Passbolt

Passbolt is one of the cleanest open-source password-manager listings in this directory. The legal entity is **Passbolt SA** at 9 Avenue du Blues, L-4368 Belvaux, Luxembourg — incorporated as a formal company in 2017 after the concept originated within a Luxembourg digital agency in 2011. The product was conceived as a collaborative successor to KeePass, with a focus on team credentials sharing, RBAC, audit logging, and OpenPGP-based end-to-end encryption (1:1 keys per credential). Customer references include the **Luxembourg government IT body** and the **French Ministry of the Interior** — strong public-sector procurement signals that, combined with the open-source licensing, make Passbolt a natural fit for EU sovereign-procurement workflows. Compliance and transparency posture is best-in-class. Both the Community (free) edition AND the paid Business + Enterprise editions are released under the **GNU Affero General Public License v3 (AGPLv3)** — buyers can fork the codebase, run audits internally, and never face vendor lock-in. The company commissions **independent third-party audits multiple times per year with all reports public**, including **SOC 2 Type II** attestation. Encryption is OpenPGP with 1:1 per-credential keys; no server operator (including Passbolt's own Cloud team) can decrypt customer vaults. Self-host deployment supports Docker, Kubernetes (Helm), and native installation on Ubuntu, Rocky Linux, and openSUSE — full flexibility to run on Hetzner, OVHcloud, Scaleway, IONOS, STACKIT, or any other EU GPU / VPS infrastructure. Pricing is open-source-friendly and procurement-grade. **Community Edition is free** under AGPLv3 with unlimited users, core feature set, browser extensions, API, role-based access — community support only. **Business** is €4.50 per user per month billed annually (10-user minimum) and adds tags, LDAP provisioning, SSO (Microsoft, Google, OpenID), account recovery, audit logs, and a packaged VM appliance with next-business-day email support. **Enterprise** is custom with 4-hour SLA, white-glove migration, custom development, and disaster-recovery consulting. Non-profits qualify for special pricing. Best fit: EU public-sector buyers, regulated industries (finance, defence, healthcare), teams that need SAML / LDAP SSO with audit-log compliance, and any procurement-grade buyer who wants AGPLv3 source-availability plus SOC 2 Type II attestation on a Luxembourg-incorporated open-source vendor.