Logo
Deploy Now

SaaS Alternative

LastPass 1Password Keeper Dashlane

Stars

6009

Forks

389

Watchers

89

Developer links

Passbolt

Security-conscious IT departments pick Passbolt for its cryptography: every user holds an OpenPGP key pair, and shared credentials are encrypted individually to each recipient's public key - real end-to-end encryption, not a vault password handed around. All crypto runs client-side in the mandatory browser extension (distributed and signed through the Chrome and Firefox stores, deliberately separating the crypto code from the server that stores ciphertext); private keys and passphrases never touch your instance, and the server admin cannot read a single secret. Authentication uses the challenge-based GpgAuth protocol, secrets are digitally signed to verify sender integrity, and metadata encryption extends protection to resource names and URLs. Day to day it behaves like a polished commercial manager: auto-fill and auto-save in forms, strong password generation, anti-phishing protection, TOTP storage, folder hierarchies shared per-user or per-group with fine-grained permissions and instant cryptographic revocation. Native iOS, Android, and desktop apps ship alongside a JSON API, CLI, and SDKs for CI/CD secret retrieval and rotation. The PHP server runs on MariaDB and is AGPL-licensed open source - including the paid tiers' codebase - with published security audits.

Passbolt

Benefits

  • The Server Can't Read Your Secrets
  • All encryption happens client-side - your instance stores only ciphertext, unreadable even to admins.
  • Sharing That's Actually Encrypted
  • Each recipient gets a copy encrypted to their own public key, revocable at the cryptographic level.
  • Built for Teams, Not Retrofitted
  • Groups, folders, and fine-grained permissions were the design center, not an afterthought.
  • Automation-Ready Secrets
  • JSON API, CLI, and SDKs retrieve and rotate machine credentials in CI/CD pipelines.

Features

  • OpenPGP Key Architecture
  • Per-user key pairs with signed secrets and challenge-based GpgAuth authentication.
  • Browser Extension
  • Signed, store-distributed extension handles crypto, auto-fill, auto-save, and password generation.
  • Granular Sharing
  • Share single items or whole folder trees with users or groups under fine-grained permissions.
  • TOTP and Secure Notes
  • Store one-time-password credentials and encrypted notes alongside passwords.
  • Metadata Encryption
  • Resource names, URLs, and descriptions encrypted with dedicated shared keys.
  • Native Apps and API
  • iOS, Android, and desktop clients plus a JSON API, CLI, and SDKs.