this post was submitted on 12 Oct 2023
23 points (96.0% liked)

Selfhosted

39893 readers
549 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Does anyone use the self hosted version of psono password manager? The demo looks very nice, however it seems to be very niche and it is rarely recommended. It appears in the "awesome selfhosted" repo, though.

I'm looking for a password manager for a small business, and bitwarden looks quite complex (and expensive) and I'm not very comfortable with vaultwarden.

all 14 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 1 year ago

Vaultwarden selfhosted is free and if you are capable of creating public facing containers, you can set this up easily.

[–] [email protected] 7 points 1 year ago (1 children)

Vaultwarden is the way to go. What is your issue with it?

[–] [email protected] 3 points 1 year ago (2 children)

I'm not entirely sure if bitwarden will introduce some changes that break the compatibility with vaultwarden.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

They probably won't break compatibility with Vaultwarden on purpose since that'd also break their own server implementation. Bitwarden would have to ensure that all selfhosted servers are up to date before pushing a breaking auto update. This likely means enough time for vaultwarden to catch up.

Few things hurt a company providing critical software more than breaking users access without notice.

The passwords would still be accessible through the webui anyway.

Edit: If your not comfortable it's better to not use it. Password manager are critical and have to be trusted.

[–] [email protected] 3 points 1 year ago (1 children)

You're right, changes that break compatibility are unlikely. But they can happen and happened in the past (e.g. #3082)

[–] [email protected] 4 points 1 year ago

Thanks for the example! I had hoped Bitwarden wouldn't break older servers so quickly. Luckily it seems like vaultwarden released a new working version 7 days before, the clients broke older servers. I'll definitly check my new release notifications for vaultwarden right now.

[–] [email protected] 1 points 1 year ago (1 children)

Isn't the frontend stuff open source? So even if they change something, others might make a fork?

[–] [email protected] 1 points 1 year ago

Most of the code is GPL3, but not everything. Source: license.txt

[–] [email protected] 3 points 1 year ago (1 children)

This is going to sound weird, but I think I tried it a few days ago on my server. I never installed it at the time because of all of their setup steps to enable OICD login. I've been on the hunt for a OICD/SSO compatible one since Vaultwarden isn't yet capable of such a thing. I just installed Authentik and it sparked the search. LOL - I've used Vaultwarden for a few years now and have yet to find anything quite as capable as it for managing my well over 500 logins I've accumulated over the years.

Your post got me to install it and I believe it will work, I'm testing it and can report later if you want. :)

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

Testing so far - I got it to do the SSO with a little work. There's a TON of file editing which needs to be done, so as long as you follow their docs, it should work okay. I was able to export my Bitwarden plain JSON file (I use Vaultwarden), and it was flawless. The server dumped all of the logins into a folder so you have to expand that to get to the main logins which if you had them in folders already, are there as "Sub Folders" if you will. You can move the folders one-by-one but not en-masse which may be a show stopper for some. Especially if you have many to move like I do.

PROS:

  • Enterprise version is free which supports SAML/OPEN ID and others whereas their personal doesn't. SSO login was SEAMLESS as in you clicked the login button, and immediately logged into the server. No separate username/password to enter.

  • It has a pretty nice GUI out of the box

CONS

TOTP is NOT included in the logins, this means that in order to get to the TOTP code, you have to search for it using the browser plugin, then copy it from your web portal and then copy it over to the tab you were on. On my Firefox session, it FROZE IT UP For longer than the TOTP code expiration so I had to copy a new one and was able to pass the login through.

You have to be logged into the web panel before the browser extension will work. You can close the tab though and it will retain your session. Compared to below, it's a night/day difference where there -it logs in to the server without ever touching the web vault which I rarely ever use.

vs.

**Vaultwarden/Bitwarden **

Maybe I'm spoiled, but I've completely grown accustomed to the pasting of the TOTP code during my login session after I fill in the credentials. This by far is hard to break the cycle. Some may argue that it's not secure to store your TOTP in the same password manager and they are probably right, but for me, it's enough. :)

Vaultwarden is working on SSO it seems so this may be something to consider if you are working into the SSO world like I have been. https://github.com/dani-garcia/vaultwarden/pull/1955

Edit to fix formatting and add another con about the plugin this time.

[–] [email protected] 1 points 1 year ago

Thank you for your report 👍

[–] [email protected] 1 points 1 year ago (1 children)

Vaultwarden supports TOTP filling? Cool, I thought that was paid only.

[–] [email protected] 1 points 1 year ago

Vaultwarden is a fork of Bitwarden with a few more features enabled and some minor (although potentially important) differences. It works with any Bitwarden front end. It's on my todo to eventually migrate to from Bitwarden for the free TOTP