storage-p

Self-hosted password manager for teams (2026)

Teams that keep credentials on their own infrastructure avoid a third party holding every company secret. These self-hosted managers handle shared vaults, access control and Docker deployment; here is how they differ.

What teams need

Beyond a personal vault, teams need secure sharing with per-resource access, an audit trail, SSO/directory integration where possible, and a deployment (usually Docker) their ops team can run and back up. Recovery and offboarding matter as much as encryption.

Passbolt

Purpose-built for teams: OpenPGP key-based sharing, granular per-resource permissions, self-hostable Community Edition, EU-developed. The strongest pick when sharing is central.

Vaultwarden

Lightweight Bitwarden-compatible server with organizations and collections for sharing logins and files — ideal for small teams wanting Bitwarden’s apps cheaply.

Bitwarden (self-hosted)

The official server adds SSO, directory sync and organization policies for larger orgs with compliance needs, at a higher resource cost.

Psono

Company-focused with SAML/LDAP, audit logs and policy controls; free for small teams, priced per user at scale.

Where storage-p fits

storage-p adds a distinct model for teams handling infrastructure secrets: end-to-end sealed-box sharing between users, per-project organization, and scoped API tokens whose every read can require in-app or Telegram confirmation — so an integration or CI system gets exactly the access you approve, not an all-or-nothing export. It stores SSH/TLS keys and certificates alongside passwords, all zero-knowledge and self-hosted.

How to choose

Sharing-first team — Passbolt. Cheap and light — Vaultwarden. Enterprise compliance — official Bitwarden. Company with SSO/audit needs — Psono. Infrastructure secrets with confirmable, scoped machine access — storage-p.