bSafe is a zero-trust password manager — meaning even the server has no idea what you’re storing. All encryption happens on the client side using native browser crypto APIs, and everything is stored in MongoDB in encrypted form.
Built with Fastify for performance and flexibility, and Vue on the frontend for speed and simplicity, bSafe lets you self-host your own secure vault with minimal effort. No Docker required, though it plays well with containerized setups too.
What it does
- 🔐 End-to-end encryption using
crypto.subtle - 🧠 Passwords never touch the server unencrypted
- 🧪 Kill switch built-in: wipe everything if compromised
- 📦 Modular core with pluggable storage & audit logs
- 💡 CLI & Web UI: choose your weapon
- 🧰 Built for speed, privacy, and complete control
Why it exists
Most password managers optimize for convenience inside someone else’s ecosystem.
bSafe was built around a different assumption:
- keep the data yours
- keep encryption client-side
- keep self-hosting practical
- keep the system understandable
Outcome
Whether you’re managing 3 passwords or 3000, bSafe is designed to stay out of the way while keeping the trust boundary where it belongs.