Skiff v0.2.0 — Team mode

Skiff can now run as a shared vault for a whole team, not just one person, while staying fully self-hosted. No cloud, no external identity provider.

Team mode

Choose Personal or Team at setup. Personal works exactly as before.

In team mode, multiple people sign in with their own username and password, sharing one encrypted vault.

Admins can add members, reset passwords, and disable accounts.

A full audit log records logins, host connections (who connected where, as which user), and host/user changes.

Migrating in

Upgrade an existing personal vault to team mode in place from Settings → Team. your hosts and credentials carry over untouched.

New backup / restore: export an encrypted vault and restore it onto a fresh instance, so you can move from a laptop to a team server.

Security

Each member stores their own copy of the shared key, sealed with a key derived from their password (argon2id). The shared key never touches disk unencrypted.

Forgotten passwords are recoverable by an admin reset no cloud backdoor.

See SECURITY.md for the full crypto design.

Note: Team mode is a shared vault every member can access every host. Per-host role-based access control is not included.
Self-hosted, open source, AGPL-3.0. Feedback and issues welcome.

v0.1.0

Skiff v0.1.0
First tagged release. Skiff is a self-hosted SSH connection manager - your hosts, your keys, encrypted and stored on your own server.
What's in it

Encrypted credential vault (AES-256-GCM, argon2id key derivation)
Browser based SSH terminal with host key verification
Host and folder organization with tags and search
SSH config import
Encrypted backup export
One-command Docker deploy

Recent fixes

Fixed Docker builds not serving the web UI
Fixed SSH config import mishandling wildcard host blocks
Hardened first connection host key verification
Various security and stability fixes
Cross-platform build support (Windows/Mac/Linux)

Self-hosted, open source, no cloud. Feedback and issues welcome.