🌟 If you find this project useful, please consider giving it a star! 🌟

AliasVault

Try cloud version 🔥 • Website 🌐 • Documentation 📚 • Self-host instructions ⚙️

Open-source password and (email) alias manager

AliasVault is an end-to-end encrypted password and (email) alias manager that protects your privacy by creating alternative identities, passwords and email addresses for every website you use. AliasVault can be self-hosted on your own server with Docker.

What makes AliasVault unique:

• Zero-knowledge architecture: All data is end-to-end encrypted on the client and stored in encrypted state on the server. Your master password never leaves your device and the server never has access to your data.
• Built-in email server: AliasVault includes its own email server that allows you to generate virtual email addresses for each alias. Emails sent to these addresses are instantly visible in the AliasVault app.
• Alias generation: Generate aliases and assign them to a website, allowing you to use different email addresses and usernames for each website. Keeping your online identities separate and secure, making it harder for bad actors to link your accounts.
• Open-source: The source code is available on GitHub and can be self-hosted on your own server.

Note: AliasVault is currently in active development and some features may not yet have been (fully) implemented. If you run into any issues, please create an issue on GitHub.

Official Cloud Version

The official cloud version of AliasVault is freely available at app.aliasvault.net. This fully supported platform is always up to date with our latest release. Create an account to protect your privacy today.

Self-hosting

For full control over your own data you can self-host and install AliasVault on your own servers. The easiest method is to use the provided install script. This will download the pre-built Docker images and start the containers.

Install using install script

This method uses pre-built Docker images and works on minimal hardware specifications:

• Linux VM with root access (Ubuntu/AlmaLinux recommended) or Raspberry Pi
• 1 vCPU
• 1GB RAM
• 16GB disk space
• Docker installed

# Download install script from latest stable release
curl -o install.sh https://raw.githubusercontent.com/lanedirt/AliasVault/0.12.2/install.sh

# Make install script executable and run it. This will create the .env file, pull the Docker images, and start the AliasVault containers.
chmod +x install.sh
./install.sh install

The install script will output the URL where the app is available. By default this is:

• Client: https://localhost
• Admin portal: https://localhost/admin

Note: If you want to change the default AliasVault ports you can do so in the .env file.

Documentation

For more detailed information about the installation process and other topics, please see the official documentation website:

• Documentation website (docs.aliasvault.net) 📚

Security Architecture

AliasVault takes security seriously and implements various measures to protect your data:

• All sensitive user data is encrypted end-to-end using industry-standard encryption algorithms. This includes the complete vault contents and all received emails.
• Your master password never leaves your device.
• Zero-knowledge architecture ensures the server never has access to your unencrypted data

For detailed information about our encryption implementation and security architecture, see the following documents:

• SECURITY.md
• Security Architecture Diagram

Roadmap

AliasVault is under active development with new features being added regularly. We believe in transparency and want to share our vision for the future of the platform. Here's what we've accomplished and what we're working on next:

• Core password & alias management
• End-to-end encryption
• Built-in email server for aliases
• Single-command Docker-based installation
• Chrome browser extension
• Firefox browser extension (#581)
• Add and associate TOTP MFA tokens to credentials (#181)
• Add support for connecting custom user domains to cloud hosted version (#485)
• Import passwords from existing password managers (#542)

Future Plans

• Mobile apps (iOS, Android)
• Team / organization features (sharing passwords/aliases)
• Disposable phone number service

Want to suggest a feature? Join our Discord or create an issue on GitHub.

Tech Stack & Security

AliasVault is built with a modern, secure, and scalable technology stack, ensuring robust encryption and privacy protection.

Core Technologies

• C# & ASP.NET Core – Reliable, high-performance backend for Web API.
• Blazor WASM – Secure, interactive web UI.
• PostgreSQL & SQLite – Database solutions, with SQLite powering encrypted user vaults.
• Docker – Containerized deployment for scalability.
• Next.JS & React & Typescript - Powering the AliasVault website and browser extensions

Security & Cryptography

• Argon2id (Konscious.Security.Cryptography) – Industry-leading password hashing.
• SRP – Secure Remote Password (SRP-6a) protocol for authentication.
• MimeKit & SmtpServer – Secure email processing and virtual addresses.

Additional Tools

• Tailwind CSS & Flowbite – Modern UI design.
• Playwright – Automated end-to-end testing.
• SonarCloud – Continuous code quality monitoring.

AliasVault prioritizes security, performance, and user privacy with a technology stack trusted by the industry.