Why we built YAPM – Yet Another Password Manager

For the past seven years, Mixvoip has relied on an internally developed password manager. The project started as a side experiment by an intern who, with support from our team, created a solid encryption model that has served us well ever since. That intern is now our Lead CloudPBX Developer — so the knowledge behind the tool stayed in-house.

But with over 3,000 passwords and growing, our old system began to show its limits. Managing 5,000 small and medium-sized business customers, suppliers, and services requires more than just a simple password vault. We needed better search, granular permissions, tagging, and — most importantly — an API to integrate with our CRM and automation workflows.

The development team, however, was reluctant to maintain the seven-year-old codebase. “It’s time to move on,” they said, “let’s buy a modern solution.” And they were right — building a password manager is not our core business. So we explored the market.

Which password managers did we test?

We evaluated several professional and open-source solutions, including:

Each tool was tested with 5,000 generated credentials to measure real-world performance, usability, and how well it could integrate with our workflows.

Devolutions

A great product, full of features — maybe too many. It’s robust and well-documented, but the annual cost of €15,000 made it hard to justify for a single-use case. Over three years, that’s €45,000 for something we still needed to customize to fit our internal systems.

Bitwarden

Bitwarden is a well-known open-source password manager with both cloud and self-hosted options.

It performed well at the start until we hit volume limits. Beyond a few thousand entries, search and navigation became sluggish, making it unfit for daily operations with thousands of credentials.

Vaultwarden

Vaultwarden is an open-source alternative compatible with Bitwarden clients. It’s lightweight, easy to self-host, and ideal for small teams who want to manage passwords without recurring licensing costs.

We loved the simplicity and open-source nature, but once we crossed 3,000 stored passwords, the search became painfully slow and the interface lagged. It simply wasn’t built for our scale.

Passwork

Passwork is designed for enterprise teams that need shared password management with audit logs and granular permissions. It offers both cloud and on-premise options.

Performance issues started around 3,000 entries. While it’s stable and feature-rich, it didn’t scale well enough for our needs.

Passbolt

Passbolt is an open-source password manager focused on security and team collaboration. It relies heavily on browser extensions for user access and encryption handling.

Requiring a browser extension for all operations was a dealbreaker. Maintaining extensions across every user device adds complexity, and giving them access to the browser’s DOM creates an unnecessary attack surface. A compromised update could expose browsing data. This was too much of a risk for our environment. Once filled with 5,000 passwords the interface became slow and it was impossible to add new uses.

So we built our own and published the source code

After months of testing, we faced a simple conclusion: nothing matched our performance, security, and integration requirements. So we did what developers do. We built it ourselves.

YAPM – Yet Another Password Manager was born. It took three months to develop and is now open source. YAPM includes:

A web interface in dark mode
Powerful search
Tagging, grouping, and permissions
A full API for integration

You can try it, contribute, or host it yourself or use in any way you want for free. We put the source code on GitHub and you can join our developers on our Matrix chat. Maybe you have a few questions.

If you prefer a managed version with maintenance and backups, contact us at sales@mixvoip.com.