Does Passbolt have the ability to provide offline access to the passwords it stores? My use case is disaster recovery. If my datacenter where I’m hosting Passbolt goes down, it would be nice to still be able to access my passwords without having to have “Passbolt recovery” be the first thing in my DR plan.
I’m thinking of tools like LastPass and 1Password that store their databases remotely, but there’s still a local cache of passwords in case the remote is unreachable.
Community support
People can vote for this idea to show traction:
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
By default you get a copy of your password by email. Using an email client like thunderbird and with an openpgp plugin like enigmail you can then access these passwords offline. This is far from the best best case scenario but this is something you can do right now.
In the next few weeks we will introduce a plugin for export import from LastPass, 1Password and Keypass, so you could use for example keypass to store a copy of your password on a usb key to access them during offline use. This feature will be first available for passbolt pro users.
In the long term we want to implement other mode of offline use, like allowing the passbolt application to work in the browser without being connected to the internet. This should come by the end of the year though.
The problem with the export/import functionality is that most of the formats it exports to are plaintext: the risk of users downloading a plaintext CSV file and leaving on their desktop is too high, so we disabled that function.
But the idea of having an offline mode - where the PGP-encrypted secrets are stored in HTML5 local storage, say - is an excellent one.
I’ve been testing Passbolt and I like what I see so far. I was just wondering about the offline mode for the extensions as this is a blocker for me to migrate to Passbolt. As I recently started using more and more strong passwords and am not always connected to my password manager I would like to have this feature available before using it completely.
This is already possible. You can self-host and use passbolt in airgap environment. However it’s a client <> server application, so if the server is not available because your network between the client and server is down, the client doesn’t provide any options.
Currently we recommend having encrypted backups locally if this scenario is important for you (for example a keepass backup).
I comprehend the principle of client-to-server interaction. However, this does not preclude the option of having an offline password, potentially based on cached data, when the server or the connection to it fails. This feature is essential because, in its absence, the server represents a point of failure.
Any further thoughts on adding this offline cache mode?
I set up Passbolt for my work environment with local network access only. Ironically I am having my employees use it, but I still use bitWarden because I don’t want to VPN in every time I need to get to my password vault on my work laptop when off site. My employees typically only use work PCs on site.
I imagine offline catch may make things less secure and the reason this is not yet a feature? Seems most other password managers offer it though.
As an admin, it’s interesting that you mention using KeePassXC offline (which we also use in company), because I was about to suggest that, when you actually get to implement this important feature, you do NOT export the credentials as plaintext, but instead export the content of PassBolt directly into a new *.kdbx [database] file, whose pwd/key the admin and/or user would set before the export.
This feature would open up so much more use case for Passbolt.
When the server goes down users lose access to all passwords. This is the clearest benefit.
But, it makes local only network hosting of Passbolt much more viable. If you leave the local network you will still have access to passwords and can update than next time you are back on site.
I use Bitwarden for my personal password manager because I don’t want to expose a local instance on Passbolt to the internet or have to VPN in everytime I need a password on my phone. If offline access was available I would self host Passbolt on my home lab.
I have Passbolt deployed to my small business users which works great since they are almost always on site. But, it would be good to have offline access when they have to take a company laptop off site occasionally.
I also don’t use Passbolt for our office managers, because they work from home frequently, so they use Bitwarden. They have VPN access, but it is fairly annoying to need to login to VPN for any password fill. If they had offline storage they could just VPN in occasionally to update passwords. I would really prefer everyone to be on our locally hosted Passbolt.
This is definitely a must have. I have encountered multiple times that I have to do maintenance on the reverse proxy where Passbolt is connected to. After I take the server down I suddenly realize I cant access my secrets anymore. Offline access in the app or browser is really needed.
Already spoke with support about this and was made aware of this thread, but as a passbolt cloud user, completely losing access to our password database with no recourse was devastating, and if the cloudflare outage had gone on longer I know that we would have leaving passbolt as our first priority going forward, so I don’t understand why this feature isn’t a higher priority. And since there’s no way to pull a full offline backup of the cloud, we have to rely on individual user password exports, which with shared passwords becomes a huge mess of duplicates.
I completely understand your concerns and I wanted to let you know that on top of the one free backup per year included in your Cloud subscription, we also propose a paid services for you to have daily database dumps of your Cloud instance that you could use in case of DR. If you are interested, can you please contact sales@passbolt.com ? Our team would happy to discuss that further with you!
As many have already said, having offline access is a very important feature.
Last week my server in a datacenter was down for a while and I lost access to all the passwords, when the server came back it didn’t autostart nginx so I couldn’t access my SSH keys to go into the VPS and start that service, thankfully I still had my old Vaultwarden instance running on my local server and I was able to get the keys from it.
But this experience will make me switch to vaultwarden again, I installed passbolt on a VPS just to not have to worry about not having access to passwords since my local server sometimes goes down because its my homelab but never once did I loose access to my passwords when using valtwarden.
The company where I work also needs a password solution and when we do I was considering going with Passbolt because of the team/sharing features but as of right now I will go with something else.
I noticed in the RCA from November 18th offline mode is referenced for 2026. However, it specifically referred to the browser extension. Any idea on if the mobile apps will also include this functionality, either now or later on the roadmap?
I got to know passbolt at FOSDEM a couple of years ago and decided to give it a try. Since then I host my personal passbolt instance on my NAS at home. it works really well it happens that my NAS goes offline sometimes and then I can’t access my passwords anymore.
Hello team,
Good strat of the year for you all.
I see that “Offline disaster access mode” is on your roadmap now. This feature is the main reason stopping me for Passbolt implementation for my organization. It’s absolutely important for us.
Do you have a planned release date for this feature?
Thank you for your answer
Must have: this is critical for me to have this
Should have: this is important for me to have this
Could have: this could be nice to have
Won’t have: we should not schedule this (explain why)
