30 open-source projects similar to macpass/macpass, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best MacPass alternative.
KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim
KeePassDX is an Android password manager that opens, edits, and stores encrypted credential databases using the open KeePass 2.x file format. It keeps all password data stored locally on the device without requiring cloud sync or internet access, and supports multiple symmetric-key encryption algorithms including AES, Twofish, and ChaCha20 with Argon2 key derivation. The app unlocks the credential database by delegating authentication to the platform's biometric API, allowing users to bypass the master password entry using fingerprint or face recognition. It generates one-time passwords local
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
KeePassX is a cross-platform password vault application and database manager that stores usernames and passwords in an encrypted file. It utilizes the KeePass database format to secure records using a master password or an optional key file. The application includes an automatic form filler that populates login fields in external applications and a secure password generator for creating high-entropy randomized passwords. The system provides tools for organizing credentials through custom metadata and grouping, alongside utilities for searching records and importing or exporting data.
gopass is a terminal-based password manager and GPG secret store used for generating, storing, and retrieving encrypted credentials. It functions as a collaborative secret manager that encrypts data using GPG or age and synchronizes it across devices and teams using Git. The system distinguishes itself by treating version control repositories as the primary storage backend, enabling secure secret sharing and version history for credentials. It utilizes a hierarchical directory structure to organize secrets on the filesystem and supports multi-store mounting to combine multiple independent rep
Aegis is a mobile application designed to manage and store multi-factor authentication tokens. It functions as a local-first credential vault that generates time-based and counter-based one-time passwords to verify user identity across various online services. The application secures sensitive authentication data by employing authenticated symmetric encryption and hardware-backed key storage to protect credentials at rest. Access to the stored tokens is gated by system-level biometric authentication or password verification, ensuring that only authorized users can retrieve the generated secur
This is a two-factor authentication library and open-source multi-factor authentication implementation. It provides a suite of tools for implementing security workflows that require a second layer of verification beyond standard credentials. The project implements both time-based one-time passwords and HMAC-based one-time passwords. It includes utilities for generating these codes based on shared secrets and counters, following industry standards such as RFC 6238. The library covers cryptographic primitives including Base32 secret key encoding, dynamic truncation extraction, and symmetric ke
2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat
AuthenticatorPro is an open-source security application for Android designed to manage two-factor authentication. It functions as a client for generating time-based and counter-based one-time passwords to secure user accounts. The project distinguishes itself through Wear OS integration, which allows authentication codes to be synchronized from a mobile device to a companion wearable. It also includes a system for importing credentials from external services and using the device camera to scan QR codes for account configuration. The application provides a suite of security and organization c
Authboss is a modular authentication framework designed to manage user identity and account orchestration. It provides a comprehensive system for handling user registration, email verification, and the full lifecycle of user profiles. The framework distinguishes itself through a focused suite of security and identity tools, including multi-factor authentication via time-based passwords and SMS, and identity integration with external providers using OAuth1 and OAuth2 protocols. It also includes a dedicated account security manager that implements brute-force protection through credential-based
This project is a two-factor authentication manager that generates time-based and counter-based one-time passwords to secure online accounts. It functions as an encrypted credential manager for storing authentication seeds and producing security codes on mobile and wearable devices. The application includes a dedicated Android Wear OS client that synchronizes authentication data and UI states to allow security codes to be viewed directly from a smartwatch. The system supports the import and migration of authentication seeds from other applications and provides encrypted backup capabilities t
Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks
Buttercup is a cross-platform password manager and encrypted credential store designed to protect passwords and secrets across multiple operating systems. It functions as a secure vault for storing sensitive credentials, utilizing encryption for all data stored on local or remote devices. The application distinguishes itself through a provider-agnostic cloud synchronization model, which allows encrypted vault files to be synchronized between a local filesystem and various external cloud storage providers. The system maintains data security via client-side encryption and ensures data integrit
Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru
This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis
This project is a reactive, offline-first NoSQL database engine designed for JavaScript applications. It provides a robust framework for managing application state by synchronizing data across browsers, mobile devices, and server-side runtimes. By treating local storage as the primary source of truth, it enables applications to remain functional without network connectivity, automatically reconciling changes with remote backends once a connection is restored. The database distinguishes itself through a modular architecture that supports cross-environment synchronization and high-performance d
This project is a feature-rich Go client library designed for interacting with Redis. It serves as a comprehensive interface for managing remote data stores, enabling developers to execute standard database commands, handle complex data structures, and perform asynchronous operations within Go applications. The library distinguishes itself through its support for advanced Redis capabilities, including connection pooling, pipelining, and transactional integrity. It provides specialized primitives for managing distributed clusters, including automated topology updates and request routing to sha
TagSpaces is an offline-first file tagging and organization platform that lets you manage local files with portable metadata stored directly in filenames or sidecar JSON files, eliminating the need for a central database. It functions as a full-text file search engine, a Kanban board file organizer, a local AI file assistant, an S3-compatible cloud file manager, and a web clipper and bookmark manager, all within a single application. The project distinguishes itself through a local-first architecture where all file operations, indexing, and AI processing run entirely on the device, with cloud
Excelize is a library for reading and writing spreadsheet files in the Office Open XML format. It provides a comprehensive suite of tools for programmatically creating, modifying, and analyzing workbooks, worksheets, and cell data, ensuring compatibility across various office software suites through structured XML serialization. The library distinguishes itself with a built-in formula calculation engine that evaluates complex mathematical and logical expressions directly against workbook data. It also features a memory-mapped streaming architecture, which allows for the efficient processing o
KeePass2Android is an Android password manager that stores all credentials in a standard KeePass .kdbx file, ensuring cross-platform compatibility and direct file access. The vault is encrypted using AES-256 via SQLCipher, keeping credential data protected at rest, and can be unlocked through biometric authentication or a partial-password verification method that reduces friction after the initial full password entry. The app provides multiple ways to inject credentials into other applications without exposing them to the system clipboard. It integrates with Android's Accessibility Service or
Authenticator is a multi-factor authentication manager and browser extension designed to generate and store two-step verification codes directly within a web browser. It functions as an encrypted secret store that produces both time-based and counter-based security codes to protect online account access. The project distinguishes itself through cross-browser synchronization, replicating authentication accounts across different browser instances using cloud or local backups. It utilizes password-based encryption to protect authentication seeds and provides a synchronization tool to maintain co
JumpServer is a privileged access management platform designed to manage and audit secure access to SSH, RDP, Kubernetes, and database endpoints. It functions as a centralized gateway that brokers remote terminal and graphical sessions to isolate users from critical infrastructure. The system utilizes a web-based protocol gateway to translate remote connections into browser-compatible streams and a protocol-based proxy layer to isolate end-user devices from target assets. It incorporates security watermarking to deter unauthorized screen captures and provides a Kubernetes access gateway for c
VeraCrypt is a cross-platform disk encryption utility used to create encrypted file containers and secure entire disk partitions. It functions as a tool for full disk encryption and a manager for encrypted volumes, providing a means to protect sensitive data on local disks and removable media across multiple operating systems. The software is distinguished by its support for plausible deniability, allowing the creation of hidden volumes nested within other encrypted volumes to conceal the existence of data. It also implements hardware-based access control, requiring physical security tokens,
Passbolt is an open-source, self-hosted password manager designed for teams. It provides a centralized, encrypted vault where organizations can store, share, and manage credentials securely. The server exposes a JSON REST API that authenticates requests using either GPGAuth or JWT tokens, and all secrets are protected with OpenPGP end-to-end encryption, ensuring the server never has access to plaintext passwords. The platform distinguishes itself through a comprehensive role-based access control system that governs resource sharing and administrative actions. Teams can organize users into gro
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
This project is a Pluggable Authentication Module for Linux systems that enforces multi-factor identity verification. It integrates directly into the system authentication stack to require time-based one-time passwords alongside standard user credentials, providing a mechanism to secure local and remote shell access. The module distinguishes itself through its implementation of the time-based one-time password algorithm, which includes built-in support for clock-skew compensation to account for time discrepancies between servers and user devices. It manages individual user secret keys through
SQLCipher is an encrypted SQLite database engine and secure relational database that provides transparent AES-256 encryption for database files and stored data. It functions as a cryptographic storage engine that requires a passphrase or binary key to unlock and access content. The engine ensures data confidentiality through page-level encryption and protects data integrity using cryptographic hashes to detect unauthorized modifications. It includes capabilities for encryption key rotation to update passphrases and secure memory locking to prevent sensitive keys from being swapped from RAM to
This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut
itpol is a framework for cryptographic key management, digital signature policies, and security hardening. It provides an IT policy template library and infrastructure access frameworks to establish organizational security guidelines and governance. The project focuses on cryptographic identity management through the use of PGP and SSH keys, alongside a security hardening guide for workstations. It defines standards for software supply chain security, specifically regarding the signing of code commits and software releases to ensure provenance. The system covers a broad range of security cap