this post was submitted on 17 Jul 2023
107 points (97.3% liked)

Selfhosted

40438 readers
769 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Hi y'all! Sorry for asking so much on this sub! Y'all have been so helpful!

This time, I'm thinking of transitioning from 1Password to a self-hosted option.

Of course I know about Bitwarden, and I'm looking into it now, but are there any other recommendations y'all have? Have y'all heard of and used Passbolt? It seems nice, but it looks like it only does passwords and not other categories like 1Password does.

A few things of note: I'd like it to have different categories, a la 1Password. (Logins, SSN, ID, member card #, etc) Maybe multi-user so I can have an account for my wife. Password generator of course, and I'm not sure if y'all are familiar too much with 1password, but it allows you to customize the fields in each entry. So it starts with the basics (username, password, url), but it allows you to add sections and entries too! I could add a "security" and add my 2FA code on there, my backup codes, etc.

Honestly, that last one is a biggie, so I think I might be talking myself out of moving over now, but I'm sure that AgileBits or whatever the company is called will abandon, if it hasn't already, 1Password 7 with local vaults, in favor of 1Password 8 that only uses 1password subscription accounts.

Sorry for the rant and wall of text. Thank y'all in advance.

Update on July 21, 2023

I decided to self-host Vaultwarden as it was designed to be a lightweight (on resources) version of Bitwarden. For Android, I'm using the "Keyguard" app to access my instance, and the official Bitwarden browser extension on my wife's MacBook. 1password fucked me over, and I had to manually copy every password 1 by 1, luckily I only had ~500 entries.

I'm still doing some research into the best app for android (the official Bitwarden is ugly, and Keyguard is pretty, but I'm still looking around.)

Thank each and every one of you for taking time to answer my question!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 1 year ago* (last edited 1 year ago) (11 children)
  • If you only use Linux CLI and live in the terminal: pass
  • If you also use a phone or windows desktop, and already use a reputable syncing service (nextcloud, synching, etc.): keepassXC
  • If you have an always on server, internet accessible that maintains 5-9s of reliability and regular working backupa: host VaultWarden
  • If nothing above applies: use Bitwarden SaaS.

My big problem with VaultWarden/Bitwarden is there are some things (making new passwords) that can only be done while connected. This means exposing your server to the internet and making it highly available. Also, since it's a single point of failure, you need good backups. If your server goes down, you're read only until you create a new instance, which might take a while.

I've been using KeepassXC for about 6 years, synchronized with Syncthing. The database is synced to all my devices and my wife's, and a few satellite devices my friends own in encrypted Syncthing folders. It's easy to merge conflicts if we both make entries at the same time. My database will likely outlive me at this point. I even got my Luddite in-laws using it (alas, synced through Google Drive). Highly recommended.

[–] [email protected] 11 points 1 year ago (2 children)

+1 for KeePass/KeePassXC. Love that you just get a password database file and it's up to you to secure it. I also sync through drive for easy access and use KeePassDX for Android which makes the transition between devices a breeze. Having fingerprint unlock for my passwords on my phone is pretty cash. On my desktop I set up KeePassXC to auto-type my credentials into almost everything I use so I can use a hotkey to log in. Works with any program that you can match a window title to (or URL for websites) which is basically everything. I even have mine set up to enter SSH credentials after I connect in windows terminal using "SSH user@server".

[–] [email protected] 1 points 1 year ago

I am most impressed with how much it just works. Make duplicate passwords? Just works. Share with multiple users? Duplicate key entries? Just works. Want to store or reorganize your DB, change encryption or share with someone else? Just works. Want to use it from your phone, your laptop, your server CLI? There's probably an app, and it probably just works too.

It's such a precious thing, a good DB design paired with good apps (KeepassXC is amazing). Not a lot of tools like that around.

load more comments (1 replies)
load more comments (9 replies)