# The Self-Hosted Passportal Alternative MSPs Actually Need

When MSPs search for a Passportal alternative, they get pointed to Keeper, Bitwarden, or 1Password. These are fine standalone password managers. But they miss the point of what Passportal actually does — and why replacing it with a generic credential tool leaves a significant gap in your workflow.

N-able Passportal isn't just a password manager. It's a credential vault that lives inside your documentation platform. The real pain of losing it (or being priced out of it) isn't just losing a place to store passwords — it's losing the link between those credentials and the client documentation, network records, and assets they belong to.

That integration is what most alternatives fail to replicate.

## What MSPs Actually Need From a Passportal Replacement

A standalone password manager treats a credential as a row in a database. You store it, you retrieve it, done. That works fine for a single organisation. It's awkward for an MSP managing 40 clients.

What MSPs actually need from a credential tool:

- Client-scoped vaults — credentials that belong to a client, not a shared flat list
- Integration with network documentation — so you can see the firewall password alongside the firewall's IP, location, and config notes
- Integration with assets — so a server's local admin password lives on the server's asset record
- Access control — technicians see only the clients they're assigned to, not everything
- Self-hosted, on your infrastructure — because storing client credentials in a vendor's cloud is a risk profile many MSPs can no longer justify

Bitwarden and Passbolt solve the "where do I put passwords" problem. They don't solve the "how do credentials fit into my broader MSP documentation" problem.

## The Problem With Just Swapping One SaaS Tool for Another

The obvious Passportal alternatives — IT Glue, Hudu, ConnectWise's ITBoost — all include integrated credential management. They're solid platforms. But they share the same structural problem Passportal has: your client data lives on someone else's infrastructure.

That matters more than it used to. N-able's pricing changes after acquiring Passportal are well documented. Kaseya's acquisition of IT Glue triggered a wave of MSPs re-evaluating vendor dependency. The pattern is predictable: a niche tool gets acquired by a larger vendor, pricing goes up, contract terms tighten, and migration becomes expensive.

When your credentials and documentation are locked in a SaaS platform, the exit cost is real. Data exports are incomplete. Formatting is lost. Client relationships are disrupted during migrations. The per-seat model means pricing scales with your growth rather than staying flat as you add technicians.

Self-hosting changes that calculus entirely.

## Why Documentation and Credentials Belong on the Same Platform

The reason Passportal built documentation features — and the reason IT Glue and Hudu include credential vaults — is that these two things are naturally linked. When a technician is diagnosing a client issue, they need the network diagram and the switch password in the same place. Switching between a documentation tab and a password manager tab adds friction and breaks context.

More practically: keeping credentials siloed from documentation creates drift. Passwords get updated in the vault but not reflected in the runbooks that reference them. Network documentation gets stale because updating it requires two separate systems. The synchronisation problem is solved if there's only one system.

## What an Integrated, Self-Hosted Platform Looks Like

Weavestream is a self-hosted IT documentation platform that includes a built-in client credential vault — alongside asset management, IPAM, SSL and domain monitoring, a client portal, role-based access control, and a security centre.

The credential vault is scoped by client. Each client has their own vault, and credentials can be linked to assets, network records, and documentation entries. Technicians only see the clients they have access to, enforced through RBAC that covers the entire platform — not just the password section.

Because it's self-hosted, your data stays on your infrastructure. There's no per-seat licensing. Deploying an additional technician account costs nothing. A new client costs nothing. The platform runs on Docker with a Postgres backend, which means you're deploying something operationally similar to any other containerised application in your stack.

The AGPL-3.0 licence means the source code is auditable. If you have a security policy requiring code review before deploying tools that handle client credentials, you can actually do that review.

## Getting Started

Weavestream deploys via Docker Compose. The installation takes about ten minutes if you've run containerised applications before. You're not dependent on a vendor's uptime, a vendor's pricing decisions, or a vendor's acquisition strategy.

If you're evaluating Passportal alternatives and the shortlist keeps coming back to "just use Bitwarden plus a separate documentation tool," it's worth spending ten minutes on a self-hosted option that keeps credentials and documentation in the same place.

[Weavestream is free and open source. Get started at weavestream.io →](https://weavestream.io)