Local-first desktop domain management for multiple registrars.
- Encrypted local profiles with separate passphrases
- Registrar connection vault for Namecheap, IONOS, Name.com, Porkbun, and Cloudflare
- Desktop shell using Electron with a secure preload bridge
- Browser preview for UI work
- Connection test IPC paths for the supported registrars
- Unified dashboard, inventory, health, and audit surfaces
npm install
npm run devOpen the browser preview at:
http://127.0.0.1:5173
Run the desktop shell:
npm run desktopnpm run lint
npm run buildProfiles are stored locally in the app environment. Each profile vault is encrypted with Web Crypto using PBKDF2-SHA-256 and AES-GCM before it is persisted. Passphrases stay in memory only while the profile is unlocked.
The first storage driver uses browser-local storage so the same encrypted vault works in both browser preview and Electron. The domain, audit, and connection models are isolated so a SQLite driver can replace the storage backend without rewriting the UI.
- Namecheap requires API access and a whitelisted public IPv4 address.
- IONOS uses an IONOS Developer API key prefix plus key secret as
key_prefix.key_secret. - Name.com uses username plus API token and supports production or sandbox. If 2FA is enabled, enable Name.com API access under Security Settings. Sandbox uses a separate token and
-testusername. - Porkbun uses an API key and secret API key.
- Cloudflare uses a user API token. For this app, grant Zone Read plus DNS Read/Edit for the zones you want managed. Account ID is not required for token verification or zone listing.
- Cloudflare: My Profile > API Tokens > Create Token > grant Zone Read and DNS Read/Edit > copy token secret.
- IONOS: open IONOS Developer API docs > create API credentials > copy key prefix and secret.
- Namecheap: Profile > Tools > Namecheap API Access > enable API > copy key > whitelist public IPv4.
- Name.com: Account Settings > Security > API Tokens > create token; enable Name.com API access if 2FA is on.
- Porkbun: Account > API Access > create key > copy API key and secret > enable API Access per domain.
The Sync registrars button runs in the Electron desktop shell, calls each saved registrar connection, and updates the encrypted local domain inventory. If one connection fails, domains from that failed connection are preserved and the connection gets an error status while successful connections still update.
Health is a separate view from Domains. Domains is the inventory table. Health summarizes DNS, SSL, mail, and security status by domain. The current implementation shows synced status and placeholders; live SSL/MX/SPF/DKIM/DMARC checks are the next health-check layer.
This folder is not initialized as a Git repository yet. To publish it, add this folder in GitHub Desktop and choose Create Repository, or run git init from this directory first.
Live credential tests run through the Electron main process so the renderer does not own cross-origin registrar API calls.