= How do I host my bitwarden vault through a VPS like Vultr? =
Yes. I am aware that bitwarden's servers are already quite secure, but I think it just makes more sense hosting something so crucial to one's online life, or life if you will, to be on your server and in your full control. Also I have been hearing quite a bit about VaultWarden, I would really appreciate it if you could briefly explain its purpose. Thanks Folks!
If you have to ask how you host Bitwarden on a VPS IâÃÂÃÂm fairly confident you wonâÃÂÃÂt be able to secure it as well as Bitwarden can
Also, Vultr isnâÃÂÃÂt your server and you are not in full control of it
IâÃÂÃÂm all for self hosting some apps and I self host Vaultwarden but I feel confident with what IâÃÂÃÂm doing and I also donâÃÂÃÂt expose mine to the internet. Mine is only available over VPN
But if you still want to do it then Bitwarden or Vaultwarden can run in Docker so if youâÃÂÃÂve used Docker before you should be able to install BW / VW on a VPS like youâÃÂÃÂd run any other app
makes more sense hosting something so crucial to one's online life
No it doesn't make more sense
First, Bitwarden is a "zero knowledge architecture". Without going into the details, you don't gain any security by self hosting. As a matter of fact, unless you spend hours a day on the task, you might actually lose security by doing that. More on that in a moment
The big thing you lose by self hosting is RELIABILITY. Losing access, even temporarily, to your vault is a threat surface. Ask yourself the following questions:
Do you have an uninterruptible power supply for when a power pole is knocked down?
Do you have a backup generator in case the repairs take longer than the UPS provides?
Do you have a second ISP in case your ISP goes out? Will your server automatically switch over to using it?
Do you have a spare router provisioned and ready to go in case your primary router fails? Same question for the modems for both your primary and secondary ISP?
Do you have a spare server provisioned and ready to run in case your server dies? Will it switch over automatically based on failing health checks?
Is your database running on a RAID-5 or better, so that if you have a single disk failure, your database is unaffected?
Do you have spare compatible disks for your RAID-5 when the disk fails?
What is your backup strategy? How often do you create backups? How are they protected (both physically and against ransomware interposing into your backup processes)? Are at least one set of backups offsite? Are those backups physically secure as well?
What kind of physical security do you have on your data center? Locked doors? Monitored intruder alarms? Dedicated response team?
How about computer friendly fire suppression like halon, to protect your hardware as well as your data? Heaven forfend dousing your RAID-5 with water if you have a fire!
Do you have 24x7 operators ready to respond to push alerts for any of the above issues and adjust your running system?
Do you have system administrators constantly monitoring your container configurations looking for patches and upgrades, deciding if and when they need to be applied? (Trust me, these are nearly daily occurrences.)
Do you have redundant hardware so that rolling deploys of these patches can be applied with zero downtime for you? How are these applied and monitored?
Do you have 24x7 health checks and push alerts so that you get immediate notification when anomalous events (server down, performance degradation, unusual network traffic, intermittent hardware errors, etc
You see? Those on-prem deployments are the Bad Old Days. Thank heavens for modern cloud deployments. Bitwarden gives this to you for free! (But I urge you to pay the $10/year. If you actually use your vault, you are supporting a worthwhile enterprise.)
And having someone like 8bit staying on top of critical patches and applying them in a timely manner is an essential part of keeping your system secure. As I mentioned earlier, keeping up with the patches is a time consuming job: which patches to apply, when to apply them, rollback plans if they failnot a trivial task
I like VaultWarden. I really do. But you and I should regard it as a laudable proof of concept, demonstrating the true open source nature of Bitwarden
I suppose, as well, that if 8bit went out of business, it is also reassuring to know any one of us has an option to keep our vault alive and available. But considering the huge popularity of Bitwarden, this is not a salient threat surface
Disclaimer: I am a software developer with over 40 years of experience, currently working in a cloud deployed devops environment. It is precisely because of my experience that I know thatNO I am not interested in self hosting. I will give Bitwarden my $10/year and let them work with Azure to host my vault. Their service is atno less secure than if I were to host it myself, and I guarantee you, it's more reliable
== About Community ==
Security Conscious Users
In the Vault
Reddit
