
Show HN: Keycat – A self-hosted end-to-end encrypted password manager - acasajus
https://key.cat/
======
franciscop
Sidenote: Catalonia top level domains (.cat) require the web to be served in
Catalonian as well. That's _probably_ why you see the link in the top-right to
see it in català (or maybe it's done from a person/group from Catalonia).

The TLD has an interesting history:
[https://en.wikipedia.org/wiki/.cat](https://en.wikipedia.org/wiki/.cat)

Edit: the name of the main contributor is a typical catalonian name, so maybe
the requirement is not the main reason for the dual language.

------
ajvs
How is this better than Bitwarden?

~~~
mean_gene_1976
I think self-hosting, or using a regular account with BitWarden is the way to
go. I just don't think E2E encryption is strong, unless implemented carefully?

~~~
jopsen
I think self-hosting is risky.

I trust bitwarden to fix, deploy, remedy, and investigate security fixes
better than I can do :)

~~~
mean_gene_1976
I agree. That’s why I use normal account. I have had clients need a self
hosted solution. I think Bitwarden is good. I haven’t checked the website for
their security audit. I’ll check now

------
ivanfon
Is this maintained? It seems like none of the repos have had a commit in 6
months.

~~~
anaganisk
If the code is stable, why does it require maintenance at all? I dont think
the amount of commits in last 6 months should even be a metric. Issues would
be a better place to look for maintenance.

~~~
doomrobo
There are multiple issues from over 5 months ago that have no response

[https://github.com/keydotcat/keycatd/issues](https://github.com/keydotcat/keycatd/issues)

~~~
Hackbraten
And allegedly, security issues too, including possible SQL injection.

[https://github.com/keydotcat/keycatd/issues/2](https://github.com/keydotcat/keycatd/issues/2)

~~~
nathancahill
Ouch

------
ShorsHammer
Can I suggest a link on the landing page to your keycatd releases? It was
quite confusing at first.

------
xonix
Once I created the similar solution for my own needs, and now I'm successfully
using it for around 4 years:

[https://github.com/xonixx/gae-pass-manager](https://github.com/xonixx/gae-
pass-manager)

Obviously it's much less powerful compared to LastPass and similar services
but works for me well, allowing to securely access my passwords from any
location and device.

~~~
trungdq88
Do you have browser extension/ mobile app? How do you use it conveniently?

~~~
xonix
I don’t have any of this :(

------
minieggs
Why not self host git with pass.

~~~
Bnshsysjab
I’ve been playing with the idea of storing json blobs in gnu pass and using it
as a queryable object with xdotool and xclip to manipulate output.

I like pass but lacks functionality that other managers have

~~~
minieggs
Curious what you miss? I recently started self hosting a Gitlab instance and
switched from Lastpass to pass. Wouldn't of done it without the `passforios`
foss app. Maybe I wasn't using Lastpass to its full potential (only used the
CLI)?

Of course now I have to make sure to git push/pull on all my devices. That's
annoying (but at least it drafts its own commits).

~~~
Bnshsysjab
I’m pretty sure you can auto push with pass.

I miss browser auto fills, But I don’t like the idea of plugins in the browser
like last pass etc, I do use inbuilt autofill because I trust that more, but
that won’t generate my initial passwords and there’s situations where I have
multiple accounts (legitimately, testing in prod where passwords matter).

MacOS seems to have really nice host integration but that’s coming from an
outsider who’s never really touched one.

I also end up in situations where ‘xdotool type’ is the path of least
resistance. VMs with no paste buffer, Citrix sessions, etc. so integrating
xdotool type would be nice.

I also really like the idea of spawning an authenticated browser session from
the shell.

------
brtstk
Any obvious advantages over, say, Keybase + Pass?

------
dang
(You should add a comment to the thread giving the backstory of how you came
to work on this, and explaining what's different about it. That tends to seed
discussion in a good direction. Good luck!)

~~~
inamesh
Absolutely. I come here for the story, not the product.

------
fouc
I was expecting a command line tool for concatenating and printing keys

