Who this guide is for
Individuals and teams researching password storage or secrets-management options.
How we selected these projects
The list includes established public repositories directly related to password management. Inclusion is not a security endorsement; readers must inspect current security documentation and advisories.
GitHub stars are useful popularity signals, but they are not guarantees of quality, security, maintenance, or suitability.
| Repository | Stars | Forks | Language | License | Updated |
|---|---|---|---|---|---|
| bitwarden/clients | 13.3K | 1.9K | TypeScript | NOASSERTION | 7/14/2026 |
| keepassxreboot/keepassxc | 28K | 1.8K | C++ | NOASSERTION | 7/14/2026 |
| buttercup/buttercup-desktop | 4.4K | 341 | TypeScript | GPL-3.0 | 7/11/2026 |
| padloc/padloc | 2.9K | 264 | JavaScript | AGPL-3.0 | 7/13/2026 |
bitwarden /
clients
Bitwarden client apps (web, browser extension, desktop, and cli).
keepassxreboot /
keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
buttercup /
buttercup-desktop
:key: Cross-Platform Passwords & Secrets Vault
padloc /
padloc
A modern, open source password manager for individuals and teams.
Key considerations
- Prefer projects with documented threat models, security contacts, and prompt update channels.
- Understand recovery, export, synchronization, and multi-factor authentication behavior.
- Protect the device and browser environment where decrypted secrets are used.
Limitations
- This guide performs no cryptographic audit.
- Repository metadata cannot establish the security of hosted services or builds.
This guide is informational, uses changeable public GitHub data, and is not a security audit, legal opinion, or endorsement. Always review the repository, license, dependencies, and current documentation yourself.
Frequently asked questions
What makes an open-source password manager worth evaluating?
Start with fit for your use case, then review the license, documentation, release history, issue tracker, security guidance, and the maintainers’ stated support model.
Do more GitHub stars mean a project is better?
No. Stars are a useful popularity signal, but they do not guarantee quality, security, maintenance, performance, or suitability.
Is every listed project safe for production?
No independent directory can make that guarantee. Review the source, dependencies, advisories, deployment model, and license before adoption.