At a Glance:
Passbolt is an open source password manager built for teams that centralizes credential sharing with user-owned secret keys, end-to-end encryption, and supports self-hosted server deployment, browser extensions, mobile apps, and a CLI client.
Overview:
Passbolt is a self-hosted, security-first password manager designed for organizations that need to centralize, organize, and share passwords and secrets across teams. The platform uses a security model based on user-owned secret keys and end-to-end encryption, with publicly documented security audits conducted multiple times annually. Passbolt can be deployed on a user's own server and supports operation in air-gapped environments. The project provides browser extensions for Chrome, Firefox, and Edge, mobile apps via the App Store and Google Play Store, and a CLI client. A desktop app is in pre-alpha development. Passbolt is headquartered in the EU and states it does not collect personal data or telemetry.
Key Decision Points:
Self-hosted deployment: Organizations can run Passbolt on their own server infrastructure, including in air-gapped environments where no telemetry or personal data is collected.
End-to-end encryption with user-owned keys: The security model requires users to hold their own secret keys, meaning decryption capabilities are tied to individual key possession.
Team-focused credential sharing: Passbolt is built specifically for sharing and auditing passwords within teams, with policies designed for power user workflows.
Multi-platform client access: Available interfaces include browser extensions, mobile apps, and a CLI, with a desktop application in pre-alpha.
Core Features:
End-to-end encrypted credential storage: All passwords and secrets are encrypted using a model where secret keys are owned by individual users.
Shared password management for teams: Teams can centralize and share credentials with configurable access policies and audit capabilities.
Self-hosted server deployment: The server component can be deployed on an organization's own infrastructure with support for air-gapped operation.
Publicly disclosed security audits: Passbolt undergoes multiple security audits per year and publishes the findings publicly.
Multi-client access: Users can interact with Passbolt through browser extensions, mobile apps for iOS and Android, and a command-line interface tool.
Use Cases:
Organizations requiring a self-hosted password manager where credentials can be securely shared and audited across teams.
Security-conscious teams that need end-to-end encryption with user-owned keys rather than centralized key management.
IT administrators managing credential access in environments where air-gapped deployment is necessary and telemetry collection is not acceptable.
Open-Source Alternative Value:
Passbolt provides a self-hosted, open source alternative for organizations that need a team-oriented password manager with verifiable security practices. The codebase is publicly available, and the project publishes findings from its multiple annual security audits. Organizations can deploy the server on their own infrastructure and operate in network-restricted or air-gapped environments. The combination of user-owned secret keys and end-to-end encryption keeps decryption control at the individual user level, which may be important for teams with strict internal access boundaries.
