I am looking into password managers, as number of my accounts are increasing. Currently I am weighing two options:
- Host Vaultwarden on a VPS, or
- Use the free bitwarden service.
I want to know how they are in practical aspects.
While I am fine self-hosting many services, password managers seem to be one of the most critical services that should not admit downtime. I surely cannot keep it up, as I need to update it time to time.
On the other hand, using bitwarden might require some level of trust. How much should I trust the company to use the free service? How do I know if my passwords would be safe, not being exposed to the wide net?
I want to gauge pros and cons, are there aspects I missed? How are your opinions on this? If you are self-hosting vaultwarden, how do you manage the downtime? Thanks in advance!
I’d throw in option 3: use a KeePass2 database, sync it using whatever sync tool you like (SyncThing, iCloud, NextCloud, WebDAV, …) and use compatible apps (KeepassXC, Strongbox, etc.)
I migrated from KeePass2 as the the DB would get out of sync and need to be merged back together. Thats why I moved to Vaultwarden, I like having my data on my own stuff
I keep seeing people mentioning Syncthing with KeePass… I use both, but not together, between 3-4 different devices. I have a central Syncthing server to which all devices sync everything, but my KeePass database (keyfile & password protected is stored on Google Drive, in a G Suite Workspace account that I pay for. The keyfile is stored individually on each device that needs it, with a printed out copy (with instructions!) as a backup.
Would my keypass database survive Syncthing the way I have it setup?
Just a PSA for anybody reading the thread, though it doesn’t really help with the question at hand… On the very slim chance that your workplace uses Bitwarden Enterprise it’s worth knowing that every licensed user gets a free family plan that can be tied to an existing personal account, provided it’s hosted in the same region.
We do use it but very few of our own users are even aware of the perk so I like to spread it around when I get the chance!
One little bonus for using Vaultwarden is that you get access to premium features for free. But still, I put availability much higher when it comes to password management, so I would go with paid Bitwarden. That is what I did before moving to Keepass.
I second Vaultwarden, have been running it for a few years and even had a catastrophic host failure that I recovered from. was able to use the clients on both phone and laptop while building new host
There is a backup image you can run to take backups of the SQLite DB, used that a few times as the DB got tangled.
Also anything you host should have a good 3-2-1 backup strategy
I self host vaultwarden and its great. Its an easy self host, and in my experience, it has never gone down on me.
That being said, my experience is anecdotal. If you do go the vaultwarden route, realize that your vault is still accessible on your devices (phone, whatever) even if your server goes down, or if you just lose network connectivity. They hold local (encrypted at rest) copies of your vault that are periodically updated.
Additionally, regardless of the route you take you should absolutely be practicing a good 3-2-1 backup strategy with your password vault, as with any other data you value.
There’s not a need to have vaultwarden up all of the time unless you use new devices often or create and modify entries really often. The data is cached on the device and kept encrypted by the app locally. So a little downtime shouldn’t be a big issue in the large majority of cases.
