I'm on the hunt for a password manager that fits specific criteria: it needs to integrate with Active Directory LDAP for authentication and operate in an air-gapped environment without any internet access. Additionally, it should be suitable for a typical domain network setup. We've checked out a few commercial options, but many of them seem to depend on internet access for either licensing or updates. Has anyone successfully found a solution that works well in a completely isolated domain network? Any recommendations or personal experiences would be really helpful!
5 Answers
ManageEngine Password Manager Pro is another option that can be hosted on-premises in an air-gapped environment. It integrates with AD/LDAPS for authentication and you can update it offline by downloading updates on a different machine and transferring them via USB. Licensing is straightforward; you get an .xml file via email, so no internet access is needed for that either.
BitWarden can be self-hosted and meets your criteria, but it does require internet access for the initial licensing. After that, it can function offline without issues.
You might want to check out Passbolt's community edition; it's open-source, self-hosted, and designed with privacy in mind, plus it could work well in your requirements.
I think Psono would be a great fit for you as it ticks all the boxes for AD LDAP integration, but keep in mind it’s not free for that feature.
Consider using KeePass Password Safe. It runs entirely locally; you just need to set up the password folder as a shared folder on your air-gapped system. Your personal passwords are secured with a main password, even when they’re in the same file.
Does VaultWarden support that feature too?