A Firefox and Chrome extension for PWDSafe. Sign in to one or more PWDSafe instances, and the extension will find matching credentials for the site you're on and let you fill them into the page's login form.
- Accounts (server URL + email/password, with optional TOTP) are managed from the extension's options page.
- On login, the extension derives the vault key and login hash client-side
(the same way the PWDSafe web app and
pwdsafe-clido — PBKDF2-SHA256, 600k iterations) and authenticates viaPOST /api/auth/login. Your raw password is never sent to the server. - The Sanctum bearer token and (still-encrypted) vault key material are
stored in
browser.storage.local. The decrypted RSA private key is kept only inbrowser.storage.session(memory, cleared when the browser closes). - For each page you visit, the background script queries
GET /api/credentials/search?domain=<hostname>on every configured instance and badges the toolbar icon with the number of matches. - Clicking a match in the popup fetches
GET /api/credentials/{id}, decrypts it client-side (AES-256-GCM / RSA-OAEP, with legacy RSA-PKCS1v1.5 support), and fills the username + password into the page's login form.
- A PWDSafe server, version 3.2 or later.
Firefox and Chrome share a single source tree under src/, written against
the browser.* WebExtension API. A small build script produces the two
per-browser extensions in dist/:
manifest.firefox.json/manifest.chrome.json— per-browser manifests (background script type, icon formats,browser_specific_settings, etc.)build.js— copiessrc/intodist/<target>/, rewritesbrowser.*tochrome.*for the Chrome build, copiesicons/, and writes the mergedmanifest.json(with the version frompackage.json).
npm install
npm run build # builds dist/firefox and dist/chrome
npm run build:firefox # single target
npm run build:chrome # single target
Firefox:
- Run
npm run build:firefox. - Open
about:debuggingin Firefox. - Click This Firefox → Load Temporary Add-on….
- Select
dist/firefox/manifest.json. - Open the extension's options page (toolbar icon → ⚙) and add an account.
Chrome:
- Run
npm run build:chrome. - Open
chrome://extensions/and enable Developer mode. - Click Load unpacked and select
dist/chrome. - Open the extension's options page (toolbar icon → ⚙) and add an account.
npm run lint:firefox
npm run package # builds artifacts/pwdsafe-firefox-<version>.zip and pwdsafe-chrome-<version>.zip
GitHub Actions builds, lints, and packages both extensions on every push and
pull request (see .github/workflows/build.yml), and attaches the zips to a
GitHub Release when a v* tag is pushed.
Firefox (AMO):
npm run package:firefox(or downloadpwdsafe-firefox-*.zipfrom a tagged release/CI run).- Upload the zip at https://addons.mozilla.org/developers/.
Chrome Web Store:
npm run package:chrome(or downloadpwdsafe-chrome-*.zipfrom a tagged release/CI run).- Upload the zip in the Chrome Web Store Developer Dashboard (one-time $5 developer registration if not already done).
To release a new version, bump "version" in package.json, commit, and
push a v* tag — CI will build, package, and attach both zips to the
GitHub Release.