I'm on the hunt for a password manager that can integrate with Active Directory LDAP for authentication and is designed to operate in a completely air-gapped environment—meaning it can't access the internet at all. I'm specifically looking for something that works well in a domain network setup. We've explored a few commercial solutions, but many of them require an internet connection at some point for licensing or updates. Has anyone here found a reliable option that fits these criteria? I'd really appreciate any recommendations or personal experiences!
7 Answers
ManageEngine Password Manager Pro is designed for on-premises hosting in air-gapped environments and integrates smoothly with AD/LDAPS for authentication. You can download updates on a separate machine and transfer them via USB to your isolated setup. Licensing is handled through an XML file sent via email, so no internet access is needed.
You might want to consider using SAML 2.0 instead of LDAP. This will enable multi-factor authentication (MFA), which is a good security enhancement. Just ensure your password manager supports direct access to your account without the need for connectivity.
BitWarden self-hosted could meet your needs, but keep in mind you'll need internet access for the initial licensing. After that, it can function offline without any problems.
KeePass Password Safe is entirely local. You can set up your password folder as a shared folder within your air-gapped system. Each user’s passwords are protected by a personal main password, ensuring they remain secure even though they're in the same file.
You might want to check out Passbolt's community edition. It's free and open-source, self-hosted, and made in Europe, emphasizing privacy by default.
Psono is a solid pick for your requirements. However, it's worth noting that it isn't free if you want LDAP integration.
Passwordstate works perfectly for such setups.
Does VaultWarden have the same capability to work offline?