Hi y’all! Sorry for asking so much on this sub! Y’all have been so helpful!

This time, I’m thinking of transitioning from 1Password to a self-hosted option.

Of course I know about Bitwarden, and I’m looking into it now, but are there any other recommendations y’all have? Have y’all heard of and used Passbolt? It seems nice, but it looks like it only does passwords and not other categories like 1Password does.

A few things of note: I’d like it to have different categories, a la 1Password. (Logins, SSN, ID, member card #, etc) Maybe multi-user so I can have an account for my wife. Password generator of course, and I’m not sure if y’all are familiar too much with 1password, but it allows you to customize the fields in each entry. So it starts with the basics (username, password, url), but it allows you to add sections and entries too! I could add a “security” and add my 2FA code on there, my backup codes, etc.

Honestly, that last one is a biggie, so I think I might be talking myself out of moving over now, but I’m sure that AgileBits or whatever the company is called will abandon, if it hasn’t already, 1Password 7 with local vaults, in favor of 1Password 8 that only uses 1password subscription accounts.

Sorry for the rant and wall of text. Thank y’all in advance.

Update on July 21, 2023

I decided to self-host Vaultwarden as it was designed to be a lightweight (on resources) version of Bitwarden. For Android, I’m using the “Keyguard” app to access my instance, and the official Bitwarden browser extension on my wife’s MacBook. 1password fucked me over, and I had to manually copy every password 1 by 1, luckily I only had ~500 entries.

I’m still doing some research into the best app for android (the official Bitwarden is ugly, and Keyguard is pretty, but I’m still looking around.)

Thank each and every one of you for taking time to answer my question!

  • the_forgotten@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    1 year ago
    • If you only use Linux CLI and live in the terminal: pass
    • If you also use a phone or windows desktop, and already use a reputable syncing service (nextcloud, synching, etc.): keepassXC
    • If you have an always on server, internet accessible that maintains 5-9s of reliability and regular working backupa: host VaultWarden
    • If nothing above applies: use Bitwarden SaaS.

    My big problem with VaultWarden/Bitwarden is there are some things (making new passwords) that can only be done while connected. This means exposing your server to the internet and making it highly available. Also, since it’s a single point of failure, you need good backups. If your server goes down, you’re read only until you create a new instance, which might take a while.

    I’ve been using KeepassXC for about 6 years, synchronized with Syncthing. The database is synced to all my devices and my wife’s, and a few satellite devices my friends own in encrypted Syncthing folders. It’s easy to merge conflicts if we both make entries at the same time. My database will likely outlive me at this point. I even got my Luddite in-laws using it (alas, synced through Google Drive). Highly recommended.

      • the_forgotten@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I just wonder how easy it would be to sync between clients, KeePass style, because you also have to send your GPG keystore around to all your clients too, right?

        • feitingen@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          If you already have gpg set up it’s quite easy to just sync it with git. Then your server only needs to be online when you want to sync.

          You can (probably should) use different keys per device, and works wonderfully with Yubikey or other gpg hardware keys if you want extra safety.

    • xinxai7@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Great advice.

      Only thing I would add is that it is possible to avoid exposing the Vaultwarden server to the Internet. And, you could use Wireguard for that.

      • the_forgotten@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The issue I found with this approach is that the other big reason to use VaultWarden is for multi-user support. However, then each of your users need the same VPN setup, which can be hard to manage if you support a non-techie or Luddite.

        Exposing it to the internet isnt safe, but it’s more accessible then setting up VPNs for everyone with proper routing and stuff. The actual Bitwarden service isn’t that expensive last time I checked, and I think it’s probably the best, simplest solution if you need to support multiple technophobes.

    • feitingen@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I highly recommend pass.

      It’s very easy to just use git to sync, and easy to set up with several different keys, and can be used as a password sharing database in a small devops team.

      Since I’m using git to sync, I can easily tell when I’ve last changed any password and optionally keep a history of passwords I’ve used.

      It fits well with my life in the terminal, and I use browserpass for Firefox integration.