Hacker News new | ask | show | jobs
by diarrhea 1087 days ago
I am not. Working well so far. My instance is behind Caddy, behind a secret URL path. To talk to the instance, this “pre-shares secret” needs to be known first. So far I haven’t seen any abnormal hits. I’m closing in on 3 years of using it in this setup, via Vaultwarden.

I’m aware that this is security through obscurity. The instance’s accounts use strong passwords and MFA.
1 comments
BOOSTERHIDROGEN 1087 days ago
Is this can work for mobile devices ?
link
diarrhea 1087 days ago
Yeah, the full URL can be specified in Bitwarden clients (browser extension, mobile app) and then never touched again. The secret path only leaks if users use Bitwarden's sharing feature. It's not a "pre-shared secret" in that sense, as it can publicly leak by design.
link
BOOSTERHIDROGEN 1087 days ago
Any pointer how do you setup this ? Thanks

Sharing features did you mean organization, bitwarden send ?

link