Desktop Application (Mac/Windows) - with browser extension encryption done in the app

ADMIN note:
This thread contained historically a conversation for all platforms. Now this thread has been split.
The original bellow is kept as it contained specific implementation constrains. See also:

Q1. What is the enhancement required?
Passbolt should have it’s own Desktop Application on Mac and Windows.
Passbolt should be available on Windows Store & Mac AppStore, because it’s worth it.

Q2 - Who is impacted?
Users with lot of heavy application that works only on Desktop are impacted,
because Passbolt browser extensions do fill password only on Website.

Q3 - Why is it important and/or urgent?
Desktop applications are the guarantee of quality and security.
Browsers and website (javascript) still lacks of many security issues.

Q4 - What is your proposed solution?
It would be great to manage password, lock/unlock the vault directly from the Desktop App.
Browser extensions would be lock/unlock in real time.
And provide one more layer of security with Biometry

For my concern browser extensions should only work as an extension of the real Passbolt Desktop App.
The browser should not have access to all passwords, it should only see if the vault is lock or unlock and only ask for the asked password with biometry confirmation.

Desktop App Browser Extension AutoFill Password

Q5. Community support

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters


I am fully agree with this one!
it’s time for passbolt to overlap with native apps.
.Net MAUI should to the trick if you don’t have hundreds of developers

And I yeah biometry, sure! Yes we need that!



As an IT solutions installer, we manage several agencies and two hospitals. And it is always very difficult to convince them about a password safe area in the browser.
The prerequisites for hospitals are heavy and secure applications, local server, with double DMZ.
Especially with critical things like passwords.

In my case only 4 of 27 agencies was convince to have passwords in the brower.
And I had to role back to a different approach for 3 companies,
So now I am always asking if all the things in the browser, is good for them.

I think, it is a primordial topic.

1 Like

What do you expect? Yeah I am using the new .Met MAUI framework, and seems fit the needs of a Desktop Application.
You know Microsoft just integrate the natives .Net for Mac & .Net WinUi
And all of this can be called from .Net MAUI.
One interface, one repository, one cryptographic lugage for 2 Desktop Application (Mac/Win)

Glad to see this thread!
I am searching an european alternative to Kaspersky Password Manager.
I found this link It bring me to Passbolt!
I tried each one, none have a real desktop application except Padloc, but it is a web application disguised behind electron, no autofill, no biometry, not good for me.
So we do not have a real european alternative with a strong desktop application…
I am so discouraged on my search…

Unfortunately there is no plan for a Desktop App.
@remy on another topic said:
“Bear with us, we don’t have hundreds of developers on the payroll yet.
…That would be a big shift of architectures.”

Source: (More browsers plugins support (Edge, Safari))
PS: This thread has been created in early 2018, we could wait 5 more years to see maybe an attempt.

1 Like

@clovs please don’t deform what I am saying.

We do have plans for both safari and desktop app next year. We don’t have the resources to start working on this now.

The big shift of architecture was to implement the desktop app / browser extension the way you suggested, e.g. to require the app to use the browser extension.


This is not a very friendly way to contribute to this forum. In the other thread other browsers where mentioned, and we shipped Edge for example, because it requires less custom work than safari. There was an attempt at building the Safari extension which people did on their free time, and it was too buggy to be shipped / would be hard to maintain under the manifest v2 architecture, therefore it will be shipped once manifest v3 is ready.

You want things to move faster, we do as well. No need to be passive agressive with us.


@remy I just wanted to be pragmatic, I am also from the IT world…
I am not used to maintain customer’s illusion, I prefer them to be well surprise if it’s come sooner.

I’m happy for PassBolt, that Edge moved to chromium in early 2020, and PassBolt took the opportunity to carry out its work there. :slight_smile:

I am glad to see you in this topic, it is the guarantee of important and quality topic.

@remy Because it’s essential for me to have that.
I would like to know if you program this to be available next year, end of 2023?
Do you have a roadmap for this?
Do you have a github repository for the Desktop Application part, to follow?

Thanks in advance for your answer

1 Like

Hi @Phenek yes to end of the year 2023 but must most likely before. Q2 would be realistic goal at the moment (we’re hiring in that direction).

We don’t have a repository at the moment, we have not selected the technology yet, but so far the consensus seems to push forward an electron app as we would be able to reuse most of the work we did for the browser extension. There are obviously some security considerations we need to look at more closely. There are some disadvantages also, for example not being able to / harder to be in the appstore.

1 Like

HOo you mean Electron.js, so you will stay on javascript, right?

Yeah I eard a lot about Electron vulnerabilities.
About the AppStore it’s because javascript can be updated from API, and it can lead to have malicious code that update it self from javascript without the user notifying it, either the software company.

I will follow this thread until you select the technology.
Thanks for your speed answer.

@Guardian42 I also test Padloc, at first it’s was impressive.
But at the end, It is not what I expected.

The browser extension do not communicate with the App,
when you unlock one the other one still lock.
So you have to unlock it manually everywhere…

The Biometry stuff seems to be limited with electron (did not works for me),
It’s a shame, because it’s a native computers’ feature now.

I was looking for the Download link…
Ok, take your time, the big shift of architectures is needed here.

How can we encourage this?
We only use desktop apps on our side.

We would be very happy to be able to encourage, help, follow this future desktop app closely.

Let us know :slight_smile:

1 Like


Just a quick update that we started working on this in Q1 2023. So we’ll share the results of our initial technical / security investigations and the code of a partial POC as soon as it’s ready. You will then be able to provide feedback as we move next to the design phase.


It’s going to be great, we’re hungry for news!
Let us know for any thread to follow


I’m not sure if you’re going to stick with JavaScript, for good?
If you take this step, please be aware that Microsoft Teams 2 has decided to stop using Electron.js and switch to WebView2 based on Chromium.
You could maybe take the same path?

1 Like

That’s definitely something we have been investigating, more info are going to be communicated very soon :eyes:

1 Like