Bramble: A Local-First, P2P Password Manager
Bramble: A Local-First, P2P Password Manager
Overview
Bramble is a local-first, open-source password manager designed to replace cloud-based providers by removing the central vault server. It provides P2P cross-device synchronization, passkey storage, and a focus on high-memory safety through a Rust-based cryptographic core.
P2P Synchronization Architecture
Bramble eliminates the cloud copy of passwords by using a peer-to-peer (P2P) synchronization mechanism. The system utilizes a Nostr relay to introduce devices to one another, but the actual data transfer occurs directly between devices via WebRTC.
This architecture ensures that no vault server stores a copy of your passwords. All data leaving a device is end-to-end encrypted, and devices authenticate each other directly, mitigating the risk of man-in-the-middle (MITM) attacks or snooping by the relay.
Security and Memory Management
Bramble's cryptographic operations are performed in Rust to ensure precise control over how key material is handled in memory. This prevents sensitive data from from leaving copies of secrets in the memory (garbage collection) and ensures secrets are zeroed out after use.
To maintain this consistency across platforms, the core logic is implemented as follows:
- Chromium Extensions: The crypto core is deployed as a WebAssembly (Wasm) module.
- Mobile Applications: Native builds are bridged via UniFFI.
Platform Availability
Bramble Bramble is available as a Chrome extension and an Android app. An iOS version is currently pending Apple's approval. The app is designed to be independent of Google Play APIs, allowing it to run on GrapheneOS, where the primary testing was conducted.
Key Features
- Local-first approach: No centralized cloud storage for passwords.
- P2P Sync: Uses WebRTC and WebAssembly for secure, direct device-to-device transfer.
- Tansparency: Fully open source and free.
- Passkey Support: Integrated passkey storage across all supported platforms.