RunaVault

• 

  Project logo

• 

  Login page

• 

  Change password

• 

  Enable MFA

• 

  Diagram

• 

  Admin panel

• 

  Create a new password

• 

  My secrets tab

Inspiration

I wanted a secure password manager without running any servers. AWS offers all the tools to build something serverless, fast, and safe. Most self-hosted alternatives I found either require Docker or lack essential features for team use, like creating groups or sharing passwords within them.

What it does

RunaVault lets users securely store and manage passwords. It uses AWS Cognito for authentication and Secrets Manager for storing encrypted secrets. The entire backend is powered by Lambda functions.

How we built it

Frontend: React + S3 + CloudFront Auth: Amazon Cognito API: API Gateway + AWS Lambda python runtime Storage: DynamoDB Infrastructure as Code: CDK

Challenges we ran into

Since it's a React app hosted as a static website in an S3 bucket, the main challenge was ensuring secrets were never sent as plain text, even over HTTPS. After reading docs and AWS exam materials, I found a solution: Cognito Identity Pools + KMS allowed encrypting secrets on the client side before sending them to the backend.

Accomplishments that we're proud of

• Fully serverless architecture
• Lambda Layers support
• Running Lambda on Graviton2
• Integration with Cognito Groups to share secrets within teams
• Double JWT token validation: at API Gateway and inside Lambda, just in case, it doesn't impact performance a lot

What we learned

• Lambda layers usage
• Work with JWT token, I didn't have this experience in past
• CDK

What's next for RunaVault

• Browser extension
• Mobile extension
• Сode tests
• Enable next HTTP headers --Strict-Transport-Security -- Content-Security-Policy --X-Frame-Options --X-Content-Type-Options --Referrer-Policy --Permissions-Policy

Built With

• apigw
• cloudfront
• cognito
• dynamodb
• javascript
• kms
• lambda
• python
• react
• s3
• serverless