[yingw787]

This is really cool, thanks for sharing!

I personally use Bitwarden, also because it's free and open source software, and because the cloud managed option is $10 / year. I've found the GUI to be very well-made for a heavy keyboard user like me. I also second a curses-based terminal interface for password management, I think it'll be really useful!

[Spivak]

I honestly might just pay the $10/yr just to support them but bitwarden_rs is dead simple to deploy if you already have a VPS sitting around for other stuff.

[yingw787]

I consider the self-deployment option the 'npm eject' feature of open-core software, and I'd prefer to support an org to avoid having them disappear and consequently needing to manage my own build infra and scanning mailing lists for security vulnerabilities :P

[mekster]

I think the author of Bitwarden should seriously start considering making the official daemon lighter as bitwarden_rs is just that good.

With a requirement to pay extra $5 on your server instance monthly for more memory to self host the official version, you'll be paying a lot more than $10/year.

[stevenjohns]

After using it for a month or so, the $10 was a no-brainer for me. Great piece of software!

[Improvotter]

Too bad that the owner/maintainer doesn't really like an open API. The only way to interact with the backend seems to be using the cli or trying to figure out the API yourself.

[Xenograph]

Are you talking about Bitwarden or bitwarden_rs? Because bitwarden_rs is simply a third-party implementation of the Bitwarden API server AFAIU.

[angry_cactus]

Bitwarden gets recommended so much on Hacker News that it feels kind of like astroturfing.

That being said, I use Bitwarden and it's great.

[yingw787]

I evaluated LastPass, OnePassword, and Bitwarden personally for my devices (Windows / macOS / Linux / iOS). Bitwarden supports all these plus more, is cheap, lightweight, reliable, UX-decent, and open-source.

If you build a great product people need, it's not a headspinner why people would use it and buy it. Hopefully going into this recession we'll see more products with that lesson baked in.

[z6]

Other than being open source, what does Bitwarden offer over Lastpass on the free tier?

[jjnoakes]

For me: the ability to self-host and the ability to read through the code.

[sethammons]

I use bitwarden too, but I can't figure out how to get the cert to automatically update. I have port 443 served by Caddy2 and use that as a reverse proxy to Bitwarden, but Bitwarden wants to bind to 443 to update the cert. So, for now, it is a case of manually stopping Caddy, updating Bitwarden, and starting Caddy back up. The downtime is only acceptable because I only host personal stuff.

[exhilaration]

Here's what worked for me:

Run the bitwardenrs container without SSL:

sudo docker pull bitwardenrs/server:raspberry

sudo docker run -d --name bitwarden --restart always -e ADMIN_TOKEN=your_admin_token -v /bw-data/:/data/ -p 80:80 bitwardenrs/server:raspberry

Proxy through Caddy (note that I'm using DuckDNS for DNS):

curl https://getcaddy.com | bash -s personal tls.dns.duckdns

nohup caddy -http-port 999 -conf /etc/caddy/Caddyfile -envfile /etc/caddy/CaddyEnvFile -agree -email YOUR_EMAIL@gmail.com &

(the port 999 is because we've already got docker container running on port 80)

Follow the examples here for the configuration: https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examp...

[hanklazard]

I’ve been running it in a docker container plugged into the nginx reverse proxy and letsencrypt companion containers. The latter claims to automatically update certs though I haven’t had it running long enough to test it. Unless you’re set on using Caddy, it’s a pretty straightforward option.

Instructions here: https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-compan...

[forty]

The issue with this kind of solution is that you need to pass your docker socket to the container. Not great.

[hanklazard]

Can you elaborate on why this is a problem? I'm fairly new to docker (and not a programmer / dev), so I'll take any tips I can get!

[forty]

It basically ruins most isolation/security benefits containers provide, since having root access to this socket allows to nearly have root access to the host. This is something you want to really avoid.

I don't really have a good solution to this "reload service when certificates are updated" problem that doesn't involve heavier container orchestration.

[gingerlime]

> I also second a curses-based terminal interface for password management, I think it'll be really useful!

Bitwarden also has a CLI, so it's probably do-able to create something like this.

I built envwarden[0] on top of the CLI, which lets us manage our server secrets with Bitwarden.

[0] https://github.com/envwarden/envwarden