Project Introduction
Monica Local Vault
A Local-First Password Vault Aggregating Bitwarden & KeePass
Android / Browser · Local Vault · TOTP · WebDAV Backup
⚠️ Secure Backup Reminder
Your data privacy is priceless! Please ensure you make regular backups across multiple storage media!
Make sure to back up your vault properly. Data privacy is invaluable! Do not keep all your eggs in one basket—avoid relying entirely on a single software application!
Monica is a local password vault (Local Vault) that aggregates Bitwarden and KeePass ecosystems. Built on a local-first architecture, it helps you uniformly manage accounts, passwords, 2FA tokens, private notes, and sensitive attachments across Android and desktop browsers.
📌 Project Updates Notice
- Monica for Windows has been archived. Check historical code here:
Monica-for-Windows - ⏳ Due to finite development bandwidth,
Monica for WearandMonica for Browserare temporarily not actively updated. - 🎯 At this stage, full focus is dedicated to the feature completeness, user experience optimization, and stability maintenance of
Monica for Android. Thank you for your understanding.
🧭 User Guide
🎯 Who is Monica For?
- Users who prefer local-first credential management and do not want their sensitive account data hosted on third-party cloud servers.
- Dual-ecosystem players who use Bitwarden features but also maintain KeePass (
.kdbx) databases. - Anyone looking for an efficient Android client combined with intelligent autofill capabilities on browsers.
🎁 What You Get
- Local Encrypted Safe: Securely store login credentials, payment cards, IDs, secure notes, and attachments.
- Dual-Ecosystem Aggregation: Integrates Bitwarden API synchronization alongside native KeePass (
.kdbx) read/write capabilities on Android. - Diversified Sync & Backup: Securely transfer data across devices using your own self-hosted WebDAV infrastructure.
- Built-in TOTP: Manage both standard passwords and secondary two-factor authentication codes inside a single application.
📱 Android Highlights
✨ Core Features
- Local Vault — All core credentials are encrypted natively using high-strength storage algorithms.
- Aggregated Import — Fully supports seamless migration from KeePass files and flexible integration with Bitwarden ecosystems.
- Smart Search — Quickly locate your targets using multi-dimensional queries across titles, domains, and custom tags.
- Biometric Authentication — Leverages system-level biometric prompts (Fingerprint/Face Unlock) for instant yet airtight security.
- TOTP Management — Consolidates, organizes, and dynamically generates 2FA authentication codes.
🛠️ Technical Stack
The architecture strictly follows Modern Android Development (MAD) practices:
| Architectural Layer | Technologies & Components |
|---|---|
| UI Presentation Layer | Jetpack Compose + Material 3 + Navigation Compose |
| Data Persistence Layer | Room (PasswordDatabase) + Data Access Objects (DAO) + Repository Pattern |
| Asynchronous/Concurrency | Kotlin Coroutines + Flow responsive data streams |
| Dependency Injection (DI) | Koin (highly cohesive setup initialized at app startup within MonicaApplication) |
| Background Scheduling | WorkManager (lightweight, reliable automated WebDAV backups driven by AutoBackupWorker) |
| Protocols & Integrations | Retrofit + OkHttp (Bitwarden API) |
kotpass (Core KeePass parsing Engine)
sardine-android (WebDAV client) |
🔒 Pure Security Model
Security is the core foundation of a password manager. Monica implements rigorous architectural defenses at the lowest level:
NOTE
1. Core Cryptographic Algorithm Implements the AES-256-GCM authenticated encryption scheme, ensuring complete data confidentiality alongside full-scale integrity checks to prevent tampering.
NOTE
2. Key Derivation Function (KDF) Employs the PBKDF2-HMAC-SHA256 algorithm with highly intensive iteration parameters, drastically raising the technical barrier and time-cost for brute-force attacks.
NOTE
3. Hardware-Backed Local Protection The master password hash and core security configurations are securely delegated to the system-level Android Keystore, EncryptedSharedPreferences, and BiometricPrompt, keeping encryption keys entirely within hardware-isolated environments.
CAUTION
4. Explicit Network Boundaries The application's declared network permissions are exclusively utilized for user-triggered workflows—such as Bitwarden API interactions and WebDAV synchronization. It contains absolutely zero third-party telemetry, trackers, or hidden analytics.
🤝 Open Source Acknowledgements
The design, compatibility design, and features of Monica are deeply inspired by the open-source community. We sincerely appreciate the following projects and software:
- Keyguard — Excellent reference for an exceptional, sleek Android password manager user experience.
- Bitwarden — Vital reference for open-source password ecosystems, data schemas, and multi-client synchronization.
- KeePass — The pioneer of local password storage, serving as the baseline foundation for our
.kdbxfile reading and writing. - Stratum Auth — Guidance for 2FA user experiences, beautiful brand icon packages, and verification standards.
📈 Star History
Click the chart below to navigate to the full star history dashboard.
📑 Licenses & Asset Attributes
License Declaration
Copyright (c) 2025 JoyinJoester
This project is released strictly under the terms of the GNU General Public License v3.0. You are free to distribute, modify, and build upon this software in compliance with the license provisions.
📦 Third-Party Icons & Trademark Notices
To deliver a more streamlined 2FA account management experience, this project packs and references several local static assets:
IMPORTANT
- Icon Asset References: This project incorporates pre-packaged icon assets (version
v1.4.0, containingiconsandextraiconsfolders) courtesy of the Stratum Auth app. These assets are similarly licensed under GPL-3.0. Special thanks to the original creator for their selfless contribution. - Trademarks: All third-party brand names, registered trademarks, and commercial logos mentioned in the documentation or app remain the exclusive property of their respective legitimate owners.