
Ask HN: Any self hosted solution to manage passwords in a team? - codegeek
I know this has been asked before and currently there are options such as LastPass etc. But what else is out there ? Is there a self hosted option ?
======
koolba
Check out: [https://www.passwordstore.org/](https://www.passwordstore.org/)

It's git friendly and supports having separate GPG keys for different
credentials.

~~~
stephenr
But wouldn't this require everyone who needs access to the $foo password, to
have access to the private gpg key that created the $foo password in the
store?

Without the ability to allow one of many private keys to decrypt a stored
password I'm not sure it's that practical.

~~~
koolba
You can encrypt the passphrases with keys for multiple recipients. Each would
be individually authorized to the ones their keys can decrypt.

~~~
stephenr
What option does that? All I've seen is about changing the key used.

~~~
koolba
> What option does that? All I've seen is about changing the key used.

It's the first option on the man page[1]: _Multiple gpg-ids may be specified,
in order to encrypt each password with multiple ids._

[1]: [https://git.zx2c4.com/password-
store/about/](https://git.zx2c4.com/password-store/about/)

------
rajjalan
I am obviously biased for following(founder) and password mgmt is just one
part of it, but do check out Device42 for a low cost password vault:
[http://www.device42.com/features/enterprise-password-
managem...](http://www.device42.com/features/enterprise-password-management/)

There is no limit on # of passwords or # of users with the base license and
has full Rest API support.

~~~
mtmail
How much is the base license? The pricing page has the lowest price at 1499
USD. The copyright of 2010 in the footer doesn't give me much confidence.

------
gingerlime
take a look at passopolis[0], a fork of Mitro[1] - which got acquihired by
Twitter and later stopped supporting the project.

You can either use the free hosted service by passopolis, or host your own.

disclaimer: not affiliated with either of those, but was a happy Mitro user
and then switched to Passopolis (and am still very happy to use and know the
project lives on).

[0] [https://passopolis.com](https://passopolis.com) /
[https://github.com/WeAreWizards/passopolis-
server](https://github.com/WeAreWizards/passopolis-server)

[1] [https://www.mitro.co/](https://www.mitro.co/) (certificate expired)

------
fbm
Take a look at ours, it's self hosted and for teams:
[http://teampasswordmanager.com](http://teampasswordmanager.com)

(I'm the founder, happy to answer any questions you have)

~~~
iyn
Some feedback: consider adding a "Pricing" link to the menu, this is one of
the first pages I look at when evaluating SaaS products. I know the price is
visible after clicking at "Buy now" button, but "Pricing" link may be more
informative for customers that haven't decided yet.

------
adp957
Check out Pleasant Password Server
[https://www.pleasantsolutions.com/PasswordServer](https://www.pleasantsolutions.com/PasswordServer)

------
dirktheman
KeePass on a shared server or even a Dropbox folder works fine, as long as
you're aware of the slightly higher risk of putting your database on the
internet.

------
gawenr
[http://rattic.org/](http://rattic.org/)

~~~
stephenr
Be aware that this deliberately provides no internal encryption.

------
Faaak
A good LDAP infrastructure ?

~~~
stephenr
That's only going to help you minimise per-user passwords on internal/ish
systems you control.

LDAP alone doesn't let you eg securely provide people access to the password
for the domain registrar.

