Self-Hosted Password Managers

This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut

This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.

Vaultwarden is a self-hosted password management server designed to store and synchronize sensitive credentials, identities, and organizational data across multiple client devices. It functions as a database-backed web application that provides an API layer for secure client-server communication, enabling users to manage personal vaults and organizational data sharing with multi-factor authentication. The project distinguishes itself through a comprehensive administrative infrastructure that provides centralized control over server configuration, user accounts, and system diagnostics via a de

CryptPad is a self-hosted, zero-knowledge office suite designed for real-time collaborative editing and content management. It provides a privacy-centric infrastructure where documents, files, and notes are encrypted in the browser before transmission, ensuring that the server administrator cannot access the underlying data. The platform implements zero-knowledge user authentication, utilizing cryptographic keys to verify identities so that plain text passwords are never stored on the server. To further isolate sensitive operations, the system employs a security architecture that separates th

This project is a cross-platform credential management suite designed to store sensitive information in encrypted local databases. It functions as a secure desktop application that provides a unified environment for organizing secrets, generating passwords, and managing multi-factor authentication tokens. By utilizing industry-standard file formats, the application ensures that stored credentials remain secure and interoperable across different operating systems. The software distinguishes itself through deep integration with hardware-backed security and system-level services. It supports phy

KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim

Linsa.io is an end-to-end encrypted cloud storage service and zero-knowledge data vault. It functions as a private content sharing platform that encrypts files and data on the client side, ensuring only the owner can access the stored content. The project employs a local-first approach, processing data updates and encryption on the local device before syncing encrypted blobs to a remote persistence layer. It uses a zero-knowledge architecture where the service provider cannot access decryption keys or view the plaintext content of stored files. The platform provides capabilities for private

Croc is a command-line utility for sending files and folders between computers using end-to-end encrypted peer-to-peer connections. It employs elliptic curve encryption and key agreement to secure data transmission between remote endpoints. The tool allows users to coordinate transfers using a shared code phrase and supports the operation of custom relay servers to facilitate connections without relying on public infrastructure. It also includes a proxy client to route encrypted traffic through SOCKS5 proxies. Additional capabilities include resumable data transmission for unstable connectio

LessPass is a stateless password manager that generates deterministic, site-specific passwords entirely on the client device. It uses a pure function to derive passwords from a master password combined with site details, producing the same output every time without storing any secrets on a server or requiring network access. This approach means passwords can be recalculated on any device from remembered inputs, with no database synchronization needed. The project distinguishes itself through its counter-based password rotation, which allows changing a site's password by incrementing a counter