sysPass-Browser is a browser extension that integrates with sysPass (https://www.syspass.org/), a self-hosted password manager. It fills login credentials from a user's own sysPass server.
This extension is an adaptation of the open-source keepassxc-browser project, modified to work with sysPass instead of KeePassXC.
All testing should be done in a sandboxed browser profile or a virtual machine.
- Docker or Podman installed
- The extension loaded (unpacked or from the .zip)
# Clone the repository
git clone https://github.com/miyoyo/syspass-browser.git
cd syspass-browser
# Run the setup script
./test-setup.shThis starts a local sysPass instance at https://localhost:9443 with a self-signed certificate.
- Visit https://localhost:9443 and accept the certificate warning
- Complete the web installer with these values:
- Admin user:
admin - Admin password:
syspass12345 - Master password:
master12345 - Database host:
db - Database admin user:
root - Database admin password:
syspass - Database name:
syspass
- Admin user:
- Log in with
admin/syspass12345 - Navigate to Users & Access > API Authorizations
- Click New to create an API authorization:
- User: admin
- Password:
apipass12345 - Enable actions:
account/search,account/viewPass,account/create,account/editPass
- Save and copy the API token shown
- Go to Accounts > New Account
- Create the following accounts:
- Name: Example Login, URL:
https://example.com, User:testuser, Password:testpass123, Client: Test, Category: Web - Name: GitHub Login, URL:
https://github.com, User:dev@example.com, Password:ghpass456, Client: Test, Category: Web
- Name: Example Login, URL:
- Click the sysPass-Browser icon in the toolbar, then the gear icon to open Settings
- Go to the Connected Databases tab
- Enter:
- sysPass API URL:
https://localhost:9443/api.php - API Key: (the token copied in step 2.6)
- API Key Password:
apipass12345
- sysPass API URL:
- Click Connect
- The status should change to "Connected"
- Navigate to https://example.com (or any site with a login form)
- The sysPass-Browser icon should appear in the username field
- Click the icon to see matching credentials in a dropdown
- Select an entry to fill in the username and password
- Navigate to any website with a login form
- Enter a username and password manually
- Submit the form
- A banner should appear at the top asking to save the credentials
- Click New to save them to sysPass
- While saving, a spinner should appear on the button
- Navigate to any website with a password field
- Click the key icon that appears in the password field
- A password generator popup should appear
- Click "Generate" and then "Fill" to use the generated password
- Open the extension Settings > Connected Databases
- Scroll to "Passkey Protection"
- Set lock mode to "Timed" with a 1-minute timeout
- Click "Set Up Passkey Protection" and complete the WebAuthn prompt
- After 1 minute, the vault should lock automatically
- The extension popup should show "Vault is locked" with an Unlock button
- Clicking Unlock opens a dedicated page for WebAuthn authentication
- Clicking the locked padlock icon in a credential field also opens the unlock page
- Alt+Shift+U (Ctrl+Shift+U on Mac): Fill username and password
- Alt+Shift+P (Ctrl+Shift+P on Mac): Fill password only
- Alt+Shift+G (Ctrl+Shift+G on Mac): Open password generator
cd docker
docker compose down # Stop containers
docker compose down -v # Stop and remove all data| Service | Username | Password |
|---|---|---|
| sysPass Admin | admin | syspass12345 |
| sysPass Master | (master password) | master12345 |
| Database Root | root | syspass |
| API Password | (API auth) | apipass12345 |
| Test Account 1 | testuser | testpass123 |
| Test Account 2 | dev@example.com | ghpass456 |
Used to detect login forms on the currently active tab and fill credentials into them. The extension only accesses the active tab when the user explicitly interacts with it (clicking the icon, using keyboard shortcuts, or when auto-fill is enabled).