It was one of the easiest to setup and it works flawlessly. I’m a bit paranoid about losing my data even with the backups… Any recommendation?

  • MrPasty@lemmy.sebbem.se
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 years ago

    The nice thing about syncing services like Vaultwarden is that all your synced devices kind of act like backups. You should still keep proper backups too, of course, but this makes me sleep a bit better at night at least.

    • unknowing8343@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 years ago

      Yeah, this too… like… I have Bitwarden synced in different computers/phones, so at least most of the passwords will still be somewhere.

  • Klox@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 years ago

    I regularly hear it’s great. Has anyone moved from KeePass? I haven’t read anything that makes me think I should move on from KeePass. I have maybe ~4-5 clients and merging databases has been very easy since no client is offline for too long.

      • PlutoniumAcid@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        Same for email. I can’t afford it to be down for days while I stress out about fixing whatever it was that I broke.

        • dustojnikhummer@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 years ago

          Actually on premise self hosting email is just stupid these days. I do have my domain email set up with a local provider, but I don’t use it. Again, email is crucial and I don’t trust myself

    • untilyouarrived@lemmy.gtfo.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      Same. Like, I’m relatively confident in the systems I have running, but not so confident that I’d trust them with my most important passwords.

    • conrad82@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      Not OP, but you could setup a wireguard vpn in your home network.

      It would require opening up a port on your router for wireguard. and probably use a dynamic dns provider ( duckdns.org or similar ) to get an url.

    • lost@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      I run it through an nginx proxy that runs cloudflared through my domain, giving https access with limited worry of various security concerns. Probably not the best setup but was relatively easy to do.

  • freedomenjoyer@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    From what I understand of it your passwords and all should be save as it also stores them clientsided. So its more like your sync is down. But dont quote me on that

  • lost@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    I use vaultwarden as my bitwarden backup. I pay for bitwarden premium because it’s too critical of a service for me to not pay for access/support the service, or to expect my self hosted option will be sufficiently reliable enough.

    That said, as a backup option, I run the vaultwarden addon in home assistant and just periodically do a manual export from bitwarden and import to vaultwarden. This is usually good enough for me, but glad to see this thread with some other options. Will be exploring some of these too!

    • flynnguy@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      Oooh, I like this idea… I’ve thought about running vaultwarden but like you I pay for bitwarden premium because I think it’s critical for me and I like the service and want to see them continue. Using it as a backup, then I can still support them and run my own backup.

  • SirMaple_@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    I’ve been using it for a few months now and love it. I have it on 2 VMs. 1 at home and 1 on my dedicated server in the cloud.

    I have a horribly written script that stops the vaultwarden container on the home VM, it copies the db.sqlite3 files to the VM in the cloud using SCP, copies everything inside the attachments folder using SCP and then starts the container again. I then have the same type of script on the cloud VM that stops the container, grabs the db and attachments from the temp folder and moves them to the correct directories and starts the container.

    I only use the instance on the VM at home, the cloud VM is only used if something has happened to the VM at home. I do the same with my netbox instance.

    I also don’t expose anything to the internet. Everything is behind WireGuard. I have my phone setup with Tasker to automatically connect the tunnel when my phone disconnects from my home WiFi SSID.

  • donnnnnb@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    I don’t trust vaultwarden, only on the basis that it’s unofficial and not as strictly audited. I use the container stack provided by bitwarden behind a cloudflare tunnel and backup the data directory with duplicati to S3. Should be able to do the same with vaultwarden, just try a backup test.

  • MrDread@karab.in
    link
    fedilink
    arrow-up
    0
    ·
    2 years ago

    I like to connect an external drive and make backups on it. If your Vaultwarden die, unless your devices are de-authorised (or try to update the URL), you can access the vault and export the data.

    • epyon22@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      FIY even when deauthorized all passwords previously synced are still available but prevents syncing without fully logging in.

  • ollie@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 years ago

    how are you doing your backups now? are you using the 3-2-1 backup strategy?

    • balance_sheet@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      Not really, no. I have an HDD and an SSD both in a same machine. Data in SSD gets copied to HDD everyday. I don’t have any remote backup yet. How do you do your remote backup?

      • ollie@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        encrypted Rsync to a free Backblaze account. be sure to test your backups tho

  • JurassicPork@lemmy.one
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 years ago

    You may have just inspired me to do the same lol, I’m self hosting most of my other things… For some reason, keeping my own data safe with bitwarden is kinda freaking me out too lol

    • balance_sheet@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 years ago

      TOTP function is what really made it happen. It brings me so much joy to have one, self hosted service to do everything login related compared to using Authy too. I was way too invested in Authy which was never comfortable for me. I now found peace.

      • cyanide@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        Is having your passwords and TOTP in one place recommended? I would’ve thought that having both separate would be more secure.

        • Widget@kbin.social
          link
          fedilink
          arrow-up
          0
          ·
          2 years ago

          It still defends against one failure mode (the website gets hacked but you’re ok) but yeah, obviously if you get hacked and the hacker knows how to get your vault out then you’re 100% screwed.

          My suggestion is always hardware 2FA, even though it’s not as mature as the other systems. Personally I have two Yubikeys (in case one breaks/gets lost) but it does mean that I need to add TOTPs to both of them each time I add a new 2FA.

          • boothin@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            2 years ago

            I’m fairly certain hardware based 2fa has been around since the early 90s maybe even earlier. It’s not the maturity that’s the issue, as I’m fairly certain its significantly older than application based, but that it’s extremely inconvenient for the user to have to buy a physical key and keep it safe

  • blackstrat@lemmy.fwgx.uk
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 years ago

    I tried Vault warden, but I didn’t find it better than KeePass which I have syncing over nextcloud to storage that is mounted over NFS for my desktop and laptop. There are plenty of clients so you can use windows, linux, android etc.

    • uzay@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      I ran Keepass synced through my Nextcloud for a long time as well, but I switched to Vaultwarden after loosing Passwords due to sync issues. Almost got locked out of an important account. Luckily I noticed it early enough to recover it through my Nextcloud’s versioning. But since then I’m too paranoid to rely on a password manager without a reliable syncing mechanism built-in if I’m gonna use it daily on a range of different devices.

  • cwagner@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 years ago

    I still do the same I’ve been doing since before Bitwarden existed: Use KeePass[XC] and OOB sync (I use nextcloud) my database file (The android client actually uses WebDAV and a local cache). For single-user password-management, I find the simplicity vastly superior.