[deutschepost]

One of the nicest thing about bitwarden is the ability to selfhost it. I don't think there is anything like it.

1password seems to have the best UX in the field. But you always have to trust some company with the keys to your digital life.

Self hosting password managers is not as big of a deal as it should be.

[vladxyz]

I've been incredibly happy with https://www.passwordstore.org/ for years. The data store is a file hierarchy, with the files themselves encrypted with GPG. Sync is via git. TOTP support with a plugin.

[Yodel0914]

The one major feature `pass` lacks is sharing. I used it for years, but moving to (self-hosted) bitwarden has made life a lot easier in that respect.

[vladxyz]

I share my vault with my partner. You can specify multiple gpg IDs in the `.gpg-id` file at the root of the store and passwords will be encrypted for both. You can do this on a per-directory basis too.

[gaws]

I'd use pass if there was an easy way to use it on mobile.

[Axsuul]

Do you get the same features self-hosting as you do paying for their cloud offering?

[robertjglick]

Some features require paying. For example: TOTP. But if you want just for passwords it is free.

[ghosty141]

You can use vaultwarden and get everything for free

[sneak]

Yes.

[artdigital]

You’re not really “trusting a company with the keys to your digital life”.

The vault is encrypted with a password that never gets transmitted, and even if your password and vault gets stolen, without the additional “secret key” that also never leaves your device (and you should probably print and store somewhere safe), an attacker won’t be able to do much with it.

The inclusion of an additional secret key makes a huge difference in this setup. but yes, it would be much nicer if I could use my own sync store like in the past… (looking at EnPass currently which also has a secret key setup and own sync store)

[noname120]

You realize that trust is not just about privacy the day your vault disappears from all your devices with no option whatsoever for recovery[1].

[1] https://1password.community/discussion/120403/delete-family-...

[ClassyJacket]

But you have to trust them that the secret key never gets transmitted, unless you compiled it yourself.

[Bu9818]

Also, malicious code can be pushed to the website if you are logging in through that. You have to trust that their infrastructure is safe.