Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

Passbolt

VéRIFIé
Gestionnaires de mots de passe · Luxembourg
Fondé en 2017 · passbolt.com ↗

Luxembourg-incorporated AGPLv3 open-source team password manager (Passbolt SA), SOC 2 Type II, self-hostable, used by LU/FR government.

En bref

Passbolt, dans la catégorie Gestionnaires de mots de passe, est un service sous contrôle européen avec Luxembourg comme lieu d’hébergement et aucune exposition identifiée au CLOUD Act.

Notes d’évaluation

Passbolt SA (9 Avenue du Blues, L-4368 Belvaux, Luxembourg; incorporated 2017, concept since 2011) is a fully AGPLv3 open-source team password manager (even the paid Business tier is open source) built around OpenPGP end-to-end encryption, self-hostable by default with Cloud as a managed alternative, and audited by independent third parties several times a year with all reports public; SOC 2 Type II attested. Customer base includes the Luxembourg government IT body and France's Ministry of the Interior. Founder team active; investors are Luxembourg / EU (Luxinnovation, Scalefund, Yeast); €11M raised across 2020 (€3M) and 2024 (€8M); 30+ remote-first team. EU-owned, EU-hosted (Luxembourg), with no CLOUD Act exposure.

CLOUD ACT
OWNERSHIP
SUB-PROCS
0 aucun divulgué
Signaux vérifiés
Juridiction
  • Hébergement UE / adéquation
  • Opérateur UE / adéquation
  • Aucune exposition au CLOUD Act
Transparence
  • DPA public
  • Sous-traitants divulgués
  • Clients open source
  • Certification tierce
JUMP TO
OVERVIEW

À propos de Passbolt

Passbolt is one of the cleanest open-source password-manager listings in this directory. The legal entity is Passbolt SA at 9 Avenue du Blues, L-4368 Belvaux, Luxembourg, incorporated as a formal company in 2017 after the concept originated within a Luxembourg digital agency in 2011. The product was conceived as a collaborative successor to KeePass, with a focus on team credentials sharing, RBAC, audit logging, and OpenPGP-based end-to-end encryption (1:1 keys per credential). Customer references include the Luxembourg government IT body and the French Ministry of the Interior. These are strong public-sector procurement signals that, combined with the open-source licensing, make Passbolt a natural fit for EU sovereign-procurement workflows.

Compliance and transparency posture is best-in-class. Both the Community (free) edition AND the paid Business + Enterprise editions are released under the GNU Affero General Public License v3 (AGPLv3). Buyers can fork the codebase, run audits internally, and never face vendor lock-in. The company commissions independent third-party audits multiple times per year with all reports public, including SOC 2 Type II attestation. Encryption is OpenPGP with 1:1 per-credential keys; no server operator (including Passbolt's own Cloud team) can decrypt customer vaults. Self-host deployment supports Docker, Kubernetes (Helm), and native installation on Ubuntu, Rocky Linux, and openSUSE. That gives full flexibility to run on Hetzner, OVHcloud, Scaleway, IONOS, STACKIT, or any other EU GPU / VPS infrastructure.

Pricing is open-source-friendly and procurement-grade. Community Edition is free under AGPLv3 with unlimited users, core feature set, browser extensions, API, role-based access, with community support only. Business is €4.50 per user per month billed annually (10-user minimum) and adds tags, LDAP provisioning, SSO (Microsoft, Google, OpenID), account recovery, audit logs, and a packaged VM appliance with next-business-day email support. Enterprise is custom with 4-hour SLA, white-glove migration, custom development, and disaster-recovery consulting. Non-profits qualify for special pricing. Best fit: EU public-sector buyers, regulated industries (finance, defence, healthcare), teams that need SAML / LDAP SSO with audit-log compliance, and any procurement-grade buyer who wants AGPLv3 source-availability plus SOC 2 Type II attestation on a Luxembourg-incorporated open-source vendor.

SUB-PROCESSORS

Carte des sous-traitants · aucun divulgué

Source ↗
L'éditeur déclare zéro sous-traitant. Tout le traitement des données se fait en interne.
CERTIFICATIONS

Référentiels & certifications

SOC 2
ACTIVE
Information · cadre US
FEATURES

Matrice de fonctionnalités

Passkeys Non
Remplissage auto Oui
Surveillance des fuites Oui
Partage familial Oui
Export des données Oui
Appareils Illimité
Plateformes iOS Android Windows Linux
INTéGRATION & ACCèS
REST API Yes
SSO (SAML / OIDC) Yes
CONFORMITé & GOUVERNANCE
Audit log Yes
Self-host / on-prem option Yes
PRICING

Tarifs & paliers

FREEMIUM
à partir de €5/mois
Voir la page tarifs ↗
PUBLIC DOCUMENTS

Documents publics

  • Contrat de sous-traitance (DPA)
    www.passbolt.com/terms…
    Ouvrir ↗
  • Liste des sous-traitants
    www.passbolt.com/terms…
    Ouvrir ↗
  • Conditions d'utilisation
    www.passbolt.com/legal…
    Ouvrir ↗
ALTERNATIVES

Alternatives dans cette catégorie

heylogin
Germany · Fondé en 2021
SOUVERAIN UE

German passwordless zero-knowledge password manager (heylogin GmbH, Braunschweig), all-German sub-processor stack, ISO 27001:2022, no CLOUD Act exposure.

DPA public Sous-traitants Open source
FROM
€4/mois
CLOUD ACT
NONE
KeePassXC
Germany · Fondé en 2016
SOUVERAIN UE

GPLv3 fully-offline desktop password manager (KeePassXC Team, Weimar DE, est. 2016): no cloud, no servers, no telemetry; structurally zero CLOUD Act exposure.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
NONE
LC-Pass
Germany
SOUVERAIN UE

German-hosted business password manager from LC by vBoxx GmbH; collections, group sharing, central management, unlimited devices; an EU-hosted 1Password / LastPass alternative.

DPA public Sous-traitants Open source
FROM
€3.99/mois
CLOUD ACT
NONE