From what I understand of it your passwords and all should be save as it also stores them clientsided. So its more like your sync is down. But dont quote me on that
My wife was the type to use the same password evey where. I switched to bitwarden for the ios app to get my household to use it. Worth the extra complexity imo
I don't trust vaultwarden, only on the basis that it's unofficial and not as strictly audited. I use the container stack provided by bitwarden behind a cloudflare tunnel and backup the data directory with duplicati to S3. Should be able to do the same with vaultwarden, just try a backup test.
Actually on premise self hosting email is just stupid these days. I do have my domain email set up with a local provider, but I don't use it. Again, email is crucial and I don't trust myself
I just periodically export my vault every few months, it's compatible with bitwarden. Absolute worst case scenario I can just sign up and import my vault, and maybe lose a password or 2,whoch can most likely just be reset anyways.
I like to connect an external drive and make backups on it. If your Vaultwarden die, unless your devices are de-authorised (or try to update the URL), you can access the vault and export the data.
I tried Vault warden, but I didn't find it better than KeePass which I have syncing over nextcloud to storage that is mounted over NFS for my desktop and laptop. There are plenty of clients so you can use windows, linux, android etc.
I ran Keepass synced through my Nextcloud for a long time as well, but I switched to Vaultwarden after loosing Passwords due to sync issues. Almost got locked out of an important account. Luckily I noticed it early enough to recover it through my Nextcloud's versioning. But since then I'm too paranoid to rely on a password manager without a reliable syncing mechanism built-in if I'm gonna use it daily on a range of different devices.
I regularly hear it's great. Has anyone moved from KeePass? I haven't read anything that makes me think I should move on from KeePass. I have maybe ~4-5 clients and merging databases has been very easy since no client is offline for too long.
I tried it but reverted back to KeePass. I didn't see any advantage with Vaultwarden and having it exposed so brazenly didn't fill me with confidence. When I tried to run in parallel I found that you can't sync vault warden with a keepass DB file. You can import it, but once it's imported you can't keep them in sync. Re-do an import and you end up with everything duplicated - but updated entries... which is the up to date one? If it had better syncing I could see myself using keepass on mobile and vaultwarden on PC. But at the end KeePass is just brilliant as it is and that's fine with me.
I moved to Vaultwarden from Keepass with Nextcloud. I used that for a long time, but noticed severe syncing issues at some point. And because the sync was constantly overwriting the full kdbx container in the cloud from different devices that I'm using at the same time, it seemed very unsafe and hard to troubleshoot. I like KeepassXC and KeepassDX a lot more than the Bitwarden apps, but the more stable, built-in sync is more important for me.
KeePass recently had a password recovery vulnerability. I personally use KeePass XC, Syncing and between devices (only in my trusted LAN) with Syncthing and backing up automatically on my Homeserver.
That way, I can make sure that none of my stuff gets sent to the internet, also my passwords are encrypted using a Passfile, which I never transmit.
For backups, I have two storage VPSes (one in Los Angeles and one with a completely different provider in Canada), and have an individual backup to each one. I'm using Borgbackup for that.
Borg lets you enable an "append only" mode for particular clients such that even if an attacker were to gain access to your client system, they couldn't delete your backups. This is a common issue with rsync/rclone solutions.
Borg dedupes across all backups, so you can have months of daily backups without using a lot more disk space. Neither rsync nor rclone can do this.
Don't forget to test your backups by doing a data recovery run - act as if your data was lost, and try to set everything up again, maybe on a VM or something. If the backups aren't tested, you don't really have backups :)
My homeserver runs borg, but how would I go about backing the remote server up? I read somewhere that sshfs would be an option, but that involves opening my ssh for root login, which sounds a bit sketchy IMO.
I use vaultwarden as my bitwarden backup. I pay for bitwarden premium because it's too critical of a service for me to not pay for access/support the service, or to expect my self hosted option will be sufficiently reliable enough.
That said, as a backup option, I run the vaultwarden addon in home assistant and just periodically do a manual export from bitwarden and import to vaultwarden. This is usually good enough for me, but glad to see this thread with some other options. Will be exploring some of these too!
Oooh, I like this idea... I've thought about running vaultwarden but like you I pay for bitwarden premium because I think it's critical for me and I like the service and want to see them continue. Using it as a backup, then I can still support them and run my own backup.
I've been using it for a few months now and love it. I have it on 2 VMs. 1 at home and 1 on my dedicated server in the cloud.
I have a horribly written script that stops the vaultwarden container on the home VM, it copies the db.sqlite3 files to the VM in the cloud using SCP, copies everything inside the attachments folder using SCP and then starts the container again. I then have the same type of script on the cloud VM that stops the container, grabs the db and attachments from the temp folder and moves them to the correct directories and starts the container.
I only use the instance on the VM at home, the cloud VM is only used if something has happened to the VM at home. I do the same with my netbox instance.
I also don't expose anything to the internet. Everything is behind WireGuard. I have my phone setup with Tasker to automatically connect the tunnel when my phone disconnects from my home WiFi SSID.
Add comment