Selfhosted

59973 readers

416 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

Reevaluating my password management (sh.itjust.works)

submitted 11 months ago by muusemuuse@sh.itjust.works to c/selfhosted@lemmy.world

49 comments fedilink hide all child comments

It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

you are viewing a single comment's thread
view the rest of the comments

[–] irmadlad@lemmy.world 14 points 11 months ago (1 children)

I look at it like this:

I don't absolutely trust the security of my server. Sure, it hasn't had a breach.....yet, but that possibility is inevitable, given the amount of bots that keep trying to get in by the minute. It's secure, yes, but is it secure enough to entrust the keys to my bank account, my business ventures, et al? IF somebody got the key to my Lemmy account, it would be bothersome, but not cataclysmic since all online accounts are silo'd with only a couple that are linked.
Bitwarden spent a lot of time and money building a large infrastructure that is, imho, far more secure than my little server. Bitwarden has a pretty good track record. They have had some vulnerabilities, even as recent as '23 but these have been remediated.
Confirmation bias...I've been using Bitwarden for untold years now and have never had an issue, other than the recent UI theming schema that was so castigated by users that they offered a way to switch back.

While hosting my own password manager would fit right in with the rest of my selfhosting, I think sometimes it's better to defer to more secure options when dealing with highly sensitive data.

[–] philpo@feddit.org 2 points 11 months ago

Bitwarden is absolutely solid,yes.

Local server wise: If OP uses it in a local only setup behind a proper VPN implementation from my point of view the risk is acceptable. It's not that hard to secure a home server in a way that Vaultwarden is not at risk - and when you're so compromised that it is, then the attacker can easily use other vectors to gain the same data (RAt,keyloggers, etc.)