this post was submitted on 13 Oct 2023
148 points (92.0% liked)

Selfhosted

40347 readers
449 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I've always hated the idea of using a subscription/cloud hosting for password management. I feel like I should have a LOT more control over that stuff and I don't really want to hand all my keys over to a company.

All my secrets have been going in a highly encrypted archive with a long passphrase, but obviously that isn't convenient on all devices. It's been fine, I can open it on any computer but it's not super quick. It does have the advantage of being able to put in multiple files, notes, private keys but it's not ideal.

Anyway, finally found something that isn't subscription, and has a similar philosophy - a highly encrypted archive file, and it's open source and has heaps of clients including web browser plugins so it's usable anywhere, and you can sync the vault with any file sync you like.

Thought you guys might appreciate the find, password managers have always been a bit of a catch 22 for me.

Note for android i found keepassxc the best app, and i'm using KeePassHelper browser plugin, and the KeePassXc desktop app as well as the free official one. Apps all seem to be cross platform.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (4 children)

What's amusing is I am purposely not paying for bitwarden because of the check against darkweb leaks or whatever type feature when you pay. That's seems like an anti privacy thing. I understand it's a good idea albeit seems to expose a lot of information about you. I would like to do vaultwarden but don't think I can trust self hosting myself without paying monthly for a vps which I don't want to do. Home Internet hosting seems to unreliable to me for something that important.

Just random thoughts of mine here.

[–] [email protected] 17 points 1 year ago* (last edited 1 year ago)

because of the check against darkweb leaks or whatever type feature when you pay. That's seems like an anti privacy thing. I understand it's a good idea albeit seems to expose a lot of information about you

For the password leak checks, your passwords are never transmitted. They are one-way hashed locally, and then only the first few characters of the hash are checked against the API provided at https://haveibeenpwned.com which is run and designed by Troy Hunt, one of the most respected people in the cybersecurity industry. He collects major password breaches and makes them available to check against without actually exposing the data. It's perfectly safe and secure.

[–] [email protected] 9 points 1 year ago

The bitwarden clients also work when there's no connection to the server, since they sync the vault. You just can't add any new entries. That means spotty internet is not that much of an issue in terms of using it. It also means, that every device that has a client installed and gets used regularly (to give the client a chance of syncing) is automatically a backup device.

[–] [email protected] 3 points 1 year ago

I host vaultwarden at home. No real need for a vps since your passwords are synced to your phone or laptop(whatever client you're using) and you can just sync it when you're home if you make changes, or setup a VPN (I use wireguard) and sync on demand when needed.

That said, I do sync my database to a vps for dr purposes incase my home server suddenly vanishes... for critical services I follow a 3-2-1 backup rule but it's not absolutely essential.

[–] [email protected] 3 points 1 year ago (1 children)

Follow OP's approach. Use a Keepass file. It is offline and can be stored anywhere you can reasonably trust. You just need to sync it if you have many clients but syncthing is great for that.

[–] [email protected] 1 points 1 year ago

Yep I'm very impressed with syncthing. I just started using it a few weeks ago.