Teampass

Teampass is a self-hosted password manager built for teams that need shared credential storage with access controls and an audit trail. Where individual password managers focus on the personal vault experience, Teampass is organised around team ownership: credentials live in folders, folders are assigned to groups and roles, and every access or change is logged against a user identity.

The access control model follows a straightforward hierarchy. Credentials are stored in folders, folders are assigned to one or more groups, and users belong to groups. An IT team might have a folder for server credentials, a finance team a folder for payment processor accounts, and only members of the relevant group see the contents of each folder. Managers can be given read-only access to folders they do not actively manage, and individual credentials can have additional restrictions applied on top of the folder-level permissions.

The audit trail records every view, copy, and modification event with a timestamp and the identity of the user who performed it. For teams that need to demonstrate credential access governance for compliance purposes, or for incident response where you need to know who accessed a compromised account, this log is the feature that justifies Teampass over a shared spreadsheet.

Teampass uses symmetric encryption to store all credentials on the server, with the encryption key also stored server-side. This is a meaningful security distinction from zero-knowledge password managers like Bitwarden: access to the server or database compromises the entire vault. For most internal team deployments this is an acceptable trade-off; for teams with strict data security requirements, this architecture deserves scrutiny before deployment.

The application runs on any standard PHP and MySQL host and deploys cleanly via Docker for teams that prefer that path. No per-user licensing means the cost of adding a team member is zero.