A secure, self-hosted password manager built with Symfony 7.4 and PHP 8.4, featuring end-to-end encryption, group-based access control, and a RESTful API.
- PHP: 8.4 or higher
# Required extensions
php8.4-cli
php8.4-mysql
php8.4-mbstring
php8.4-xml
php8.4-curl
php8.4-zip
php8.4-intl
php8.4-sodium
php8.4-pdoFor production, you also need to install php-fpm and configure it to run as a service.
You'll need an SMTP server for sending verification emails.
git clone https://github.com/mixvoip/yapm.git
cd yapmcomposer installCopy the example environment file and update it with your settings:
cp .env .env.localEdit .env.local:
###> symfony/framework-bundle ###
APP_ENV=dev
APP_SECRET=your-secret-key-here
###< symfony/framework-bundle ###
###> doctrine/doctrine-bundle ###
DATABASE_URL="mysql://db_user:db_password@127.0.0.1:3306/yapm_dev?serverVersion=8.0.32&charset=utf8mb4"
###< doctrine/doctrine-bundle ###
###> symfony/mailer ###
MAILER_DSN=smtp://localhost:1025
MAILER_FROM_ADDRESS=yapm@yourdomain.com
###< symfony/mailer ###
SERVER_PRIVATE_KEY=your-private-key-here
SERVER_PUBLIC_KEY=your-public-key-here
###> lexik/jwt-authentication-bundle ###
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=your-jwt-passphrase
###< lexik/jwt-authentication-bundle ###
# Application specific
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'# First set your passphrase in the .env.local file
# Then generate the keys
php bin/console lexik:jwt:generate-keypairphp bin/console app:encryption:generate-server-keypair# Create database
php bin/console doctrine:database:create
# Run migrations
php bin/console doctrine:migrations:migrate
# (Optional) Load fixtures for testing
php bin/console doctrine:fixtures:load# Start Symfony development server
symfony serve -d
# Or use PHP built-in server
php -S localhost:8000 -t public public/index.php
# Start message queue worker
bin/console messenger:consume async_doctrine -vvYour API should now be accessible at http://localhost:8000
The production setup mirrors the development environment, with automation handled through the provided Makefile.
System prerequisites (PHP 8.4 + extensions, web server, Composer) must already be installed.
git clone https://github.com/mixvoip/yapm.git
cd yapm
git checkout mainFollow the steps in the Development Environment section.
APP_ENV=prod
Follow the steps in the Development Environment section.
# Use make install to setup the project
make installFor the background tasks you need to setup a systemd service.
[Unit]
Description=Symfony Messenger worker for queue %i
After=network.target
[Service]
WorkingDirectory=/your-working-directory/
ExecStart=/usr/bin/php /your-working-directory/bin/console messenger:consume %i --limit=5 --env=prod
Restart=always
RestartSec=2
TimeoutSec=300
User=www-data
[Install]
WantedBy=multi-user.target
php bin/console app:create-admin your_username your_email- End-to-End Encryption: All sensitive data is encrypted before transmission
- JWT Authentication: Secure token-based authentication
- User Password Hashing: Uses Symfony's native password hashing (bcrypt/argon2)
- Public Key Cryptography: Asymmetric encryption for secure key sharing
- CORS Protection: Configurable cross-origin resource sharing
- SQL Injection Protection: Doctrine ORM parameter binding
- Always use HTTPS in production
- Keep JWT passphrase and other private keys secure and never commit to version control
- Use strong database passwords
- Enable PHP opcache in production
- Regularly backup your database
- Monitor logs for suspicious activity
# Never add these files to VCS
config/jwt/private.pem
config/jwt/public.pem
.env.localNote: Check out our frontend repository to use with this API.