storage-p
Library

storage-p vs Vaultwarden: zero-knowledge & self-hosted

Both storage-p and Vaultwarden keep secrets safe, but they take different routes. storage-p is a self-hosted, zero-knowledge vault you operate yourself; Vaultwarden is a self-hostable server. Here is a factual side-by-side.

At a glance

  1. Hosting: storage-p runs self-hosted on your own server; Vaultwarden is a self-hostable server.
  2. Encryption: storage-p is zero-knowledge — your key is derived in the browser with Argon2id and the server only ever stores XChaCha20-Poly1305 ciphertext.
  3. Beyond passwords: storage-p also stores SSH/TLS keys, API keys and TOTP, and generates Ed25519 SSH keys and self-signed certificates client-side.
  4. Integrations: storage-p issues scoped API tokens whose every read can require your in-app or Telegram confirmation.
  5. Both Vaultwarden and storage-p can be self-hosted; storage-p keeps the database encrypted at rest with SQLCipher on top of client-side encryption.

Where storage-p stands out

The server never sees your master password or plaintext — encryption, decryption, key generation and the security audit all run on your device. You can store and generate SSH/TLS material, share via burn-after-read links or end-to-end sealed-box, and grant integrations narrow, auditable access instead of all-or-nothing exports.

When Vaultwarden may fit better

Vaultwarden is a mature, established option with its own ecosystem and community. If you rely on its specific apps or integrations, it may fit your workflow better.

Switching from Vaultwarden

Moving is straightforward: Vaultwarden can export a Bitwarden-format JSON, which storage-p imports directly. See the step-by-step migration guide linked below.

How to migrate from Vaultwarden to storage-p →How to move from storage-p to Vaultwarden →