Submit a tool
Directory / privacy

AliasVault

privacysecurity

End-to-end encrypted password manager with a built-in email alias system and self-hosted email server. Generate a unique alias email address for every service you sign up to — so breaches expose only a throwaway address, never your real inbox

#password-manager#email-aliases#privacy#e2e-encryption#self-hosted
Alternative to BitwardenSimpleLoginAnonAddy1Password (+ email alias service)
Visit Website Source Code

Quick Start

git clone https://github.com/aliasvault/aliasvault && cd aliasvault && cp .env.example .env && docker compose up -d

Overview

AliasVault is a self-hosted password manager with a built-in email alias system. The premise is that every service you sign up to gets its own unique alias email address — not your real address. If that service is breached, sells your data, or starts spamming you, only the alias is exposed. You disable it, and the damage stops there. Your real inbox and your identity stay private.

What separates AliasVault from using a password manager alongside a separate alias service is that both pieces live in one self-hosted stack. The alias management, the vault, and a built-in email server that receives messages sent to your aliases are all part of the same deployment. You do not need a SimpleLogin subscription or a separate AnonAddy instance alongside your Bitwarden server.

End-to-end encryption means the server holds only ciphertext. Neither your passwords nor your alias configurations are readable by the server operator — which matters most when you are your own operator and want assurance that a database compromise does not expose your credentials.

The practical requirement beyond Docker is a working mail server setup. For alias email to be received and forwarded reliably, your domain needs correct SPF, DKIM, and DMARC DNS records, and your server’s IP needs a clean sending reputation. Self-hosting email is inherently more involved than self-hosting a web application, and deliverability to major email providers requires deliberate configuration. For users already comfortable running a mail server, this is familiar territory. For everyone else, it is the part that requires the most preparation before the alias feature becomes reliable.

AliasVault: Pros & Cons

Pros (The Wins)Cons (The Friction)
Passwords + aliases:
One tool replaces both
Bitwarden and SimpleLogin.		Email server setup:
DNS records and deliverability
require careful configuration.
Built-in email server:
Receives alias mail without
a third-party provider.		AGPL licence:
Commercial use needs
a licence review.
E2E encrypted vault:
Server stores only ciphertext;
operator cannot read data.		Newer project:
Fewer audits and smaller
community than Bitwarden.
2.7k stars:
Active development with
browser extensions and apps.		App parity in progress:
Mobile and extension features
still catching up.

Use Cases

Specific ways to use AliasVault for your workflow.

01
Sign up to every new service with a unique alias address so that when one leaks in a breach, only that alias is exposed
02
Replace both a password manager and a separate email alias service with a single self-hosted tool
03
Receive email to alias addresses on your own domain without paying for a commercial alias service like SimpleLogin
04
Keep your real email address private from every service you interact with while still receiving their messages

Deployment Strategy

Recommended ways to host AliasVault in your own environment.

docker
self-hosted