storage-p
Library

storage-p vs Bitwarden: zero-knowledge & self-hosted

Both storage-p and Bitwarden keep secrets safe, but they take different routes. storage-p is a self-hosted, zero-knowledge vault you operate yourself; Bitwarden is a managed cloud service. Here is a factual side-by-side.

At a glance

  1. Hosting: storage-p runs self-hosted on your own server; Bitwarden is a managed cloud service.
  2. Encryption: storage-p is zero-knowledge — your key is derived in the browser with Argon2id and the server only ever stores XChaCha20-Poly1305 ciphertext.
  3. Beyond passwords: storage-p also stores SSH/TLS keys, API keys and TOTP, and generates Ed25519 SSH keys and self-signed certificates client-side.
  4. Integrations: storage-p issues scoped API tokens whose every read can require your in-app or Telegram confirmation.
  5. Both Bitwarden and storage-p can be self-hosted; storage-p keeps the database encrypted at rest with SQLCipher on top of client-side encryption.

Where storage-p stands out

The server never sees your master password or plaintext — encryption, decryption, key generation and the security audit all run on your device. You can store and generate SSH/TLS material, share via burn-after-read links or end-to-end sealed-box, and grant integrations narrow, auditable access instead of all-or-nothing exports.

When Bitwarden may fit better

If you want a fully managed service with vendor support and the most polished browser and mobile autofill, Bitwarden may suit you better — you trade self-custody for convenience.

Switching from Bitwarden

Moving is straightforward: Bitwarden can export a Bitwarden-format JSON, which storage-p imports directly. See the step-by-step migration guide linked below.

How to migrate from Bitwarden to storage-p →How to move from storage-p to Bitwarden →