Open-source, self-hosted password manager from Germany with client-side encryption and enterprise SSO
Review by EuropeanStack EditorialUpdated Verified
Psono solves a real problem elegantly: enterprise credential management at a price point that does not require a budget cycle approval, from a European company under GDPR jurisdiction, with source code you can actually audit. The zero-knowledge architecture is correctly implemented. The enterprise SSO and audit log capabilities are genuine, not watered-down versions gated behind enterprise negotiation.
Psono is an open-source, self-hostable password manager developed by esaqa GmbH in Vorra, Bavaria, Germany. Licensed under Apache 2.0, the full server and client codebases are publicly auditable and self-hostable without restrictions. Enterprise features including SAML/OIDC SSO, LDAP provisioning, audit logs, and compliance policies are available from €2/user/month, making Psono one of the most cost-effective enterprise credential management solutions in the European market. A fully managed SaaS offering is available at €3/user/month for teams that prefer not to self-host. The project has accumulated 2M+ Docker Hub pulls since its GitHub origins circa 2015.
Headquarters
Vorra, Germany
Founded
2020
Pricing
EU Data Hosting
Yes
Employees
1-10
Open Source
Yes
Free
€2/mo
€3/mo
Billing: monthly, annual
Credential theft is the root cause of most enterprise breaches, and yet most password manager solutions ask organisations to either trust a US-controlled SaaS provider with their secrets or build and maintain their own solution from scratch. Psono exists in the gap between those options.
Developed by esaqa GmbH in Vorra, Bavaria, Psono is an open-source password manager released under the Apache 2.0 licence — meaning both the server and client codebases are publicly auditable and self-hostable without restriction. The project's GitHub origins trace back to around 2015; esaqa GmbH was formally incorporated in 2020 as the commercial entity behind enterprise support and the managed SaaS offering.
The core proposition is straightforward: enterprise-grade credential management, including SAML/OIDC SSO, LDAP/Active Directory provisioning, audit logs, and compliance policy enforcement, at €2/user/month for self-hosted deployments and €3/user/month for the managed service. Those numbers sit meaningfully below what Bitwarden, 1Password, and LastPass charge for comparable tiers. The 2M+ Docker Hub pull count suggests the value proposition resonates beyond the documentation.
Psono is a direct answer to the question that European IT and security teams ask when they look at the password managers category: "Why should our credential vault live on servers we don't control, operated by a company subject to US law?"
The architectural decision that matters most in a password manager is where encryption happens. In Psono, it happens in the browser or app before data is transmitted anywhere. User credentials are encrypted with AES-256 using keys derived from the master password on the client device. The master password never leaves the device. The server — whether self-hosted or esaqa-managed — stores and serves encrypted ciphertext it cannot read.
This zero-knowledge design means the attack surface for credential exposure is dramatically smaller. A compromised server yields only encrypted blobs. A disgruntled employee at esaqa cannot access your stored passwords. Law enforcement compelled access to the server infrastructure yields nothing usable. The design does not eliminate all risk — client device compromise remains a threat — but it removes the server as a viable attack vector for credential theft.
The implementation runs a multi-layer stack: client-side AES-256 encryption before transit, TLS in transit, and encrypted at rest on the server. This is documented in the technical architecture rather than just marketing claims, and the Apache 2.0 source code is available for verification.
The self-hosted Community Edition is not a stripped-down free tier designed to push you toward paid SaaS. It is the complete Psono database, supporting all core features including sharing, browser extensions, mobile apps, and folder organisation, with no user limit and no licence fee. Teams running their own Docker or Kubernetes infrastructure get the full product.
The Enterprise tier (from €2/user/month for 25+ users) adds the features that regulated organisations require: SAML SSO, LDAP provisioning, audit logs, compliance policies, and high availability configurations. The 10-user threshold before billing begins is unusually generous — most enterprise password managers start charging from user one.
For EU organisations with on-premises data centre infrastructure, this means credentials can stay entirely within the organisation's physical control. No subscription, no cloud dependency, no US data processor in the chain.
The enterprise identity integration stack covers the main protocols: SAML 2.0 (tested against Azure AD/Entra ID, ADFS, and Univention), OIDC, and LDAP/Active Directory for user provisioning and deprovisioning.
The practical value of LDAP integration in enterprise deployments is significant. When a user leaves the organisation, removing them from Active Directory propagates through to Psono access automatically. There is no separate Psono offboarding checklist. For security teams managing hundreds of credentials across dozens of staff in regulated industries, automated deprovisioning is not a nice-to-have.
The SAML implementation supports IdP-initiated and SP-initiated flows. Azure AD/Entra ID is the most common integration in practice given its prevalence in European enterprises, and esaqa's documentation covers the configuration in detail.
Audit logs track all credential access, modifications, sharing events, and administrative actions with timestamps and user attribution. This is the capability that moves Psono from "team password tool" to "enterprise compliance infrastructure."
For organisations operating under SOX, HIPAA, or PCI-DSS requirements, the ability to answer "who accessed these credentials, when, and from what device" is mandatory. Psono's audit log implementation supports these use cases. The Trust Center at trust.esaqa.com publishes the compliance documentation.
Psono ships browser extensions for Chrome, Firefox, and Edge, plus native iOS and Android apps. The autofill experience in the browser extensions works across the main credential types — website logins, SSH keys, credit cards, and notes. The experience is functional without matching the polish of 1Password's browser integration.
The mobile apps support biometric unlock (Face ID, fingerprint), which is a baseline expectation users will have from any modern password manager. App store ratings are modest — 3.5–4 stars across platforms — reflecting the UX gap relative to commercial competitors, but not indicating fundamental functionality issues.
Psono's pricing structure is genuinely unusual in the enterprise software market. The Community Edition is completely free, with unlimited users and no feature restrictions on the self-hosted build. The Enterprise tier starts at €0 for the first 10 users, then scales to €2/user/month for teams of 25+. The managed SaaS option is €3/user/month.
For a team of 50 users needing SAML SSO and audit logs, that is €100/month self-hosted or €150/month managed. Compare this to NordPass Business at around €4.99/user/month or Passbolt Cloud at €3.50/user/month. The price advantage is real, and particularly significant for public sector organisations or non-profits operating under budget constraints.
The trade-off is clear: self-hosting requires Docker competence and someone to maintain the deployment. The managed SaaS removes that overhead at €3/user/month, but the data residency question (see below) applies. For large organisations with existing infrastructure teams, self-hosting is almost certainly the right choice.
esaqa GmbH is incorporated and headquartered in Bavaria, Germany, placing the company under GDPR jurisdiction as a data controller. A Data Processing Agreement is available. The Trust Center documents the compliance posture formally.
For self-hosted deployments, the data residency question answers itself: credentials live on whatever infrastructure the organisation controls. An EU company running Psono on a Hetzner bare-metal server in Nuremberg has complete EU data sovereignty with zero US entities in the processing chain. This is the cleanest possible compliance posture for a credential management tool, and it is available at zero licence cost.
For the managed SaaS option at €3/user/month, the picture is less clear. Esaqa does not explicitly publish the hosting region for managed accounts in publicly accessible documentation. Organisations with strict EU data residency requirements should either self-host (the recommended path for this use case) or contact esaqa directly to confirm hosting location before committing.
The zero-knowledge encryption architecture provides an additional layer of protection that matters independently of hosting location: even if managed hosting were on a non-EU server, the encrypted data on that server is not the sensitive thing — the credentials inside the encryption are, and those never exist as plaintext outside the client device.
Psono is a strong fit for European IT and security teams that need enterprise password management — SAML SSO, LDAP provisioning, audit logs, compliance policies — and have the technical capacity to run a self-hosted Docker deployment. The cost advantage over commercial competitors is substantial, and the Apache 2.0 licence eliminates concerns about vendor lock-in or future pricing changes.
It suits regulated organisations (financial services, healthcare, public sector) where on-premises data control is a compliance requirement rather than a preference. The audit log capabilities address the access-control documentation requirements in those sectors.
It is less suited to small teams or non-technical organisations that need a password manager to be a five-minute setup with polished onboarding. Uniqkey (Copenhagen) offers a more business-user-friendly interface with comparable EU credentials. Bitwarden has a significantly larger community, better documentation, and more integrations, though its server is no longer Apache-licenced and the company is US-headquartered.
Individuals and very small teams looking for a personal or team credential vault without enterprise infrastructure requirements will find Proton Pass (Geneva) or NordPass (Lithuania-linked) more appropriate — both offer slicker consumer-facing experiences with strong EU privacy credentials.
Psono solves a real problem elegantly: enterprise credential management at a price point that does not require a budget cycle approval, from a European company under GDPR jurisdiction, with source code you can actually audit. The zero-knowledge architecture is correctly implemented. The enterprise SSO and audit log capabilities are genuine, not watered-down versions gated behind enterprise negotiation.
The honest constraints are worth naming. A 1–10 person team in Vorra building and maintaining the software that many organisations will use to store their most sensitive credentials carries inherent continuity risk. The UX has not caught up with the commercial competition. The managed SaaS data residency question is unanswered in public documentation.
For European organisations that have the technical team to self-host and the security discipline to evaluate open-source software properly, Psono deserves a serious evaluation. The Apache 2.0 licence, the pricing, and the German incorporation make it one of the most coherent EU-native options in the password managers market.
Yes. Both psono-server and psono-client are released under the Apache 2.0 licence, which permits commercial use, modification, and distribution without restriction. The full self-hosted deployment — including enterprise features in the Community Edition — can be audited, modified, and operated without any licence fee. This is more permissive than Bitwarden's server, which switched to BUSL (Business Source Licence) in 2023, restricting competing commercial use of the server code.
Both are self-hostable open-source password managers with enterprise SSO options. Psono's Apache 2.0 server licence is more permissive than Bitwarden's BUSL. Psono's enterprise SSO and audit logs are available from €2/user/month versus Bitwarden Business at around €5/user/month. Bitwarden has a substantially larger user community, more polished UX, more third-party integrations, and better public documentation. Bitwarden is US-headquartered; Psono is a German GmbH. For teams where EU provenance and Apache licensing are priorities, Psono wins. For teams prioritising ecosystem size and UX, Bitwarden is the stronger choice.
Self-hosted deployments store data wherever you run infrastructure — on-premises or any EU cloud of your choice. esaqa GmbH is based in Bavaria, Germany, and processes data under GDPR. For the managed SaaS option, the specific server location is not publicly documented. Organisations with confirmed EU data residency requirements should self-host, which gives complete control and removes the question entirely.
Yes, with caveats. Psono supports SAML/OIDC SSO, LDAP/AD provisioning, role-based access control, audit logs, and compliance policies — the standard enterprise requirement checklist. The €2/user/month pricing is exceptional value. The honest caveat is that the development team is very small, which means enterprise SLA commitments and long-term roadmap continuity carry more risk than they would from a larger vendor. For organisations comfortable with open-source risk management and capable of self-hosting, Psono is a legitimate and cost-effective enterprise choice.
Psono encrypts credentials in the browser or native app before they are sent to the server. AES-256 encryption is applied client-side using keys derived from the user's master password, which never leaves the device. The server stores only encrypted ciphertext and has no access to encryption keys or plaintext credentials. This zero-knowledge design means a compromised server — whether self-hosted or managed — cannot expose credential contents. The implementation is documented in Psono's technical architecture and auditable in the Apache 2.0 source code.
Simple, secure password manager from the makers of NordVPN
Open-source password manager built for team collaboration
Self-hosted corporate password and secrets manager with auditable source code
End-to-end encrypted password manager from the makers of ProtonMail