Hello,
I am thinking about switching to bitwarden.
i am currently using KeepassX with Nextcloud to share the Password file.
Do you self host bitwarden ? If yes, Why ? if no, Why ?
As listener to DLN, I would suppose you do.
What if bitwarden web site becomes unavailable ? for any reason, they go under, political, get ban in your country, whatever.
The issue I have about hosting my bitwarden instance (on my freenas for example) is that I would require a VPN connection each time I want to access my password, which can be cumbersome
You can create local backups of your Bitwarden vault if you’re concerned about losing access. As far as I know (someone who’s looked at the code feel free to correct me) the vault is kept on your local device in encrypted form anyway - as sometimes I have to sync it manually when I make a change on another device. I don’t self host because it’s just not that much of a security concern for me personally. I’m a very low-value target for anyone wanting to steal something.
I use Bitwarden and while I do self-host a lot of stuff, I don’t self-host Bitwarden.
I do occasionally make local backups, so I would be able to recover, if their servers disappeared.
One of the main reasons I do not host my own Bitwarden server, is the ASP.NET and MS SQL Server backend, but I might try out bitwarden_rs, a Bitwarden server written in Rust, which is much lighter and easier to run.
I have my home servers on a constant open wireguard connection to a DO droplet, and I have wireguard set up on all my devices, so I can just establish a connection from any device to the droplet and I have access to all my home machines, so I don’t think it is THAT cumbersome.
Also, if I am willing to lower the security a bit, I can run a reverse proxy on the VPN server and open the HTTPS port to my local server’s Bitwarden port. That way I could access it just like the normal Bitwarden service without a VPN.
I pay for the premium version of Bitwarden, to support the project and I would continue to do so, even if I decided to go self-hosted in the future.
I migrated from LastPass to Bitwarden last year. I only use it through the browser plugin at this point.
I do not self-host. But I will be watching this conversation.
@kobberholm, if you don’t self-house how are you backing up your vault? Are you just exporting the vault? The reason I ask is because vault export are not encrypted. Are you using the CLI tool to sync to a local copy?
I’m a bit new to Bitwarden and would like to learn more about this.
I’m in the process of transitioning to Bitwarden from Lastpass. It’s a lengthy process as I have chosen to pick through my Lastpass entries and manually recreate those I need in Bitwarden as a means of cleaning things up.
I’m finding that the Bitwarden client doesn’t have quite the polish that Lastpass does. However, it’s worth the migration to support the open source community and such a great project in Bitwarden.
Saw comments regarding the locations of the Bitwarden Vault. Has me wondering about this as I use it on my Linux workstations and my Android phone. Is Bitwarden syncing the vault between these devices?
Yes, Bitwarden does sync between devices. The only time I’ve had issues is when I’ve added a login on my phone or computer and then immediately tried to use it on another device (required a manual sync). Typically it syncs on its own pretty regularly.
I just export them unencrypted and I don’t do it nearly often enough, so I would lose some passwords if the Bitwarden service was ever going to go down, unless it let’s me unlock the locally cached version without internet.
I’d recommend keeping the exported files inside an encrypted dir, which luckily KDE Vaults makes super easy
I was a long time Keepass user until earlier this year when I switched to Bitwarden. I use it both for work and personal. At work I have a a free account currently that is shared with one other co-worker. For personal use I have subscribed to the Premium subscription for the YubiKey integration. Both are hosted by Bitwarden although I might eventually look into hosting our own instance at work. So far I have loved it - I have it installed on a MacBook, several of my Linux laptops (Manjaro, Mint, and Fedora), a Windows laptop and on my Android phone. It has worked flawlessly on all devices so far.
Kind of the same for me except I was using 1password before that. We share a free account with my wife (ubuntu, iOS, windows) and even if the app interface has less polish than 1password it’s working flawlessly.
I already bookmarked a tutorial on how to host via docker bitwarden_rs but it’s more a way to maximize my nas than a lack of confidence in bitwarden servers.
I host myself on docker. Very easy setup, easy to upgrade. I make daily backup in case of failure. Probably not a big issue since I have ut synced on several devices.
If Bitwarden in short term no issue sisnce I self host. But with no updates I need to find another solution.
For your VPN question, you only need VPN to sync. I always use VPN on all my devices when I am away from private network. So no big issue for me. Wireguard have is easy to manage and connect automatic when away from home.
I host it locally as a docker using the bitwarden_rs a rust implementation of the server which is lighter weight than the official build. I connect to it over a Tinc VPN from all my devices, including my phone, so I don’t have to worry overly much about people sniffing my credentials. It is easy to back up, can host multiple accounts supports 2FA and general works seamlessly with the official Browser plugins and mobile apps.
Yeah, FWIW I do use bitwardenrs already and it is working like a champ. Sounds like we have similar setups only I use Tinc because of legacy and meshing but a p2p wireguard option is good too.
