I'm starting development on Obelisk, an open-source password manager designed to be fully self-hosted with a single docker-compose up. The goal is to create a zero-knowledge system where teams and freelancers can share credentials securely without depending on external services like Firebase or managed databases. Frontend: React/TypeSharp + Vite (web-first, Electron optional later)

Backend: Node.js/Express

Database: PostgreSQL (self-hosted in the same stack)

Auth: Custom JWT-based (no external auth providers)

Deployment: Docker Compose for a one-command setup

Key differentiator from Bitwarden/1Password: Complete infrastructure independence. Users host everything—no calls to external APIs, no locked-in encryption schemes.

I'm at the early stage (basic auth and UI skeleton working) and would love feedback from the HN community:

Is the "fully self-contained" approach a compelling reason to choose this over established options?

What are the biggest pitfalls in building a secure password manager you've seen?

Any interest in collaborating? The stack is modern but straightforward.

The project is not ready for production, but the code is public for contributions.