selfhostedworld.com logoselfhostedworld.com

Try describing what you need:

Best open-source alternatives to 1Password

The popular team password manager and secrets vault.

1Password is a widely-used credential management platform that stores passwords, SSH keys, and sensitive documents behind a single master password. Teams rely on it for shared vault access, audit logs, and integrations with SSO providers. Its subscription pricing and cloud-only data residency push security-conscious teams toward self-hosted alternatives.

8 alternatives listed
  1. GNU General Public License v3.0Open Source — No Paywall

    Vaultwarden is a self-hosted alternative server for the Bitwarden Client API, implemented in Rust and designed to work with the official Bitwarden desktop, mobile, and browser clients. It is aimed at users who want Bitwarden-compatible password management without running the official, more resource-intensive service. The project provides a broad set of Bitwarden features, including personal vault functionality, Send, attachments, organization support, two-factor authentication, emergency access, and an admin backend. It is typically deployed using container images, with Docker and Docker Compose examples provided, and the README recommends HTTPS and a reverse proxy for proper operation of the web vault. The project is positioned for individuals, families, and small organizations managing their own data.

    Multi-UserDockerDocker ComposeBinaryPackage Manager

    Features:

    • Personal Vault
    • Send
    • Attachments
    • Website icons
    • Personal API Key

    +5 more

    Auth:2fa
  2. 2Bitwarden logo
    19.4k
    GNU Affero General Public License v3.0Open Source — No Paywall

    Bitwarden Server is the backend project for Bitwarden’s client ecosystem. It contains the APIs, database, and supporting infrastructure used by Bitwarden applications, and is intended for developers and operators who need to build, run, or deploy the self-hosted server components. The project is implemented in C# on .NET Core with ASP.NET Core, and its database layer uses T-SQL/SQL Server. The README emphasizes cross-platform development and deployment on Windows, macOS, and Linux, and it provides Docker-based deployment scripts for both Unix-like systems and Windows. The repository also points contributors to separate server setup and contributing documentation for build instructions and workflow guidance.

    Cloud OptionalMulti-UserMulti-TenantDockerSource

    Features:

    • backend APIs
    • database
    • core infrastructure
    • cross-platform deployment
    • production container images

    +4 more

    Auth:oidc-ssosamlldap
  3. GNU Affero General Public License v3.0Open Core — Some Features Paid

    Passbolt is an open source password manager designed for teams and organizations. It focuses on secure collaboration around credentials and secrets, providing centralized storage, organization, sharing, and auditing rather than a single-user vault experience. The project emphasizes security and privacy as core product traits. Its model uses user-owned secret keys and end-to-end encryption, and the README states that it is audited multiple times annually with public findings. Passbolt can be deployed on a self-hosted server and offers clients across browsers, mobile devices, CLI, and a desktop app preview, making it suitable for operational teams that need access from multiple platforms.

    No TelemetryCloud OptionalOffline CapableMulti-UserDockerKubernetesPackage Manager

    Features:

    • password and secret management
    • secure sharing
    • credential auditing
    • end-to-end encryption
    • user-owned secret keys

    +1 more

  4. MIT LicenseOpen Source — No Paywall

    This project is the backend for a personal management system intended to keep a user’s private information organized in one place. It is positioned as a self-hosted alternative to scattering data across services like cloud drives, notes apps, and other online tools. The system appears aimed at a technically inclined individual who wants to manage personal data locally and extend the application with custom modules. It includes modules for everyday organization such as tasks, notes, contacts, passwords, schedules, payments, shopping, images, files, video, and read-only reports. The README emphasizes modularity, extension development, and running continuously on a home-connected machine without internet access.

    Offline CapableSource

    Features:

    • todo/goals tracking
    • notes
    • contacts management
    • encrypted password storage
    • schedules

    +5 more

    Auth:local
  5. 52FAuth logo
    4.0k
    GNU Affero General Public License v3.0Open Source — No Paywall

    2FAuth is a self-hosted web application for people who want to manage their two-factor authentication accounts outside of a phone-centric authenticator app. It is aimed at users who prefer to keep OTP secrets in a standalone database that can be backed up and restored, and at those who want a cleaner workflow for generating security codes on both desktop and mobile devices. The application lets a single user store 2FA accounts, organize them into groups, and generate HOTP, TOTP, and Steam Guard codes. It also supports importing accounts from several common authenticator formats, scanning QR codes, and adding entries manually. Security-focused features include optional encryption of stored sensitive data, security key sign-in, and automatic logout after inactivity.

    DockerDocker ComposeSource

    Features:

    • 2FA account management
    • group organization
    • QR code scanning and decoding
    • manual account creation
    • account editing

    +5 more

    Auth:local
  6. MIT LicenseOpen Source — No Paywall

    AliasVault is an open-source, self-hostable password and email alias manager aimed at people who want a privacy-focused alternative to traditional password managers. It helps users create unique identities, strong passwords, and random email aliases for each website, while keeping sensitive data encrypted end-to-end. The project is designed for use across web, browser extensions, and native mobile apps, with cloud-hosted and self-hosted options. Its architecture emphasizes zero-knowledge handling of vault contents and received emails, and the README highlights features such as autofill, built-in TOTP, passkeys, and import from other password managers. It is also presented as suitable for production use during active development.

    Cloud OptionalOffline CapableDockerDocker ComposeSource

    Features:

    • password management
    • email alias generation
    • end-to-end encryption
    • built-in email server
    • browser extension autofill

    +5 more

  7. GNU General Public License v3.0Open Source — No Paywall

    TeamPass is an on-premise collaborative password manager intended for teams and organizations that need to store and share credentials under their own control. The README positions it as a self-hosted solution with both a traditional PHP/MySQL installation path and an official Docker deployment option. It is aimed at administrators who want flexibility in how it is deployed and maintained. The project documents its runtime requirements, supports LDAP/AD authentication, and provides a REST API for integration. The README also notes optional components such as Redis, APCu, and a WebSocket daemon for real-time synchronization, suggesting it is designed for more advanced or high-availability environments.

    Multi-UserDockerSource

    Features:

    • collaborative password management
    • on-premise deployment
    • traditional installation
    • Docker deployment
    • REST API

    +3 more

    Auth:ldap
  8. GNU General Public License v3.0Open Source — No Paywall

    Zero-TOTP is a time-based one-time password client designed to store authenticator codes securely and make them accessible from multiple platforms. It is aimed at users who want to keep TOTP vaults encrypted with a zero-knowledge approach, so the service provider cannot read the data and only the user can decrypt it with a passphrase. The project is centered on a web app, with additional iOS and CLI clients mentioned in the README, and it also offers a rescue web frontend for vault recovery. It supports self-hosting through Docker-based deployment and emphasizes data availability through replication to multiple locations, including Google Drive and a local machine. The documentation also covers encryption and self-hosting details.

    Cloud OptionalDocker

    Features:

    • TOTP code storage
    • web app
    • iOS app
    • CLI app
    • zero-knowledge encryption

    +4 more

What to look for in a 1Password alternative

Look for end-to-end encryption at rest and in transit, with a zero-knowledge architecture where the server never sees your plaintext secrets. Evaluate browser extension quality, mobile app support, and whether the tool supports sharing vaults with fine-grained permissions. Emergency access and backup/export workflows are critical for teams that cannot afford credential lockout.