[hcurtiss]

Yeah, I’m definitely not trained in security like the password manager engineers are. But I keep wondering if being distributed offsets that risk. That is, I can spin up Bitwarden in my Unraid machine in like five minutes and behind a reverse proxy, nobody even knows it’s there to attack. Maybe I have some security vulnerability, but it seems significantly less likely to be tested than a centralized commercial service. Curious if others have thoughts. I’d happily pay Bitwarden for whatever.

[dml2135]

Yea this is exactly where I am. I have an Unraid box at home, currently mostly using it as a NAS, Plex server and for some home automations.

I realize that "security through obscurity" is not a best practice but even if I trust SaaS Bitwarden to be more hardened than I will ever be, I can't help but think that any centralized password manager will have a target on their back so much larger than mine that it may even out.

The biggest risk I see with self-hosting is accidentally borking the whole thing and locking myself out of my vault. But I'll probably gain enough confidence to mitigate that somewhat soon.

[ok_dad]

I'm one of those software devs who don't do my own stuff, I happily pay services for good products, but I know it would be "better" security (probably) to have my own server in-home and all that. I don't just choose anything, but I don't want to deal with servers or technology debugging outside of my day job. I used to run my own servers and just got tired of having to maintain them; and even "fully automated" systems need maintenance.