Self-hosted · End-to-end encrypted

Your passwords, on your own server.

Vestyn is a password manager you run yourself. Secrets are encrypted on your devices before sync, while your server handles accounts, vault membership, and ciphertext storage. Built for people who want polish without giving up control.

macOS 15+ · Universal Docker one-liner No Vestyn cloud account
Local keysVault secrets are encrypted before sync
Your hostRun the server, database, and backups
Signed appNotarized macOS builds with checksums
Open codeSource available under AGPL-3.0
Why Vestyn

Sovereignty, without the rough edges.

Self-hosting usually means trading polish for control. Vestyn refuses the trade — a native app and a clean web vault on top of infrastructure you fully own.

Encrypted before it leaves

Your master password derives keys that never touch the network. The server receives encrypted vault data it cannot decrypt without a member’s keys.

One container to run it

A Docker image, Postgres, and a reverse proxy. Up in minutes on a VPS, a NAS, or the spare machine under your desk.

Native, not a wrapper

A real SwiftUI Mac app with Touch ID, menu-bar quick access, and system AutoFill. The web vault and browser-extension work share the same encryption core.

Touch ID everywhere it counts

Unlock the app, reveal a single password, or fill a login with Touch ID. Biometric checks stay inside macOS; Vestyn never sees fingerprint data.

Vaults you can share

Invite family or a team to a shared vault. Keys are wrapped per member, so access is granted cryptographically — not just hidden behind a flag.

Yours to inspect

The protocol and clients are open source. Read the code, run the server, and follow each release from source to signed download.


How it works

Three moving parts. You own all three.

Run the server

Pull the container, point it at Postgres, and put it behind HTTPS. It only ever stores encrypted blobs and the metadata needed to sync them.

Create your vault

Your master password derives an encryption key on-device with Argon2id. The key stays local; the server gets a verifier it can't reverse.

Unlock anywhere

Mac app or web vault — each decrypts locally after you authenticate. Sync moves ciphertext; plaintext item fields never travel.

Architecture

Zero-knowledge by construction, not by promise.

The server is designed so it can't decrypt your vault contents. Keys are derived and held on your devices; the database stores authenticated ciphertext and the metadata needed for sync. Protect the host and backups as usual, but a database dump alone is not enough to read secrets.

Read the security model
Get started

One command to stand up your own.

Bring up the server with Docker Compose, open the web vault, and connect the Mac app to your own instance.

# clone, configure, and bring it up git clone https://github.com/mtenekeci/Vestyn cd Vestyn && cp .env.example .env docker compose -f docker/docker-compose.yml up -d