Passbolt — EU Alternative to 1Password / LastPass

Direct Replacement

Ditch

1Password / LastPass

Both are US-owned with corresponding sub-processor and CLOUD Act exposure.

Adopt

Passbolt

Luxembourg-based open-source vault that can run entirely inside EU infrastructure.

Compare Passbolt vs 1Password / LastPass → All 1Password / LastPass alternatives →

Key Capabilities

End-to-end encrypted password and secrets vault
OpenPGP-based encryption with public/private key architecture
Team and organization-level sharing with granular permissions
Browser extensions and CLI client
Fully self-hostable on Docker or Linux servers

passbolt.local/admin/users

Value Comparison

Feature	1Password / LastPass	Passbolt
Company location	US vendor	Passbolt SA, Luxembourg
Source model	Proprietary	AGPL-3.0 open source
Deployment choice	Vendor-managed cloud only	Self-hosted, managed cloud, or hybrid
Encryption model	Vendor-managed key escrow	Client-side OpenPGP key pairs

Why it belongs in an EU-first stack

Passbolt occupies an important position in the password management landscape because it combines three properties that are rarely found together: end-to-end encryption with client-side keys, a fully open-source codebase, and a European legal entity.

For security-conscious teams, the OpenPGP-based encryption model means even a complete vendor compromise would not expose plaintext credentials. For procurement teams, the Luxembourg jurisdiction removes the US CLOUD Act question entirely.

The self-hosted deployment path is particularly attractive for regulated environments. The platform can run alongside other EU-hosted infrastructure with no vendor data path at all, which is difficult or impossible to achieve with any of the major US-owned password managers.

Pairings

Recommended Pairings

Tools that typically complement this profile in a cleaner European software stack.

H

Hosting & Cloud

Hetzner

One of the most practical EU infrastructure defaults for startups that want predictable costs and regional clarity.

EU Germany and Finland

Strong infrastructure base for self-hosted or managed sovereign stacks. View profile →

S

Hosting & Cloud

Scaleway

Public cloud and infrastructure platform for teams that want an explicitly European cloud provider with a modern product surface.

EU France and broader European regions

Best when you want a more sovereign cloud story than the hyperscaler defaults provide. View profile →

Z

Identity & SSO

ZITADEL

Open-source IAM for customer and workforce identity with OIDC, SAML, SCIM, and machine identity support.

CH Switzerland and EU regions on managed cloud, or self-hosted

Strong choice when you want a sovereign IAM platform without giving up modern SaaS ergonomics. View profile →

FAQ

Frequently asked questions about Passbolt

Common questions about compliance, hosting, and capabilities.

Is Passbolt GDPR compliant?

Passbolt is operated by Passbolt SA, incorporated in Luxembourg, with open-source software under AGPL-3.0 and full self-hosting documentation.

Where is Passbolt hosted?

Passbolt is hosted in Self-hosted or managed cloud and headquartered in Luxembourg, operating under Luxembourg jurisdiction.

Is Passbolt open source?

Yes, Passbolt is open source under the AGPL-3.0 license. It can also be self-hosted for full data control.

What does Passbolt replace?

Passbolt is a European alternative to 1Password / LastPass. Luxembourg-based open-source vault that can run entirely inside EU infrastructure.