Centralized local hosted web based password manager

What you're looking for sounds like Privileged Access Management - a central database that stores administrative and other non-user credentials and allows authorized users to "check them out" for use. Such systems often will programmatically change the credentials on the target system so as to prevent re-use outside the window for which access was granted.

The most prominent example of this sort of software is CyberArk. You install it on your network, tell it how to authenticate your users, then you start stuffing credentials into it and, if possible, telling it how to "manage" credentials. It can be configured to change them regularly (e.g. every 60 days), after use, or however you like.

Competitors to CyberArk include Dell Privileged Password Manager and BeyondTrust PowerBroker. And here's a wider list of products that "compete" with CyberArk, ranging from local single-user to cloud multi-user, you might find a match for your needs somewhere on this list.

It is possible that OpenIAM Access Manager, which is Open Source, would provide the functionality you're looking for - but OpenIAM addresses a much wider swath of the Identity Management field, so I'm not sure if it would be suitable for what seems like a more limited need on your part.


Here is a list of tools I evaluated so far (July 2016).

sysPass

sysPass is a PHP web based Password Manager for business and personal use.

  • AES-256 encryption in CBC mode
  • RSA for sending passwords from forms
  • Two factor authentication
  • HTML5 and Ajax interface
  • Users, groups and profiles management (up to 20 access levels)
  • MySQL, OpenLDAP and Active Directory authentication
  • Custom fields
  • Activity notices by email and event log
  • Accounts history
  • Multilanguage
  • API

Vaultier

Safely store and share passwords or even files with people you work with! There is a free community edition and a hosts Saas solution.

https://www.vaultier.org/

Teampass

Teampass is a Collaborative Passwords Manager

Passbolt

Passbolt is an open source password manager for teams. It allows to securely share and store credentials. For instance, the wifi password of your office, or the administrator password of a router, or your organisation social media account password, all of them can be secured using Passbolt.

Passbolt is different from the other password managers because:

  • It is free & open source
  • It is respectful of privacy
  • It is primarily designed for teams and not individuals
  • It is based on OpenGPG, a proven cryptographic standard
  • It is easy to use for both novice and IT professionals alike
  • It is extensible thanks to its restful API
  • Has Chrome and Firefox extensions

Team Password Manager

Is PHP based Password management software for groups.

  • Fine-grained group policies
  • Multiple Projects and Subproject password groups.
  • LDAP/AD Integration

You might want to look into Vault. Vault is an open source tool that provides centralized secret storage that can be accessed over a REST API. It has various methods of authentication (like auth tokens or certificates) and provides policies that can be used for authorization.

Keep in mind that it is a good idea to take a step back and look at your overarching pattern here. In your post you mentioned "To access all of this sites they need a password which was now stored very insecurely", which seems to imply that they are using a shared password. This is insecure in-and-of itself; if you have a shared password, storing it securely won't make it much more secure. Every person who uses it could be a point of failure. If you're talking instead about people using their own passwords to access various external services, it might make more sense for them to use something like lastpass locally. Otherwise if you're having people access your tools, then having a good SSH key structure would be much more secure than having a shared password (where users generate a keypair and send you their public key, and use their private key for authentication to services).

Vault is a good tool, but make sure that you question your assumptions here about what information you want to store in a centralized secret management system, and if that is the best way to do it.