INDEPENDENT EDITORIAL GUIDE

Best Open-Source Password Managers

Password managers protect unusually sensitive data, so popularity alone is an inadequate selection method. Architecture, cryptographic design documentation, audit history, update delivery, recovery, and the security of each client all deserve careful review.

Who this guide is for

Individuals and teams researching password storage or secrets-management options.

How we selected these projects

The list includes established public repositories directly related to password management. Inclusion is not a security endorsement; readers must inspect current security documentation and advisories.

GitHub stars are useful popularity signals, but they are not guarantees of quality, security, maintenance, or suitability.

Best Open-Source Password Managers: live metadata
RepositoryStarsForksLanguageLicenseUpdated
bitwarden/clients13.3K1.9KTypeScriptNOASSERTION7/14/2026
keepassxreboot/keepassxc28K1.8KC++NOASSERTION7/14/2026
buttercup/buttercup-desktop4.4K341TypeScriptGPL-3.07/11/2026
padloc/padloc2.9K264JavaScriptAGPL-3.07/13/2026

bitwarden /

clients

13.3K

Bitwarden client apps (web, browser extension, desktop, and cli).

Recently updatedPopularActive repositoryHas homepage
TypeScriptNOASSERTION#angular#bitwarden#browser-extension#chrome
1.9K forks1.2K issuesUpdated today
Project homepage ↗

keepassxreboot /

keepassxc

28K

KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.

Recently updatedPopularActive repositoryHas homepage
C++NOASSERTION#cross-platform#hacktoberfest#keepass#keepassxc
1.8K forks890 issuesUpdated today
Project homepage ↗

padloc /

padloc

2.9K

A modern, open source password manager for individuals and teams.

Recently updatedActive repositoryHas homepage
JavaScriptAGPL-3.0#cryptography#end-to-end-encryption#javascript#lit-element
264 forks103 issuesUpdated 1 day ago
Project homepage ↗

Key considerations

  • Prefer projects with documented threat models, security contacts, and prompt update channels.
  • Understand recovery, export, synchronization, and multi-factor authentication behavior.
  • Protect the device and browser environment where decrypted secrets are used.

Limitations

  • This guide performs no cryptographic audit.
  • Repository metadata cannot establish the security of hosted services or builds.

This guide is informational, uses changeable public GitHub data, and is not a security audit, legal opinion, or endorsement. Always review the repository, license, dependencies, and current documentation yourself.

Frequently asked questions

What makes an open-source password manager worth evaluating?

Start with fit for your use case, then review the license, documentation, release history, issue tracker, security guidance, and the maintainers’ stated support model.

Do more GitHub stars mean a project is better?

No. Stars are a useful popularity signal, but they do not guarantee quality, security, maintenance, performance, or suitability.

Is every listed project safe for production?

No independent directory can make that guarantee. Review the source, dependencies, advisories, deployment model, and license before adoption.