Self-hosted things, in my experience, tend to be more reliable. More expensive, too. Worth it. Considerably less churn if done well. That said... reliability/administration is what I do for work. I'm biased.
For instance, skip traversing the internet for in-office deployments/credential use. Also: incentives. PMs or engineers at another company have incentives that don't always align with reliability for yours.
Vaultwarden deserves a mention, happy hoster for years here.
I agree with those points but there's another side to it, of course: The economy of scale of service providers allows reliability, in important ways, that most people can't match by self-hosting.
Absolutely. Things that are very data heavy or require extreme planning, for example.
I'll shell out cash for hosted databases... even though I'm fine with building everything else myself. Topology stuff alone usually makes this worth it.
Virtual machines and snapshots can take you a long way, though :)
I couldn't during the outage. I happened to be able to get a password I needed from my Android phone, but my browser extension and Mac desktop app both asked me to login and were stuck.
> Still works on mobile, so it's not the end of the world.
Didn't for me. Granted, I have several identities and I was switching between them. Perhaps the one I was switching too was no longer cached. If so, I consider that a bug. I also consider what happened to be a bug - the Android App crashed.
Oh wait, it's still crashing. So the outage isn't the cause.
Did I mention I'm growing to dislike this Android Bitwarden App with a passion. It's slow at opening (why not open the cached version and download the up-to-date version in the background), it sometimes takes so long to do something Android brings up the "it's taking too long, want me to kill it" dialogue, it takes a long with for the keyboard to display the "Fill in with Bitwarden" prompt, presumably because it takes so long to process intents.
I don't believe that is the case. Bitwarden works very unpredictably on a bad internet connection. The failed sync attempt can hang the whole application (or browser extension). I have this issue occasionally when Bitwarden shows that my vault is empty after a failed sync attempt. If sync will be not possible, then I don't have an offline copy of my passwords.
Also, your local copy (if it works) is read-only. You can't edit anything without an internet connection. So no, it's more like you have a read-only local copy, but it's an internet-first service - this is my main issue with Bitwarden and the reason I'm migrating back to KeePass.
I see no reason to move away from my synching/keepass setup, it's worked reliably for years and I expect it will continue to do so regardless of what happens with these services. It's nice they exist for less technical users but it's not for me.
If you updated KeePass data on two machines, in a non-conflicting way (e.g. added two different logins), is there a good way to merge these changes during synchronization?
I don't know about Keepass, but you can do that with KeepassXC, which has a "Database > Merge from database..." option. There is also the Keeshare [0] feature to share some/all entries between databases
Their status page said they were doing updates from 9-11PM US EST, but around 10:40 I first noticed problems. They updated it around 10:55 to say they had reports of problems and were investigating. I just tried again at 11:40 and it's working for me.
Unfortunately the self-host documentation isn't great and the deployment options are quite limited.
Sure, it's at least dockerised, but it requires root privileges (so no running it in a secured kubernetes env) and forces you to use MSSQL as the db (so pay up for that or hope that express works).
It's also unfriendly to automated deployment, with several manual steps and regular rebooting requires.
Make sure you go into that eyes wide open, I misguidedly thought there was some communication between Bitwarden and the open source vaultwarden but there is not.
I've been burnt by things breaking as Bitwarden updates the client and vaultwarden tries to keep up without any advance notice of the changes until someone reports it's broken.
I prefer Vaultwarden because it’s much much easier to set up and had only minimal problems, the only one I could think of being some inconsistent behavior when syncing passwords for the clients inside organizations. I find the setting up of Bitwarden locally gruesome.
There was a breaking change when I updated to iOS 18, but by the time I’ve noticed that, it was already fixed in an update.
Interesting. I used it on my phone around that time without issue. Maybe it was already unlocked and I only had to use biometrics to unlock it locally.
I encountered this weird issue yesterday[0] (forum post is not mine but I also could not log in with Safari). It made me think I had somehow forgotten my master password for a while.
How often does Bitwarden go down? I’ve been paying for it for years and years, but I can’t recall it having enough issues to risk self hosting and messing up the configs myself. I’m certainly less reliable as an admin than they are, my computers are always having issues!
No that's actually relevant that he doesn't use it every minute of every day. His anecdote is for his use, and it informs his decision.
But I'll add another anecdote. I have had the same experience. I have never noticed any downtime from bitwarden but my 3 node kubernetes cluster that would host vaultwarden has gone down multiple times. Sometimes just for maintenance.
I self host a lot of stuff but my password vault is not one of them yet.
No, it’s well known that hosting your own stuff usually isn’t as reliable. Unless you’re a professional at hosting servers, it’s probably less safe and less reliable than the paid service. Hosting a server for years and years is hard!
It's not. The barrier for hosting highly available and low-resource services has significantly decreased over the years. As much as I don't like docker and docker-swarm, it has made it easy for an average developer to become an average sysadmin
my workplace selfhosts it, so its not affecting us.