Unlock

SVPassman supports biometric unlock on supported platforms — Touch ID on macOS and Windows Hello on Windows.

How It Works

When you enable biometric unlock, SVPassman stores an encrypted version of your session credentials in the system's secure enclave (macOS Keychain / Windows Credential Store). When you authenticate with your biometric, the OS releases these credentials to SVPassman — your actual master key is never exposed to the biometric system.

Enabling Biometric Unlock

  1. Ensure your device has enrolled biometrics (Touch ID / Windows Hello)
  2. Navigate to Settings → Biometric Unlock
  3. Toggle Enable Biometric Unlock
  4. Authenticate with your biometric when prompted
  5. Future unlocks will offer your biometric as an option alongside your master key

Supported Platforms

  • macOS — Touch ID (MacBook Pro, iMac, Magic Keyboard with Touch ID)
  • Windows — Windows Hello (fingerprint, face recognition, PIN)
  • Linux — Not currently supported

Passwords

The most common vault entry type. Store website logins with username, password, URL, and optional notes.

Adding a Password

  1. From the vault view, click the + button in the sidebar
  2. Select Password from the dropdown
  3. Fill in the title, username, password, and URL
  4. Optionally add notes
  5. Click Save

Vault Health

The Health section checks your passwords for:

  • Weak passwords (short, simple, or commonly used)
  • Reused passwords across multiple sites
  • Passwords found in known data breaches (via HaveIBeenPwned k-Anonymity API)
Breach checking uses the k-Anonymity model — only a 5-character prefix of the SHA-1 hash of your password is sent to the API. The full password never leaves your device.

Credit Cards

Store payment card details securely. Card numbers, CVV codes, and expiry dates are encrypted at rest with the same AES-256-GCM encryption as all other vault entries.

Adding a Credit Card

  1. Click + and select Credit Card
  2. Enter the cardholder name, card number, expiry date, and CVV
  3. Add a label to identify the card (e.g., "Chase Sapphire")
  4. Click Save

Use the copy buttons next to each field to quickly copy card details without displaying them in plain text on screen.

SSH Keys

Store SSH private keys for server access. SVPassman supports generating, storing, and copying SSH key pairs.

Storing an SSH Key

  1. Click + and select SSH Key
  2. Paste your private key or generate a new ED25519 key pair within the app
  3. Optionally add the corresponding public key and a hostname
  4. Click Save

Supported Key Types

  • ED25519 (recommended)
  • RSA (2048, 4096 bit)
  • ECDSA

TOTP / 2FA

Store your two-factor authentication secrets and generate time-based one-time passwords directly within SVPassman — eliminating the need for a separate authenticator app.

Adding a TOTP Entry

  1. Click + and select 2FA / TOTP
  2. Enter the TOTP secret key (usually shown as a QR code when setting up 2FA on a site — copy the text version)
  3. Add a label (e.g., "GitHub", "Google Account")
  4. Click Save

SVPassman will display a live 6-digit code that refreshes every 30 seconds, along with a countdown timer.

Important: Storing your 2FA secrets alongside your passwords in the same vault reduces the security benefit of two-factor authentication. For maximum security, use a separate physical device for TOTP codes. For convenience, SVPassman is a reasonable tradeoff.

Secrets

Secrets are arbitrary encrypted text entries — useful for storing API keys, environment variables, license keys, recovery codes, and any other sensitive text that doesn't fit the other categories.

Adding a Secret

  1. Click + and select Secret
  2. Give it a descriptive title
  3. Enter the secret value in the text area
  4. Click Save

Secrets can store multi-line text, making them suitable for environment files, private notes, or any other sensitive content.

Import & Export

SVPassman supports importing from other password managers and exporting your data in portable formats. Access both via Settings → Transfer, which opens a panel with Import and Export options.

Importing

Select a source from the dropdown and click Select file to upload. Supported import formats:

  • SVPassman CSV — our native export format, with base64-encoded field values
  • LastPass CSV — export your vault from LastPass and import directly

Exporting

Click Export in the Transfer panel. Available export formats:

  • SVPassman CSV — portable spreadsheet, reimportable into SVPassman on another device
  • JSON — structured JSON file of your vault contents
  • Encrypted backup — your vault encrypted with a passphrase using XChaCha20-Poly1305 and Argon2id key derivation; the safest option for long-term storage
Warning: CSV and JSON exports contain your vault data in plain text. Handle these files with care, store them in an encrypted location, and delete them once no longer needed. Use the Encrypted backup format for safe long-term storage.

Settings

Access settings from the gear icon in the sidebar. Settings are organized into the following sections:

Profile

  • Username — change your display name
  • Profile picture — set a local avatar
  • Remote sync — configure an optional remote server for encrypted vault sync

Security

  • Change Master Key — update your master password
  • Biometric Unlock — enable/disable Touch ID or Windows Hello
  • Auto-lock — set an inactivity timeout after which the vault locks automatically
  • Clipboard clear — auto-clear clipboard after copying sensitive values

Appearance

  • Theme — light or dark mode
  • Language — interface language (English supported)

Transfer

Opens a panel with Import and Export cards. Supports importing from SVPassman CSV and LastPass CSV. Exports to CSV, JSON, or an encrypted backup.

About

Displays the current version, build information, and license details.

← Previous Master Key Next → Download SVPassman