[AnIdiotOnTheNet]

My company used to use the unmaintained "CorporateVault", but switched to Bitwarden_rs after Flash (which CorporteVault used for copying to the clipboard) was deprecated. Bitwarden_rs was chosen because it had a relatively painless install compared to pretty much everything else I looked at, requiring only one Docker container. It's not bad.

[hda111]

You give in trust your company’s passwords to a random dude’s open source project that was never audited professionally. Seems a very risky thing to do.

[chousuke]

The only thing you have to trust on a BitWarden server is the Javascript client that it serves you, and using that is entirely optional as you can just use other clients. The server could be explicitly malicious and still safe to use.

bitwarden_rs bundles the upstream JS in its default containers, so it's the same code that you'd be running from bitwarden.com

[0xbkt]

Both server impls end up with a bunch of binary crap in the end.

[rubatuga]

You don’t even need docker if you build from source

[AnIdiotOnTheNet]

Maybe you didn't get the whole "I picked it because it was easy to install" part. Building software from source is pretty much the exact opposite of that.

[smoldesu]

Rust is designed to be built from source, and the development toolchain is light enough to keep on a VPS if that's your bag. If you have Cargo installed, compiling and installing from source is easier than using NPM.

[alias_neo]

> and the development toolchain is light enough to keep on a VPS

Or, you know, in a Docker container...

I build pretty much everything that's not C/C++ and/or Go using a Docker container now.

When you're working in a team, it's also an amazing way to share the build environment

[AnIdiotOnTheNet]

I couldn't care less about Rust. The fact that this project used it is irrelevant to me and I have no desire to setup a Rust build env.

[denysvitali]

It really depends. Go and Rust softwares are generally easy to build from source

[AnIdiotOnTheNet]

I was trying out a bunch of different similar products, I was not going to set up a build environment just to test software. I immediately disqualified anything that required I build it from source.

Of the ones that didn't, very few had working install documentation and I wasn't going to fix it for them just to try out their product. I did open issues on their trackers about it for them, not that they cared since nothing has been done.

Bitwarden_rs was the one that had working install documentation that didn't require a build environment. It met our requirements in testing, so I deployed it to production.

[dbt00]

Yes but coming from a go or rust neophyte to trusting that you've installed correctly from source is probably a higher bar than knowing that you've run a container correctly.

[rubatuga]

Lmfao, you assume that docker is easy to install

[AnIdiotOnTheNet]

Docker was an apt install, it wasn't exactly what I would call difficult.

[vangelis]

It's not?