Show HN: Bramble – Local-first password manager

MegagramEnjoyer 55 points 8 comments July 02, 2026
github.com · View on Hacker News

I'm currently working on Bramble, an open source password manager with P2P cross-device sync. Initially I released the Chrome extension, but recently I also published the Android app and iOS is pending Apple's approval. Besides that, the latest version also includes passkey storage for all platforms! About Bramble: It aims to be as feature-rich as all popular and a replacement for cloud-based providers. I don't think we need to store our data in the cloud and be at the whims of companies raising their prices every year. There's always a breach and then we find out that some fields aren't encrypted, metadata is visible, and so on. I'm frustrated with this and the increasing lack of transparency during these breaches. The P2P sync in Bramble uses a Nostr relay (which can be self-hosted) to keep your devices in sync. The relay just introduces the devices to each other; the data then flows directly over WebRTC, so there's no vault server and no cloud copy of your passwords anywhere. What leaves your device is end-to-end encrypted and your devices authenticate each other directly, so a snooping or MITM relay gets practically nothing. Crypto is all done in Rust so I can control exactly how key material lives and dies in memory (secrets get zeroed out, no GB leaving copies lying around). In Chromium it's a wasm module, on mobile it's native builds bridged over via uniffi. Android app: I'm still deciding whether to publish the app on Play store or simply provide the signed APK which users can sideload. Reason for that is Google's plan to lock down Android and take away ownership from its users. Read more about it here: https://keepandroidopen.com/ The app uses no Play APIs whatsoever and runs perfectly on GrapheneOS, where I actually did all my testing. Questions, feedback, feature requests - all welcome! TL;DR: I dislike private-equity and venture funded companies messing with our security, so I created my own Password Manager which is local-first, free, open source and as transparent as it gets.

Discussion Highlights (6 comments)

hoistbypetard

> TL;DR: I dislike private-equity and venture funded companies messing with our security, so I created my own Password Manager which is local-first, free, open source and as transparent as it gets. I do too! And I appreciate your transparency about the vibe coding. But nowhere in the repository that I've found so far do you say who is writing this. For something like a password manager, I kind of need to know who's responsible for it, and who's reviewing the LLM source code, what they've done before, what their business model is, etc. Can you share?

keepupnow

What ai tools are you using if I may ask, genuinely interested.

keepupnow

You built your own sync engine? Why?

mune2gu-chan

Really clean concept. Keeping everything entirely on-disk instead of relying on a third-party cloud is something I've been wanting to see more of.

tmpfs

I think local-first password managers are the way forward. Big tech companies already have way too much power and having them mediate our most important data is a bad precedent to set. I like that you made this P2P, I designed one that sits on top of sqlite and is 100% local first but is not P2P, take a look if you are interested in some prior art in this space: https://saveoursecrets.com/ I decided to go with native apps all the way, Rust backend and Flutter front-end but kind of regret it now with how the Play/App stores are such a hassle to work with.

shaunkoh

Congrats! How’s it compare vs self-hosted vaultwarden?

Semantic search powered by Rivestack pgvector
14,015 stories · 131,331 chunks indexed