Skip to content
Arsenale logo

Secure Remote Access,
From Your Browser

Open-source, self-hosted Privileged Access Manager. SSH terminals and RDP desktops in your browser, with enterprise-grade encryption.

Try the Demo View on GitHub
Privileged Access Manager

Browser-Based Access

SSH terminals and RDP desktops directly in your browser. No client software, no VPN, no hassle.

Zero-Trust Encryption

AES-256-GCM encrypted vault with Argon2id key derivation. Your master key is never stored.

Self-Hosted Control

Your infrastructure, your data, your rules. Deploy with Docker on any server you control.

Everything You Need

A complete toolkit for managing remote access across your infrastructure

SSH Terminal

Full-featured terminal sessions powered by XTerm.js with real-time I/O via WebSocket. Customize fonts, colors, cursor styles, and choose from 9 color themes. Built-in SFTP file browser for seamless file transfers.

RDP Remote Desktop

Access Windows desktops through Apache Guacamole with configurable quality presets, color depth, resolution, DPI, and audio settings. Drive redirection enables file transfers between your browser and the remote machine.

Encrypted Credential Vault

All credentials are encrypted at rest with AES-256-GCM using keys derived from your master password via Argon2id. The vault auto-locks after inactivity, and your master key is never stored on the server.

Team Collaboration

Multi-tenant architecture with organizations and teams. Share connections with granular permissions (read-only or full access). Team vaults let members access shared credentials securely.

Security & MFA

Two-factor authentication with TOTP, SMS, and WebAuthn/Passkeys. OAuth integration with Google, Microsoft, GitHub, and generic OIDC providers. Comprehensive audit logging tracks every action.

File Transfer

SFTP file browser for SSH sessions with upload, download, mkdir, rename, and delete operations. RDP drive redirection for seamless file exchange. Transfer queue with progress tracking.

Built With

React Express.js PostgreSQL Docker Socket.IO Guacamole TypeScript Prisma

Try Arsenale Now

Explore the full interface with pre-configured connections. No installation required.

URL demo.arsenalepam.com
Email demo@arsenalepam.com
Password arsenaledemo
Open Demo

Demo environment resets periodically. Do not store real credentials.

Up and Running in Minutes

Three steps to deploy your own Privileged Access Manager

1

Clone

git clone https://github.com/dnviti/arsenale.git
cd arsenale
2

Configure

cp .env.example .env
# Edit .env with your settings
3

Deploy

docker compose up -d

Free. Open Source. Forever.

Arsenale is licensed under GPL v3. Inspect the code, contribute features, report issues, or fork it and make it your own.

Star on GitHub Read the Docs Report an Issue