[kjfarm]

A good note for bitwarden is that it has a self hosting open source version, vaultwarden that is easy to switch to: https://github.com/dani-garcia/vaultwarden I see this as downside protection, as I can quickly migrate if I disagree with bitwarden's direction with minimal changes to my clients.

I do worry about VC pressure on Bitwarden for hypergrowth. However in my personal opinion, the benefits outweigh the cons (for now).

[kioleanu]

Note that Vaultwarden is the unofficial server, there is also an official one, that you can self host.

Vaultwarden is much easier to set up and manage, I use it myself, and I heard that the official build is a little bit more tedious to go with.

[pavon]

The official server is distributed as docker containers, with a shell script to manage them, and is quite simple to setup and maintain. I could see how trying to deploy it yourself outside of docker could be an undertaking though.

The MSSQL database seems a bit heavyweight (RAM wise) given the tiny amount of data it needs to host for a handful of users, and isn't acceptable to some people on principle, since it isn't open source.

[Spivak]

The official one used to only support MS SQL and other DBs are still “mileage may vary” so people were uhh pretty motivated to make something else.

[nightski]

Interesting, I use ms sql a lot so that’s actually a plus for me.

[cube00]

It's easier to manage until it breaks as the recent example last month when Bitwarden updated their client and Vaultwarden had to play catch up and reverse engineer the changes.

That experience sent me back to just letting Bitwarden host for me, I know it's all free and I can't expect anything which is fine, but I can't be without my passwords either.

[zbrozek]

I personally use vaultwarden myself as well, and am also quite pleased with it.

[omnicognate]

Vaultwarden's great. I use it. I use the Bitwarden Android client, though. Not sure what there is to replace that.

[radlad]

It's open source and can be forked if necessary: https://github.com/bitwarden/mobile

[CuriousCosmic]

To add onto this, if you care about supply chain attacks, bitwarden mobile supports Fdroid builds (albeit not part of the main repo because they rely on xamarin) so you can host your own fdroid repo and run your own builds if so desired.

[jjeaff]

If you are making your own build, is there a benefit to using f-droid? Why not just install the APK?

[CuriousCosmic]

You can just use local CI to build it and then when your F-droid checks for updates you get a push notification on your phone.

If you want to gate it, you can just periodically update the local git repo after you reviewed it (or just follow up to main minus a few days).

[notpushkin]

Update notifications?

[weaksauce]

you don't need to fork it... just add an account at the main screen and set the backend url to whatever your server resolves to.

[tazard]

I think they meant if they don't like the direction that the Android client takes, i.e. they stop allowing you to change the backend url for example in which case, yes you would need to fork or rewrite it

[princevegeta89]

Is it not possible to point BW Android to your Vaultwarden instance?

[cube00]

It's fragile if you do that. Bitwarden updated their API last month on the clients so you couldn't connect to Vaultwarden at all until the Vaultwarden team could reverse engineer the change and produce a new release.

[BrandoElFollito]

This is interesting. I use BW daily (many times) on Android against my self-updating VW instance.

I did not notice anything, maybe the break happened during the night in Europe. Or the Android app did not want about problems.

[cube00]

In my case I could continue to use the app, it broke the ability to sign into the vault. If you only lock your vault and not fully logout you may not have noticed it.

https://github.com/dani-garcia/vaultwarden/issues/3082

[BrandoElFollito]

Thanks. I do not even lock BW, not to mention logging out, and almost never connect to the vault via the web interface - so yes I must have simply missed it.

[palata]

I'm confused: what do they have to reverse-engineer if it's open source?

[cube00]

Sorry probably not the best wording. If Bitwarden changes their API the Vaultwarden team has to act fast enough to get the same changes into the Rust version before Bitwarden updates the clients. In one case they weren't fast enough https://github.com/dani-garcia/vaultwarden/issues/3082

[simooooo]

Waiting for bitwarden unified to come out of beta before I self Host

[szundi]

If dev support from the company fades, the UI will start to deteriorate - and wether you are hosting or not, that is also a thing that matters. Like mobile apps, browser plugins, form filling logics and specific site behaviours etc.

[PhilippGille]

The official open source repo is https://github.com/bitwarden/server

Vaultwarden is a compatible but 3rd party software.