Security-first, open sourcepassword manager for- teams & businesses
- radical privacy
- collaboration
Finally, a password manager built for organizations that take their security and privacy seriously. Passbolt is trusted by 15 000 of them worldwide, including F500 companies, the defense industry, universities, startups and many others.
What makes passbolt different?
Tldr; more security, better collaboration, less artifices.
Radical security
We believe that any honest discussion about password managers must be heavily focused on security. Passbolt puts security first. Top penetration testers regularly assess our software, and findings are made public.
Our security model supports user-owned secret keys and end-to-end encryption even in complex scenarios. Passbolt is committed to practising transparency, keeping things real and being radically open. We refuse to participate in the security theatre.
Built for collaboration
While most password managers focus primarily on individuals. Passbolt goes a step further, developing a platform that meets the needs of organisations and teams.
Securely share your credentials, with powerful and dependable auditing tools for power users. Passbolt delivers unparalleled granularity for both access controls and encrypted data.
Privacy in its DNA
Headquartered in the EU 🇪🇺, specifically in Luxembourg, privacy is not only a top priority; it’s guaranteed by the law.
There’s no better method to ensure your privacy is protected than to host it behind your firewalls or in an air-gapped environment where you have full control.
Even the paid versions of passbolt are 100% open source, allowing transparency and letting anyone audit the code.
Run it on your own server, natively
Stay in control of your data, deploy passbolt within minutes, on-prem or on infrastructure you already trust.
Install now“So versatile, you can even run it on a Raspberry Pi”
Passbolt servers are designed to be simple to install and easy to manage. Yet they are enterprise-ready and can support complex setup for high availability.
Check how it's doneBuilt for developers,
by developers
- Retrieve, store and share passwords programmatically with the JSON api.
- Automate at scale with Passbolt CLI
- Real time access logs
Made in europe. Privacy by default.
Privacy is in our DNA, but also in the DNA of European laws (to make sure we don’t change our mind).
- GDPR Compliant.
- Self-host it for full data ownership.
- Host it in our cloud, located in Europe.
- No tracker, no strings attached.
Security by design. Audited and certified.
Say goodbye to old school shared vaults, their symmetric encryption and security limitations. Embrace the future of secrets sharing. Reclaim control of your security.
- 100% asymmetric end-to-end security, backed by OpenPGP.
- Users can control their own encryption key.
- Share secrets individually, not in vaults.
- Reliable audit logs, server side.
- Accesses revokation that actually works.
All in all, the Passbolt application is in a very good state and capitalizes on a number of security strengths, especially gained by extensive knowledge of the developers who implement comprehensive mitigations and anticipate attacks quite well.
Misconfiguring JWT validation and causing Cross-JWT Confusion
May 25, 2023