30 open-source projects similar to keepassxreboot/keepassxc, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Keepassxc alternative.
VeraCrypt is a cross-platform disk encryption utility used to create encrypted file containers and secure entire disk partitions. It functions as a tool for full disk encryption and a manager for encrypted volumes, providing a means to protect sensitive data on local disks and removable media across multiple operating systems. The software is distinguished by its support for plausible deniability, allowing the creation of hidden volumes nested within other encrypted volumes to conceal the existence of data. It also implements hardware-based access control, requiring physical security tokens,
KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim
OpenClash is a network traffic controller designed for embedded router hardware. It functions as a kernel-level traffic management solution that intercepts network packets to enforce user-defined routing policies and connectivity rules across home or office network environments. The project distinguishes itself through a comprehensive build and deployment pipeline tailored for diverse firmware architectures. It provides a cross-compilation environment that transforms source code into hardware-specific installation files, while also offering a package management system to handle the retrieval
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
Ente is a privacy-focused platform for end-to-end encrypted storage and two-factor authentication management. It functions as a zero-knowledge identity provider, ensuring that all cryptographic operations, key derivation, and data encryption occur locally on the user's device. By maintaining this architecture, the service provider remains unable to access or decrypt any stored personal information or authentication credentials. The platform distinguishes itself through a combination of on-device intelligence and resilient data distribution. It utilizes a local machine learning engine to perfo
KeePassX is a cross-platform password vault application and database manager that stores usernames and passwords in an encrypted file. It utilizes the KeePass database format to secure records using a master password or an optional key file. The application includes an automatic form filler that populates login fields in external applications and a secure password generator for creating high-entropy randomized passwords. The system provides tools for organizing credentials through custom metadata and grouping, alongside utilities for searching records and importing or exporting data.
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
Aegis is a mobile application designed to manage and store multi-factor authentication tokens. It functions as a local-first credential vault that generates time-based and counter-based one-time passwords to verify user identity across various online services. The application secures sensitive authentication data by employing authenticated symmetric encryption and hardware-backed key storage to protect credentials at rest. Access to the stored tokens is gated by system-level biometric authentication or password verification, ensuring that only authorized users can retrieve the generated secur
This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut
Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup
Keyguard is a password manager application and secure vault designed for storing and organizing logins, passkeys, and sensitive data. It provides a multi-factor authentication vault that utilizes encrypted offline access to ensure credentials remain available without an internet connection. The application includes a dedicated SSH key manager and agent integration for generating and managing keys to access remote servers. It also features a password security auditor that analyzes vault entries to identify compromised, reused, or weak credentials. The system covers a broad range of security c
MacPass is a native macOS password manager and encrypted database client designed to manage credentials using the KeePass standard. It serves as a secure credential vault for storing usernames and passwords within a hierarchical structure. The application integrates a TOTP authenticator to generate time-based and hash-based one-time passwords for multi-factor authentication. It utilizes a KeePass-compatible database engine to ensure data portability and supports keyfile-based authentication to increase decryption entropy. The project covers broader capabilities including automated credential
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
DeDRM_tools is a digital rights management decryptor and ebook security key manager. It functions as a utility to strip proprietary protections from restricted ebook files, removing vendor lock-in to make the content compatible with any reading application. The tool manages the decryption process by using a configuration system to store device serial numbers and encryption keys. This allows for the automation of the decryption pipeline across various ebook retailers and platforms. The project provides capabilities for digital content decryption and ensures ebook format compatibility by proce
Vaultwarden is a self-hosted password management server designed to store and synchronize sensitive credentials, identities, and organizational data across multiple client devices. It functions as a database-backed web application that provides an API layer for secure client-server communication, enabling users to manage personal vaults and organizational data sharing with multi-factor authentication. The project distinguishes itself through a comprehensive administrative infrastructure that provides centralized control over server configuration, user accounts, and system diagnostics via a de
A modern, open source password manager for individuals and teams.
DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests
This repository is the Armbian build framework — an embedded Linux build system for generating custom operating system images tailored to single-board computers, primarily targeting ARM and RISC-V architectures. The build process is orchestrated by GNU Makefiles and relies on a chroot-based environment to assemble the root filesystem, manage cross-compilation toolchains, and aggregate binary firmware blobs for hardware compatibility. Kernel and bootloader source trees are fetched via git, with structured patches applied in a controlled sequence, while each supported board is described by a ded
Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies
This is a two-factor authentication library and open-source multi-factor authentication implementation. It provides a suite of tools for implementing security workflows that require a second layer of verification beyond standard credentials. The project implements both time-based one-time passwords and HMAC-based one-time passwords. It includes utilities for generating these codes based on shared secrets and counters, following industry standards such as RFC 6238. The library covers cryptographic primitives including Base32 secret key encoding, dynamic truncation extraction, and symmetric ke
This project is a comprehensive hardware security guide for using YubiKey tokens to manage encryption, digital signatures, and secure authentication. It provides technical instructions for configuring hardware security modules to handle digital identity and cryptographic materials. The documentation focuses on the implementation of OpenPGP and SSH workflows, specifically covering the creation of master key hierarchies, the rotation of subkeys, and the use of hardware-backed keys for secure shell connections. It also details methods for verifying code authorship through signed Git commits and
This project provides a high-performance key-value storage solution for mobile applications, utilizing memory-mapped files to enable rapid read and write operations. It functions as a persistent data layer that integrates directly with the JavaScript runtime to minimize overhead, while supporting reactive state synchronization to ensure interface components update automatically when stored data changes. The storage system distinguishes itself through its ability to manage multiple independent database instances, which organizes data by module and prevents collisions between application compon
FingerprintPay is an Android biometric payment bridge and credential manager that replaces manual password entry with biometric verification for checkout processes in compatible mobile applications. It functions as a tool to authorize payment transactions and automate credential entry through fingerprint verification. The system utilizes hardware-backed security to decrypt stored payment credentials and map biometric identities to encrypted data blobs stored within the device hardware security module. The project covers mobile payment security and automated credential entry by combining hard
OmniRoute is a unified LLM API gateway that connects multiple AI providers to a single endpoint. Its primary purpose is to simplify the integration of various AI models into tools and agents by translating different provider formats into a standardized API. The project distinguishes itself through a multi-strategy request routing system that optimizes for cost, speed, and availability, including automatic model fallbacks and a circuit-breaker resilience model to isolate provider failures. It employs a local-first security posture, using AES-256-GCM encryption to store API keys and conversatio
Paperless-ng is a self-hosted document management system designed to archive physical paperwork as searchable digital files. It functions as a private server for scanning, indexing, and organizing a digital library of documents through a web interface. The system acts as an encrypted file archive, utilizing a privacy guard backend to secure stored documents. It provides automatic on-the-fly decryption during the download process to ensure that archived records remain protected while in storage. The platform incorporates optical character recognition to convert scanned images and PDFs into se
This project is an Ethereum wallet browser extension that serves as a blockchain identity manager and a bridge between decentralized applications and the Ethereum blockchain. It functions as a multi-network blockchain wallet, allowing users to manage digital keys and interact with various Ethereum-compatible network ecosystems. The software provides a provider interface for signing transactions and reading chain data. It enables users to switch between different blockchain networks and maintain secure identities to authenticate on decentralized networks. The system covers the management of w
This project provides a comprehensive, modular framework for auditing and hardening personal digital and physical security. It functions as a structured, platform-agnostic knowledge base that breaks down complex security standards into granular, actionable tasks. By utilizing a static documentation architecture, the project ensures that its guidance remains accessible and transparent, allowing users to track their security posture incrementally through a persistent, manual progress-tracking system. The project distinguishes itself by bridging the gap between digital cybersecurity and physical
KeepChatGPT is a browser extension designed to enhance the ChatGPT web experience by acting as a session manager, UI optimizer, and privacy guard. It focuses on maintaining active connections to prevent session timeouts and improving the overall interface for better readability and organization. The project distinguishes itself through privacy and security features that block tracking telemetry and use regular expressions to mask sensitive data before it is sent. It also includes tools to mitigate conversation auditing and bypass bot verification challenges to reduce the risk of account restr
This project is a Git credential helper that automates the storage and retrieval of authentication secrets for remote repository operations. It functions as an OAuth token manager and an operating system vault storage interface to ensure authentication secrets are encrypted at rest. The tool acts as a cross-platform authentication broker, enabling the sharing of secure credentials between a host operating system and a Linux subsystem. It also serves as an enterprise proxy gateway, routing authentication traffic through corporate proxy servers to reach restricted repository endpoints. The sys