scriptos/keywarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

6 Releases 6 Tags

RSS Feed
  • v0.4.0-alpha c3464d7769
    Compare

    v0.4.0-alpha
    All checks were successful
    Release Docker Image / Build & Push Docker Image (release) Successful in 11m26s
    Details
    Pre-Release

    scriptos released this 2026-04-09 20:59:42 +00:00 | 0 commits to master since this release

    Release Notes – v0.4.0-alpha

    Release Date: April 9, 2026

    New Docker Image

    Registry: https://git.techniverse.net/scriptos/-/packages/container/keywarden
    Tags: latest, v0.4.0-alpha

    What's New

    Keywarden v0.4.0-alpha is here and it's a big one! This release brings a completely refreshed visual experience with a sleek glassmorphism design across the entire UI, full login page customization, massive performance improvements, and important security hardening under the hood. Let's dive in!

    New Features

    • Glassmorphism UI Overhaul – All cards, the header, sidebar, and standalone pages now feature a modern glassmorphism (glass) effect for a polished, contemporary look. (2f55ec8)
    • Login Page Customization – Administrators can now upload a custom background image for the login page. The login text color is automatically detected based on the background image brightness – no manual tweaking needed. (b665e62, b4424b1)
    • System Master Key Deployment – The owner can now deploy the system master key directly from the Deploy page, with full logging in the deployment history and flash feedback on success. (dd4af5b, 07ea917)
    • Timezone Support (TZ) – All displayed timestamps now respect the TZ environment variable, so your audit logs, cron schedules, and other dates finally show the correct local time. (da6d66e)
    • Gzip Compression Middleware – HTTP responses are now gzip-compressed on the fly, reducing bandwidth and improving page load times. (34ce8a8)
    • Centralized Version Management – The application version is now maintained in a single source-of-truth file (internal/version), displayed in the footer, and correctly handled for pre-release tags by the updater. (1cf7f50)
    • Reworked Footer – The footer has been cleaned up: the license text was removed, "Keywarden" now links to keywarden.app, and the version badge links to the releases page. (c15bac1)

    Bug Fixes

    • Hardened authentication timing, cookie attributes, password generation bias, and email template escaping; added comprehensive security tests. (ca402eb)
    • Master key deployments are now correctly logged in the deployment history. (07ea917)
    • Fixed icon-text spacing on standalone pages. (dae6c6a)
    • Fixed upload button alignment in the login background image section. (789ef6f)

    Performance

    • Icon Font Subsetting – The bundled Tabler Icons font and CSS have been subset to only the icons actually used by Keywarden, shrinking the woff2 from 801 KB → 18 KB and the CSS from 217 KB → 4 KB. (8a10981)

    Documentation

    • Updated architecture, security, and contributing docs to cover gzip compression and font subsetting. (ce36939)

    Full Changelog

    All commits since v0.3.0-alpha (oldest → newest):

    • fix: harden auth timing, cookie attrs, password gen bias, email template escaping; add security tests (ca402eb)
    • feat: centralize version in internal/version package, fix updater for pre-release tags, show version in footer (1cf7f50)
    • feat: allow owner to deploy system master key from deploy page (dd4af5b)
    • fix: auto-detect version from version.go in Dockerfile, pass git tag in CI release (3a86091)
    • feat: add gzip compression middleware for HTTP responses (34ce8a8)
    • perf: subset tabler-icons font/CSS to used icons only (801KB → 18KB woff2, 217KB → 4KB CSS) (8a10981)
    • docs: update architecture, security and contributing docs for gzip and font subsetting (ce36939)
    • fix: add icon text spacing to standalone pages (dae6c6a)
    • feat: add login page customization (background image, glass card style, subtitle) (b665e62)
    • feat: rework footer – remove license, link Keywarden to keywarden.app, link version to releases page (c15bac1)
    • feat: add TZ timezone support for all displayed timestamps (da6d66e)
    • fix: master key deploy now logged in deployment history, add flash feedback after deploy (07ea917)
    • feat: add glassmorphism effect to all cards, header, sidebar and standalone pages (2f55ec8)
    • feat: auto-detect login text color based on background image brightness (b4424b1)
    • remove: login card style dropdown and subtitle setting, glass effect now always active (c2b9656)
    • fix: align upload button layout in login background image section (789ef6f)
    Downloads
  • v0.3.0-alpha fe31ef5a3c
    Compare

    v0.3.0-alpha
    All checks were successful
    Release Docker Image / Build & Push Docker Image (release) Successful in 6m44s
    Details
    Pre-Release

    scriptos released this 2026-04-08 18:23:24 +00:00 | 19 commits to master since this release

    Release Notes – v0.3.0-alpha

    Date: 2025-04-08

    Overview

    KeyWarden v0.3.0-alpha is here – and it's a colorful one! 🎨 This release brings a whole new theming experience with five beautiful theme pairs, an automatic update checker so you never miss a new version, improved security for the initial owner account, and a brand-new SSH key enforcement worker inspired by Bastillion. On top of that, the UI got some nice quality-of-life improvements for viewing and copying keys.

    New Features

    • Five new theme pairs with light/dark/auto modes
      Introducing Ocean, Forest, Sunset, Rose, and Nord themes – each with carefully tuned light and dark variants plus auto-detection. Ocean is now the default theme. Legacy theme settings (auto/light/dark) are automatically migrated.

    • Automatic update checker with version injection
      KeyWarden now checks for new releases via the Gitea API every 6 hours. Admin and owner users see an update badge in the header when a newer version is available. The current version is also displayed on the system info page. Version is injected at build time via -ldflags.

    • Bastillion-style SSH key enforcement worker
      A new background worker that enforces SSH key policies across managed servers, inspired by the Bastillion approach.

    • Initial owner protection
      The initial owner account is now protected from role changes and deletion, preventing accidental lockout of the primary admin.

    • Public key displayed in modal with copy button
      Public keys are now shown in a convenient modal dialog with a one-click copy button, replacing the old plain-text page.

    Bug Fixes

    • Clipboard fallback for master key copy on HTTP
      Fixed an issue where copying the master key to the clipboard failed on non-HTTPS connections. A fallback mechanism is now in place.

    Documentation

    • Added a dashboard screenshot to the README for a better first impression.
    • Updated user guide with new theme descriptions.
    • Updated deployment, architecture, admin guide, and contributing docs for the version injection / update checker feature.

    Changelog

    Commit Description
    653592e feat: add automatic update checker with version injection
    465a44f feat: show public key in modal with copy button instead of plain text page
    05f8698 fix: add clipboard fallback for master key copy on HTTP
    a63f3fb feat: add 5 theme pairs (ocean, forest, sunset, rose, nord) with light/dark/auto modes
    c4171e5 feat: protect initial owner from role change and deletion
    8b9de9e feat: add Bastillion-style SSH key enforcement worker
    3a84335 docs: add dashboard screenshot to README
    Downloads
  • v0.2.1-alpha 61cc63d3f9
    Compare

    v0.2.1-alpha
    All checks were successful
    Release Docker Image / Build & Push Docker Image (release) Successful in 5m31s
    Details
    Pre-Release

    scriptos released this 2026-04-05 20:31:32 +00:00 | 28 commits to master since this release

    Release Notes – v0.2.1-alpha

    Release Date: April 5, 2026

    Overview

    This release brings a much-requested quality-of-life improvement for administrators: a CLI-based password reset command. No more deleting the database just because someone forgot their password or lost their TOTP device — simply run a single docker exec command and you're back in business. 🎉

    New Features

    CLI Password Reset (reset-password)

    Administrators can now reset any user's password directly from the command line without restarting the container or touching the database manually.

    docker exec -it keywarden ./keywarden reset-password --username <name>
    • Generates a secure random password and prints it to the terminal
    • Automatically forces the user to change the password on next login
    • Clears any active account lockout (failed login attempts & lockout timer)
    • Optional --reset-mfa flag to disable MFA (e.g. when the TOTP device is lost): 
      docker exec -it keywarden ./keywarden reset-password --username <name> --reset-mfa

    CLI Help Command

    A new help subcommand shows all available CLI commands and usage examples:

    docker exec -it keywarden ./keywarden help

    Documentation

    • Admin Guide: Added new "CLI Commands" section documenting the reset-password and help commands.
    • Troubleshooting: Updated "Forgot Admin Password" and "Account Locked Out" sections to reference the new CLI reset command instead of the old "delete the database" workaround.

    Changelog

    Commit Description
    f893d26 fix: enforce LF line endings for shell scripts (.gitattributes)
    68777a5 feat: add CLI password reset command (docker exec reset-password)

    Shoutout: Big thanks to Thomas (aka SchiWaGoA) — this feature was built for you! 🙌

    Downloads
  • v0.2.0-alpha 0fcd99a191
    Compare

    v0.2.0-alpha
    All checks were successful
    Release Docker Image / Build & Push Docker Image (release) Successful in 5m33s
    Details
    Pre-Release

    scriptos released this 2026-04-05 18:00:27 +00:00 | 31 commits to master since this release

    Release Notes – v0.2.0-alpha

    Date: 2026-04-05

    Overview

    This release focuses on stability, security, and a smoother deployment experience. i squashed a critical bug that could cause data loss on container restarts, improved the Docker setup so things just work out of the box, and polished the UI for the forced password change flow. Small but mighty! 🚀

    Bug Fixes

    • Fixed data loss on container restart – Relative paths in .env.example (e.g. ./data/...) resolved to /app/data/ inside the container instead of the persistent volume at /data/. This caused the database to be recreated on every restart, resetting the admin password each time. Paths now default to correct absolute locations, and a new startup check warns when potentially dangerous relative paths are detected. As an extra safety net, an initial_setup_complete flag prevents the admin account from being silently re-created after the initial setup. (bb3bf03)
    • Fixed /data permission denied on bind-mount – Added entrypoint.sh to ensure correct ownership of the /data directory when using Docker bind-mounts, so KeyWarden starts without permission errors. (be05dd5)

    Improvements

    • Force Password Change UI – The forced password change page now uses a clean standalone layout without the sidebar, providing a distraction-free experience for users who need to update their credentials. (ea3e7e7)
    • Docker Compose build step – Added build: . to docker-compose.yml so docker compose up --build works directly from the repository without needing a separate build command. (c2d4148)

    Documentation

    • Container Registry URL – Added the container registry URL to the deployment docs and README so users can pull pre-built images directly. (025d23e)

    Changelog

    Commit Description
    ea3e7e7 refactor: convert force_password_change to standalone layout (no sidebar)
    c2d4148 add build to docker-compose
    bb3bf03 security: fix data loss on container restart due to relative paths
    be05dd5 fix: add entrypoint.sh to fix /data permission denied on bind-mount
    025d23e docs: add container registry URL to deployment docs and README

    Full diff: v0.1.1-alpha...v0.2.0-alpha · 11 files changed, 262 insertions(+), 71 deletions(-)

    Downloads
  • v0.1.1-alpha 5bd77de32d
    Compare

    v0.1.1-alpha
    All checks were successful
    Release Docker Image / Build & Push Docker Image (release) Successful in 5m11s
    Details
    Pre-Release

    scriptos released this 2026-04-05 16:41:45 +00:00 | 37 commits to master since this release

    Release Notes – v0.1.1-alpha

    Release Date: April 5, 2026

    Overview

    Welcome to v0.1.1-alpha of Keywarden! This patch release brings important improvements to IPv6 compatibility, a cleaner naming convention for environment variables, and an upgraded Docker Compose setup that makes getting started even easier. We've also expanded the documentation with a secure key generation guide and links to our brand-new Matrix community chat – come say hi! 🎉

    New Features

    • Prebuilt Docker image & improved Docker Compose setup – The docker-compose.yml now uses a prebuilt image with bind mounts and a custom network, making deployment faster and more straightforward.

    Bug Fixes

    • IPv6-compatible address formatting – Server address construction now uses net.JoinHostPort, ensuring correct behavior with IPv6 addresses.

    Improvements

    • Renamed environment variablesKEYWARDEN_ADMIN_USER / KEYWARDEN_ADMIN_EMAIL have been renamed to KEYWARDEN_OWNER_USER / KEYWARDEN_OWNER_EMAIL to better reflect the owner role. Backward compatibility is preserved – the legacy ADMIN variables are still accepted but will show a deprecation warning.

    Documentation

    • Added a secure key generation guide for session and encryption keys.
    • Added Matrix community chat links for easier communication and support.
    • Updated the feedback link to point to GitHub Issues.

    Changelog

    Commit Description
    43827d0 docs: add Matrix community chat links
    2689557 fix: use net.JoinHostPort for IPv6-compatible address formatting
    45baaf8 docs: add secure key generation guide for session and encryption keys
    fbff33d docs: update feedback link to GitHub Issues
    e994f13 refactor: rename KEYWARDEN_ADMIN_USER/EMAIL env vars to KEYWARDEN_OWNER_USER/EMAIL
    7751860 feat: use prebuilt image, bind mount and custom network in docker-compose
    Downloads
  • v0.1.0-alpha fd13e67aef
    Compare

    v0.1.0-alpha
    Some checks failed
    Release Docker Image / Build & Push Docker Image (release) Failing after 1m30s
    Details
    Pre-Release

    scriptos released this 2026-04-05 15:05:58 +00:00 | 49 commits to master since this release

    🎉 Keywarden v0.1.0-alpha — First Release!

    This is the very first release of Keywarden — a new open-source, self-hosted web application for centralized SSH key management and deployment.

    Generate, store, and deploy SSH keys to your Linux servers from a single web interface — with audit logging, role-based access control, encrypted storage, and automated temporary access scheduling. All running as a single Docker container with embedded SQLite.

    ⚠️ Alpha Notice

    This is an alpha release. Expect rough edges — bugs, incomplete features, and potential security issues are possible. Do not expose Keywarden directly to the public internet. Use it only in trusted, private networks.

    Breaking changes may occur in future versions.

    Getting Started

    git clone https://git.techniverse.net/scriptos/keywarden.git
cd keywarden
cp .env.example .env  # Fill in your secrets and configuration
docker compose up -d

    Check out the README and documentation for setup details and configuration options.

    Feedback Welcome!

    This is my first release — I'd love to hear your feedback! Bug reports, feature requests, or just a quick "it works!" are all greatly appreciated. 🙏

    For discussion and exchange, feel free to join the Matrix room: #keywarden:techniverse.net

    Downloads