The official server for selfhosting is not great. It has a hard dependency on microsoft sql server, requires getting a (free) registration key, has it’s own special script for management of the containers (even though it is built on docker-compose), and spins up a large number of containers.
The third party bitwarden_rs server is pretty nice, it can run on your choice of database, and mine is taking less thank 30mb of ram. It’s pretty easy to setup, if you are already are familiar with selfhosting services.
No, as I understand it you can host the instance yourself on your own server. You can then still use the clients to sync your bookmarks. The same way Nextcloud operates. I was more interested in what people think about how secure the software is.
I don’t have experience with it, so I cannot vouch for it. Unfortunately KeePass, when working with more people, seem to get corrupted (especially when left for long open). I am looking for an alternative, I was hoping this would be the way, but
^this made me rethink my decision. KeePass works great for single user though.
Sometimes people need to collaborate on the same online account (eg online store account to buy stuff for the business, online administrator accounts for some dumb “clouds” that won’t allow you to make more than one user, bitlocker and luks encryption keys for other users, in case they forget their password or their passwords become useless etc.). We do have individual databases, but we must share some accounts.
IMO, it is fairly secure. They do third party security audits, and have passed pretty much fine.
Also, AFAIK, all of your stuff is end to end encrypted, so the server only stores an encrypted blob of your passwords, and does not have the capability to decrypt that blob (it’s decrypted by the client).
Just run bitwarden_rs, it’s great, none of the downsides of the official server.
That’s kind of a requirement for anything website like you want to self-host and want to have externally accessible? Nobody provides SSL certs for IP addresses (that I know of), and it is idiotic to run anything public-facing without having HTTPs (it’s fine on a local LAN or if it is only accessible over a VPN or something).
Well for an external one, but I wouldnt want my passwords externally available. From the look of it, the BitWarden official one has to have certificats where the unofficial one doesn’t and can proxy through NGINX etc.
I think the official one just spins up an Nginx container as part of the docker compose file and that nginx container does the SSL stuff and reverse proxies it out to your local network.
Thank you, I will try it out in the future. Keepass is fine, but the integration is not done so well. Like being able to fill passwords into websites or syncing to other devices.
