|
|
|
|
|
|
by Someone1234
119 days ago
|
|
|
At least a KeePass file via Cloud Storage seems like a somewhat sane tradeoff between security and convenience. What you're proposing where you're adding a backdoor to your home network (via Wireguard) that needs to be maintained/hardened, and then still needing a LAN hosting solution for the actual database running 24-hour, is neither convenient nor secure (least of all because of layer 1 / fire / theft). This is a fragile solution which isn't solving any particular problem; but certainly introducing multiple new exciting potential problems. |
|
|
I have been doing this for years, and it is both convenient and secure. No maintenance or hardening is required, as Wireguard was intentionally designed not to require any tinkering. The setup is literally one config file with the public keys of the devices allowed to access the network. I run this directly on my firewall, which happens to be an x86 PC, but you could run easily run this on a router with OpenWrt. It's hard to imagine a more secure setup than this, since you manage your own keys and no third party is involved.