sysPass v3

Happy New Year, Happy New Release Posted by Rubén D. on 1st Jan 2019

This year surely brings new wishes, new proposals and all of these stuff that we want to change or improve over the years. I wish many things though most of them aren't on my hands, some others like sysPass are. I want to evolve sysPass as a reference tool on password management security, because we need Open Source tools, which give us the power to decide if they are so confident to hold our data and improve them by either coding or submitting issues.

Under the hood

sysPass v3 does not provide a bunch of new features, though it brings many useful ones, but it was focused to be a more reliable software instead, by implementing many best practices on software development like:

  • Domain Driven Design (DDD): a way to design software architecture around a Domain based knowledge. sysPass embraces some of its principles by isolating many pieces of its architecture to be more pluggable.
  • URL routing: it provides a better way to bootstrap an application workflow, by setting a single entryproint (ie. index.php) for running every application's action besides fancy browser's URL.
  • Composer: the awesome PHP package manager, which will keep up-to-date sysPass dependencies and will make it more confident about security issues.
  • PHP compatibility: this release is compatible with 7.0, 7.1 and 7.2 PHP versions
  • Testing: by adopting some coding practices it makes sysPass code base more testable, thus critical and not so critical actions are being automatically tested by PHPUnit Framework on Travis CI platform, so it allows to deliver more well tested releases and avoids to perform many manual tests which could be less accurate and lower code coverage. Some numbers like 1406 tests and 22082 assertions yield on a decent 56% of code coverage, which means that a half of the code is being automatically tested. You can take a look to some useful stats on Code Climate or scrutinizer.

What's new?

This version though it has been focused on the code base, implements a few new and useful features like:

  • Improved account ACLs by rewriting the core engine and implementing read and write permissions for either users or groups.
  • Added preset values, which allow to set or enforce some items values depending on user, group or profile. These values could be account permissions, session timeout or passwords complexity.
  • Improved event logging by using a new event-driven model, which allows to notifications handlers to "listen" for any triggered event. This feature gives more granularity to notifications sent by email or log receivers.
  • LDAP core engine has been rewritten and it now supports plain LDAP, Active Directory or Azure Active Directory. The import module allows to import users and groups separately besides using custom LDAP filters.
  • Files management has been improved by implementing MIME type checking.
  • Custom fields encryption can now be disabled. This feature will allow to use custom fields' data in search results on future releases.
  • Accounts can now be accessed by using a signed deep link, which provides a secure way to point to an account by sharing a link.
  • Accounts history can now be restored from any point including deleted ones.
  • SSO can now be set by using Auth Basic. Users who are granted using an Auth Basic scheme, will be granted to log into sysPass without entering any login data.


sysPass v3 is a major update which provides more reliability and a strong code base for rapid development of future releases.

You can try it out on

Documentation (work in progress) can be found on