Hi y’all! Sorry for asking so much on this sub! Y’all have been so helpful!
This time, I’m thinking of transitioning from 1Password to a self-hosted option.
Of course I know about Bitwarden, and I’m looking into it now, but are there any other recommendations y’all have? Have y’all heard of and used Passbolt? It seems nice, but it looks like it only does passwords and not other categories like 1Password does.
A few things of note: I’d like it to have different categories, a la 1Password. (Logins, SSN, ID, member card #, etc) Maybe multi-user so I can have an account for my wife. Password generator of course, and I’m not sure if y’all are familiar too much with 1password, but it allows you to customize the fields in each entry. So it starts with the basics (username, password, url), but it allows you to add sections and entries too! I could add a “security” and add my 2FA code on there, my backup codes, etc.
Honestly, that last one is a biggie, so I think I might be talking myself out of moving over now, but I’m sure that AgileBits or whatever the company is called will abandon, if it hasn’t already, 1Password 7 with local vaults, in favor of 1Password 8 that only uses 1password subscription accounts.
Sorry for the rant and wall of text. Thank y’all in advance.
Update on July 21, 2023
I decided to self-host Vaultwarden as it was designed to be a lightweight (on resources) version of Bitwarden. For Android, I’m using the “Keyguard” app to access my instance, and the official Bitwarden browser extension on my wife’s MacBook. 1password fucked me over, and I had to manually copy every password 1 by 1, luckily I only had ~500 entries.
I’m still doing some research into the best app for android (the official Bitwarden is ugly, and Keyguard is pretty, but I’m still looking around.)
Thank each and every one of you for taking time to answer my question!
+1 for KeePassXC + SyncThing
https://keepassxc.org as Password manager and 2FA and https://syncthing.net to sync the database between your devices without a central server.
- You can have several databases (one for wife, one for you)
- You can store your 2FA there
- You can make nested groups of your passwords
- You can store certificates and other attachments as files or custom fields like backup codes, etc.
Don’t use Keepass or KeepassX but the KeepassXC version is the community version most polished and with most functionality.
There are many 3rd party clients which can read/write the keepassx database file like:
- https://keepassium.com/ for iOS
- https://apps.gnome.org/app/org.gnome.World.Secrets/ for GNOME/Linux
Instead of Syncthing you can also use some other file sync if you have it set up already like iCloud, Nextcloud, Dropbox, but Syncthing I find is the easiest set up and forget.
I use keepassxc and save the DB in WebDAV. Can’t imagine it getting easier. Can access it from any device.
I like pass, It’s just a wrapper around standard tools - gpg encrypted files in a directory, with git for version control. You can organize the subfolders however you’d like, and store whatever you want in them. You can sync the files across systems however you’d like - copy/paste, rsync, network drive… You can even go as far as to install a git server, e.g. gitlab, and clone, push, and pull into password synchronization bliss.
I’m reading through it, but maybe you can anwser it faster.
Does this support generating 2FA authenticator codes like 1password does?
I see it says authenticatior support, but I’m not sure if that means what I think it means in this case.
Both, you can use an external 2FA app to secure your vault, but it has also an integrated authenticator that you then can use for other websites. I use Aegis for Vaultwarden and all other websites I save in Valutwarden itself.
Valutwarden <3
You can install Vaultwarden instead of Bitwarden. Differences between Vaultwarden and Bitwarden by reference.
Is it just me or does that “comparison” make no sense for this thread. It’s mostly comparing vaultwarden to the cloud version of bitwarden, not the self hosted version. It only mentions the self hosted version in passing. It doesn’t do anything to help someone choose between vaultwarden and self hosted bitwarden
The article honestly reads like it was written by an AI tool.
Strongly second vaultwarden, covets so many cases for me.
Not sure why someone would. Bitwarden provides their own self-host repos and docs and is working on a unified container instead of docker-compose scripts for their production stack.
I’ve been using their stack for the last 6 years and only issues I’ve ran into were my fault. Also tested their container and will be switching to that soon.
Don’t you have to pay to use premium features on your own server with their official software? With Vaultwarden you get all premium features unlocked for free on an infinite amount of devices.
Yes that is true but $10/year for premium is not bad, I donate that much to separate projects per year
I would recommend Bitwarden self-hosted with a subscription. I know it’s a unpopular opinion, but they do a great job with the app and let’s be real,if nobody financially supports open source development, we are in for trouble.
There are enough people that don’t have the technical knowledge to host their own instance which happily pay Bitwarden to do so. If I host my own software and pay for the servers myself I’m not gonna pay a monthly fee just to be able to use the software. Maybe a one time payment, but definitely no subscription.
+1 for this, I have an active subscription with Bitwarden, for US$10 a year it’s worth many times that in the value and utility it provides me. I considered self-hosting the service but I decided to just stick with the cloud version since they likely have better resilience than my homelab. It’d suck if my home network is down for whatever reason and I need urgent access to my vault without a local copy within reach.
- If you only use Linux CLI and live in the terminal: pass
- If you also use a phone or windows desktop, and already use a reputable syncing service (nextcloud, synching, etc.): keepassXC
- If you have an always on server, internet accessible that maintains 5-9s of reliability and regular working backupa: host VaultWarden
- If nothing above applies: use Bitwarden SaaS.
My big problem with VaultWarden/Bitwarden is there are some things (making new passwords) that can only be done while connected. This means exposing your server to the internet and making it highly available. Also, since it’s a single point of failure, you need good backups. If your server goes down, you’re read only until you create a new instance, which might take a while.
I’ve been using KeepassXC for about 6 years, synchronized with Syncthing. The database is synced to all my devices and my wife’s, and a few satellite devices my friends own in encrypted Syncthing folders. It’s easy to merge conflicts if we both make entries at the same time. My database will likely outlive me at this point. I even got my Luddite in-laws using it (alas, synced through Google Drive). Highly recommended.
+1 for KeePass/KeePassXC. Love that you just get a password database file and it’s up to you to secure it. I also sync through drive for easy access and use KeePassDX for Android which makes the transition between devices a breeze. Having fingerprint unlock for my passwords on my phone is pretty cash. On my desktop I set up KeePassXC to auto-type my credentials into almost everything I use so I can use a hotkey to log in. Works with any program that you can match a window title to (or URL for websites) which is basically everything. I even have mine set up to enter SSH credentials after I connect in windows terminal using “SSH user@server”.
I’m using teampasswordmanager.com, it’s not open source but free for up to 2 users. Had them for over 10 years now.