What types of services are you not willing to self-host?
For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?
You are viewing a single comment
For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?
Smart move, unless you really know what you're doing and have redundancy. When I first made the switch from Lastpass to Bitwarden I had tried to host the vault myself instead of using the cloud version, which worked fine right up until the moment I had a server outage and lost access to all my passwords.
I've managed to keep my KeePass database for almost 20 years going back as far as when I was a dumb teenager. Back then it was as simple as having a couple extra copies on usb drives and Google Drive, but now I keep proper backups.
My take is, I'd rather control it myself, I am responsible enough to take care of my data, and I actually wouldn't trust someone else to do it. That's a huge reason I selfhost in the first place, a lack of trust in others' services. Also, online services are a bigger target because of the number of customers, and maybe even the importance of some of their customers, whereas I'm not a target at all. No one is going to go after me specifically.
I think that's what's kept me at KeePass rather than moving to something like Bitwarden. Since it's file-level encryption, anything that can serve files can also serve my KeePass database. When I upgrade servers or change to different services, restoring my database is as simple as throwing the file into that new service and going on with my life.
Yeah, my recommendation is basically this:
Do you need to share passwords?
No - use KeePass
Yes - use Bitwarden
Eh, the clients all cache your vault. It shouldn't be a huge issue for it to be down even for a few days.
But I do upload encrypted backups of the server every 6 hours to cloud storage
Same.
Plus, my instance is proxies through Clouflare and only IPs from my country are allowed.