[gchamonlive]

Yes, but vaultwarden isn't something you can casually run by yourself without some careful thinking. You are hosting secrets whose longevity is important, so if deploying yourself, take good care of backups and do regular drills, so you validate that the backups work, that they aren't corrupted and that you keep a copy off-site.

[antran22]

Actually, I didn't have any careful planning when I started out self-hosting Vaultwarden. I didn't even have system backup (was just a script kiddie back then, didn't even know about 1-2-3). I have to migrate my instance 3-4 times. But because I'm just hosting Vaultwarden for myself, I can export the whole account from one of the Bitwarden clients (either the extension or mobile app) and reimport it in the new instance. Because I always have at least three devices with active use connected to my Vaultwarden instance, for me this also counts as 3 off-site backup that can be used to re-instate the whole setup.

It is surprisingly very durable and maintenance-free even for a script kiddie like me to maintain. My advice is (at least when it comes to Vaultwarden) don't think too much about this, just selfhost it, at least for yourself. You'll probably be able to manage it when something happen.

[inexcf]

Me and some friends have each been hosting vaultwarden casually for years now. What problem do you see? I mean if the Server goes down and gets completely corrupted, worst case, all my devices still have the version of the vault they recently used. Technically every device has it's own backup of the vault.

[gchamonlive]

If I stay offline for more than 30 days, can I still access my local passwords? Honest question, because if that's the case it's nice, but I think you'd need to somehow authenticate before accessing your local vault.

[inexcf]

Thanks for making me check. Did not know this: "Offline Vault sessions will expire after 30 days. Except for mobile client applications, which will expire after 90 days." But for me that is enough time to feel safe, still will do backups regularly.

[DANmode]

If you’re self-hosting,

and not using their official clients,

your database stays functional in perpetuity.

[gchamonlive]

Which client? Is there a unofficial client for android that doesn't expire?

[venusenvy47]

You need a VPS, correct? Are there any concerns about hardening your VPS from attackers? I worry about my ability to harden a public - facing service that is handling something so critical for myself.

[noAnswer]

Don't make it public facing! Put it behind a VPN!!

[porshia]

Firewall*

[DANmode]

Use a host that takes care of this for you.

My host has prebuilds for Vaultwarden.

[borg16]

can you recommend what host do you use? noob here, and looking for something like this.

[hypeatei]

You should be doing regular exports/backups of your vault regardless of how it's hosted. Bitwarden could go belly up tomorrow and lose all their stored vault data.

[gchamonlive]

Easier said than done. If done manually you will eventually forget, and to automate you have to wrap around a call to the bitwarden cli, which as we've seen already suffered a supply chain breach https://news.ycombinator.com/item?id=47876043

The API for managing secrets automatically is gated behind `bitwarden-cli serve` which is surprising for me that I can't call the API directly using urllib or requests directly. I have to pass it through the bitwarden-cli.

I've been using bitwarden for a while, but your comment prompted me to investigate how I could backup my secrets, and this is a surprise. I am considering moving to my own infrastructure, because I dread having to depend on this tool to automate regular backups for me. Better to do that at the service layer. Problem is just how to expose it. There is always tailscale but that's just shifting the problem around.

[hypeatei]

To me, it's not that complicated. The point of a vault backup is to not leave you completely hosed, even if it means some new entries didn't make it in. You don't really need to automate anything, set a calendar reminder every few months if you're prone to forgetting and login to do an export.

Automating this definitely seems like a bad idea, but it depends on where you're putting the backup. I put mine into encrypted, offline storage and thats not something I want to keep connected all the time for a cron job. That, and you're dealing more moving pieces (CLI with vulns like you mentioned) and automating access to your vault.

[gchamonlive]

I disagree because life is more complicated than just your password manager, so you are not just adding a reminder to backup your vault, it's another thing you need to remember. That might work for you, and it's ok, for me it's a liability.

[unethical_ban]

IMO a paper print-out of all passwords and backup codes is the most reliable backup. No bit-rot, no third party, and "degradation" is obvious - fire, flood, etc.

Theft is also usually obvious.

If self-hosting, keep at a separate location than your hard drives.

[armchairhacker]

Is there anything stopping a commercial Vaultwarden host?

[seanclayton]

Competing with the authority bitwarden the company has over the bitwarden open source project. That's just the first thing off the top of my head. Very few people go to the competitor offering the exact same thing but with less say on the popular codebase.

[dolmen]

That already somewhat exists.

Reimplementing the server side is the easy part.

But a commercial offer will need rebranding the client, and maintaining forks is much more involved. As long as Bit warden publishes the sources ...