Would love to selfhost. However, I have no trust in my skills to secure my device in the same manner as a provider, and I do not wish my database to be compromised.
Use Tailscale. Don’t expose the port to the public. You’re good to go. On iOS, the Tailscale app allows for on demand joining of your Tailscale network (when you’re off from your home network for example). This makes it easy. On Android it’s not as direct, can use Tasker to achieve this, it’s not great. But there’s a feature request on their repo too.
Alternatively, there’s Netbird which behaves similarly. I haven’t tried it, but have read good things about it.
Neither are US based as well if that’s a concern for you. Tailscale is Canadian, and Netbird is German. Netbird is completely open source. With Tailscale, the CLI and Android apps are open source, and there’s an open source alternative to the control server called Headscale. But honestly, using their free tier is probably enough (for both services).
Would you be okay with synchronizing only when you’re on your own Wi-Fi network? If that’s the case, you don’t have to try exposing anything to the Internet.
You can also purchase a server online to install it on, but you’re going to get saddled with some kind of monthly fee there.
I’ve had my VPS exposed to the internet for a while and never been pwned. No professional experience. Use SSH keys, not password authentication. Use FDE if physical access is in your threat model. Use a firewall to prevent connection on internal-only ports.
Vaultwarden will store your passwords encrypted (obviously) so even if your database does get stolen, the attacker shouldn’t be able to read your passwords without your master password.
I never get this excuse except for ignorance (not being mean to you)—you can export your entire db as a text file then encrypt it if you wanted. Also, if your server goes offline its offline first on all devices
I mean that I don’t have the necessary knowledge to make sure no one can get into my network and server, and having my entire life thus possibly vulnerable is too risky.
Heck, I can’t even get Caddy to work properly.
Right there with you! Selfhosting Vaultwarden would be cool, but I barely know what I’m doing. I trust Bitwarden’s security knowledge and abilities way more than my own.
My view on this is that I also do not trust a company to properly secure something so if it’s going to be a hack job I might as well attempt it myself!
Understandable! However I’d rather have the provider tell me that they were hacked and my data compromised than me being hacked and never finding out because I have no clue to look 😆
Unless you go out of your way to make it available to the internet, it will only be available on your local network, and you’re a much smaller target than the cloud provider.
Get yourself a mini pc or old laptop and control your own future: https://github.com/dani-garcia/vaultwarden
Would love to selfhost. However, I have no trust in my skills to secure my device in the same manner as a provider, and I do not wish my database to be compromised.
This might be a good option for you: https://elfhosted.com/
Use Tailscale. Don’t expose the port to the public. You’re good to go. On iOS, the Tailscale app allows for on demand joining of your Tailscale network (when you’re off from your home network for example). This makes it easy. On Android it’s not as direct, can use Tasker to achieve this, it’s not great. But there’s a feature request on their repo too.
Alternatively, there’s Netbird which behaves similarly. I haven’t tried it, but have read good things about it.
Neither are US based as well if that’s a concern for you. Tailscale is Canadian, and Netbird is German. Netbird is completely open source. With Tailscale, the CLI and Android apps are open source, and there’s an open source alternative to the control server called Headscale. But honestly, using their free tier is probably enough (for both services).
Would you be okay with synchronizing only when you’re on your own Wi-Fi network? If that’s the case, you don’t have to try exposing anything to the Internet.
You can also purchase a server online to install it on, but you’re going to get saddled with some kind of monthly fee there.
Plus you’ll still have to pay at least some attention to security if you get a server.
Then use Keepass, which is literally just a local app.
I have used KeePass, but Bitwarden is far more convenient when you have different devices
There’s a plugin that lets you store your database file in the cloud to solve this. Although I only used it for work because I use ProtonPass.
Or want to share a subset of passwords with someone.
I’ve had my VPS exposed to the internet for a while and never been pwned. No professional experience. Use SSH keys, not password authentication. Use FDE if physical access is in your threat model. Use a firewall to prevent connection on internal-only ports.
Vaultwarden will store your passwords encrypted (obviously) so even if your database does get stolen, the attacker shouldn’t be able to read your passwords without your master password.
I never get this excuse except for ignorance (not being mean to you)—you can export your entire db as a text file then encrypt it if you wanted. Also, if your server goes offline its offline first on all devices
I mean that I don’t have the necessary knowledge to make sure no one can get into my network and server, and having my entire life thus possibly vulnerable is too risky. Heck, I can’t even get Caddy to work properly.
Right there with you! Selfhosting Vaultwarden would be cool, but I barely know what I’m doing. I trust Bitwarden’s security knowledge and abilities way more than my own.
My view on this is that I also do not trust a company to properly secure something so if it’s going to be a hack job I might as well attempt it myself!
Understandable! However I’d rather have the provider tell me that they were hacked and my data compromised than me being hacked and never finding out because I have no clue to look 😆
Unless you go out of your way to make it available to the internet, it will only be available on your local network, and you’re a much smaller target than the cloud provider.