Best Self-hosted Secrets, Passwords & Vaults tools in 2026

27 self-hosted open source alternatives in this category

Vaultwarden

Bitwarden-compatible password manager server written in Rust

Vaultwarden is a lightweight, Bitwarden-compatible password manager server in Rust, designed for self-hosting with official Bitwarden clients.

Alternative to:

Bitwarden+9

KeePassXC

Cross-platform offline password manager using encrypted KDBX databases

26k

1.7k

Last commit: 1mo ago

KeePassXC is a secure, cross-platform password manager that stores credentials and sensitive notes in encrypted KeePass-compatible KDBX files with autofill and browser in...

Alternative to:

KeePassXC+10

Infisical

Open-source platform for secrets, PKI certificates, and privileged access

25.1k

1.7k

Last commit: 9h ago

Infisical is an open-source platform to manage and deliver app secrets, certificates (PKI), SSH credentials, and encryption keys across teams and infrastructure.

Alternative to:

HashiCorp Vault+9

Ente

End-to-end encrypted cloud for photos and 2FA

24.8k

1.5k

Last commit: 10h ago

Open-source, end-to-end encrypted platform for private photo backup, sharing, and authenticator (2FA) sync across devices, with optional self-hosting.

Alternative to:

Google Photos+14

Bitwarden

Open-source password manager with zero-knowledge security and self-hosting.

18.1k

1.5k

Last commit: 8h ago

Bitwarden is an open-source password manager that stores, shares, and autofills credentials with zero-knowledge encryption; supports cloud or self-hosted deployments.

Alternative to:

1Password+9

Passbolt

Open-source password and secret manager for teams

5.7k

370

Last commit: 1mo ago

Passbolt is an open-source, security-first password and secret manager for teams, with end-to-end encryption, granular sharing permissions, and auditing.

Alternative to:

Passbolt Cloud+11

OpenBao

Open source secrets management for keys, certificates, and tokens

5.5k

339

Last commit: 7h ago

OpenBao is an open source secrets management platform to securely store, generate, lease, and revoke secrets, certificates, and encryption keys with auditing and access c...

Alternative to:

HashiCorp Vault+3

2FAuth

Web-based TOTP/HOTP authenticator and 2FA account manager

3.8k

273

Last commit: 1mo ago

Open-source web app to manage TOTP/HOTP 2FA accounts: scan QR codes, generate one-time codes, import/export tokens, and protect access with WebAuthn and optional encrypti...

Alternative to:

Google Authenticator+3

Password Pusher

Securely share passwords and sensitive data with auto-expiring links.

2.9k

427

Last commit: 2d ago

Open-source app that creates self-deleting secret links with audit logs.

Alternative to:

Onetime Secret+1

Onetime Secret

Self-destructing service for sharing single-use encrypted secrets

2.7k

427

Last commit: 14h ago

Open-source web and API service to create encrypted, single-view links for sharing secrets with configurable expiry and optional passphrase protection.

Alternative to:

Onetime Secret+6

Yopass

Secure one-time secret sharing with client-side encryption

2.6k

379

Last commit: 13h ago

Open-source tool for sharing secrets and files via client-side OpenPGP encryption and one-time expiring links.

Alternative to:

Onetime Secret+3

AliasVault

End-to-end encrypted password manager with built-in email aliasing

2.2k

Last commit: 7h ago

Privacy-first, end-to-end encrypted password and email alias manager with passkeys, TOTP, apps and extensions, plus a built-in email server for self-hosting.

Alternative to:

SimpleLogin+12

TeamPass

Collaborative on-prem password management with RBAC and encryption.

1.8k

566

Last commit: 3d ago

On-prem password manager enabling secure sharing and fine-grained access control over credentials.

Alternative to:

Bitwarden+9

Databunker

Self-hosted vault for tokenizing and encrypting sensitive records

1.4k

Last commit: 3mo ago

Databunker is a self-hosted vault that tokenizes and encrypts PII/PHI/KYC/PCI data, providing a secure API, consent management, and audit trails for compliance.

Alternative to:

Skyflow

Hemmelig

Encrypted secret sharing with client-side encryption and self-destructing links

1.1k

Last commit: 2d ago

Share sensitive text or files securely using client-side encryption, expiring links, view limits, and optional password protection.

Alternative to:

Onetime Secret+3

sup3rS3cretMes5age

Self-destructing one-time message service backed by HashiCorp Vault

559

Last commit: 6d ago

Self-hosted one-time, self-destructing message service that stores secrets in HashiCorp Vault, with a lightweight web UI and optional TLS automation.

Alternative to:

Onetime Secret+1

FlashPaper

One-time encrypted secret sharing web application

490

Last commit: 1y ago

Simple PHP app for one-time encrypted secret sharing. Stores encrypted secrets in SQLite, deletes on retrieval, and provides a curl API and Docker images.

Alternative to:

Onetime Secret+1

Shhh

One-time encrypted secret sharing web app

416

Last commit: 1mo ago

Tiny Flask app to create encrypted, expiring secrets shareable via private links. Secrets are encrypted and deleted after viewing, expiration, or max attempts.

Alternative to:

Onetime Secret+1

YeetFile

Encrypted self-hosted file sharing and vault with client-side encryption

307

Last commit: 1mo ago

Self-hosted encrypted file sharing and vault. Client-side encryption, shareable expiring links, CLI and web UI, and storage backends (local, S3, Backblaze B2).

Alternative to:

WeTransfer+17

OrigamiVault

Encrypt and split secrets for printable offline paper recovery

262

Last commit: 7d ago

Client-side web app to encrypt or split secrets into QR codes and OCR-friendly printouts for offline recovery using AES and Shamir Secret Sharing.

Alternative to:

Onetime Secret+1

PWgen

Simple Docker web app to generate secure passwords and passphrases

Last commit: 8mo ago

Self-hosted Docker web app for generating secure passwords and passphrases with customizable options, haveibeenpwned checks, PWA support, and environment variable configu...

POMjs

Client-side random password generator in HTML and JavaScript

Last commit: 2y ago

Minimal, dependency-free browser password generator written in HTML, CSS and plain JavaScript. Customizable character sets, length, translations and a strength indicator.

Alternative to:

Microsoft Edge

Mybucks.online

Password-only, self-custodial browser cryptocurrency wallet

Last commit: 22h ago

Browser-based self-custodial crypto wallet that derives a private key from a password and passcode using scrypt and keccak256; no registration or seed phrases.

Kontoj

Browser-based account creation tool using JSON service definitions

Last commit: 1y ago

Kontoj loads a JSON services list to generate credentials, autofill signup forms via a userscript, and export generated credential emails for bulk account creation.

Turtl

Encrypted notes and bookmarks with cross-device sync

Turtl is an end-to-end encrypted note-taking and bookmarking app with tagging, full‑text search, and optional self-hosted sync via Turtl Server.

Alternative to:

Standard Notes+19

Psono

Open-source, self-hosted password manager for teams and file sharing

Psono is a self-hosted, open-source password manager with client-side encryption, web & mobile clients, admin portal and a fileserver for encrypted file storage.

Alternative to:

LastPass+9

Passit

Open-source password manager for teams and individuals

Passit is an open-source password manager to store passwords and secure notes, organize them in groups, and share access on self-hosted instances.

Alternative to:

LastPass+9