[slock83]

Same or better uptime might not be granted, but I've been hosting my instance for quite a bit of time now, and the only downtime I've had were due to my ISP. I'm using vaultwarden too (bitwarden_rs when I first deployed it), and have absolutely no complains whatsoever.

Also, after your device synced with the server at least once, you can still access and export all your passwords, even if the server is down. This is the main selling point for me : even in a disaster scenario, your passwords are "naturally" replicated.

Mine is exposed behind a reverse proxy, with a subdomain != Bitwarden, and a wildcard certificate. Never seen anything weird in the logs since (before, I had a named certificate including subdomain, and I was seeing regular pokes from unknown IPs, so better be on the safe side)

Again, the main bitwarden instance is a huge target. Mine is just a small instance with less than 10 users, which will probably never encounter a targeted attack.

[Macha]

> Also, after your device synced with the server at least once, you can still access and export all your passwords, even if the server is down. This is the main selling point for me : even in a disaster scenario, your passwords are "naturally" replicated.

Watch out for the browser extension clients though - they're prone to session expiry and insisting you relogin which is a problem if the remote server is down or gone.