ArrowLeft Icon

Should You Self-Host Password Managers On-Premises?

📆 · ⏳ 4 min read · · 👀

Introduction

Recently I came across a thread on reddit where the OP mentioned that self hosting a password manager on raspberry Pi is a risky idea because you have to trust the hardware on which the device is running which most likely would be a microSD card.

This led me to think about the pros and cons of self-hosting password managers on-premises. So I started a discussion on r/selfhosted ↗️.

Several insightful responses from the community shed light on the pros and cons of this approach. Let’s explore their perspectives and dive into the heart of the matter: should you self-host your password manager on-premises?

💡

This is my attempt to summarise the overall sentiment of the discussion since its quite long.

But if you are curious and have some extra time in hand, I would highly suggest you to read the entire thread.

The entire discussion can be found here ↗️.

Backup, Backup, Backup

Author: NecessaryPleasant644 - Comment ↗️

One recurring theme among self-hosters is the importance of robust backup strategies. It’s a common belief that if you’re going down the self-hosting path, you better have your backup game strong.

Regular automated backups and offsite copies are key to safeguarding your password vault. It’s like having insurance for your digital credentials.

Redundancy and Accessibility

Author: weaseldum - Comment ↗️

Some users opt for self-hosted solutions like KeepassXC ↗️, taking advantage of their personal NAS.

These solutions offer not just security but also redundancy. By using encryption and caching, you can ensure that even if your self-hosted system goes down temporarily, you can still access your passwords.

Plus, it works smoothly across various platforms, making it a versatile choice. However the OP mentioned that they don’t like any of the available iphone clients.

DIY Homelab Adventure

Author: sassdrew501 - Comment ↗️

Venturing into self-hosting can be an educational adventure. Even if you end up not self-hosting it, it’s an interesting opportunity to enhance your skills in system architecture and data resilience.

I learned about the 3-2-1 backup strategy which states that you should have 3 copies of your data (your actual data and then two copies of it), two different types of storage medias (This could be like an external hard drive or a usb) and, 1 off-site (that way if your house burns down you still have that copy to restore from)

Consider Uptime and ISP Reliability

Author: tyroswork - Comment ↗️

One factor to keep in mind is the near 100% uptime you need to maintain. While self-hosting offers control, it also means you’re at the mercy of your ISP’s reliability.

Losing access to your passwords due to an ISP outage can be a frustrating experience.

However, one thing to note is that if you are self-hosting bitwarden or vaultwarden, the clients for these creates a local encrypted copy of your vault. So even if your server goes down, you can still access your passwords.

Cloud as a Backup Option

This was a general sentiment from many folks in the thread.

Storing backups in the cloud, like a secure S3 bucket, can be part of your strategy. It’s an offsite solution that can save your data in case of catastrophic local failures.

What you can do it if the the vault does not provide encrypted backup, you can encrypt the backup file yourself and upload it to any cloud storage provider like S3, Google Drive, R2 etc.

Trusting Yourself vs. Trusting the Cloud

Again this was a general sentiment from many folks in the thread.

Some users admit they’d rather trust established cloud solutions than their own self-hosting abilities which is totally fair.

The cloud offers convenience and takes the burden of management off your shoulders. It’s a valid choice for those who prioritize simplicity and reliability over full control.

The Verdict

So, should you self-host your password manager on-premises? The answer depends on your level of tech-savviness, your appetite for managing backups and uptime, and your desire for control.

While self-hosting offers many advantages, including increased security and privacy, it comes with added responsibilities.

If you’re considering self-hosting, don’t do it blindly. Take a page from the homelab community’s book: prioritize backups, ensure redundancy, and be prepared for some technical tinkering.

However, if the idea of managing all this seems daunting, cloud-hosted password managers are a reasonable and reliable alternative.

In the end, it’s all about finding the balance between control and convenience that suits your needs.

EnvelopeOpen IconStay up to date

Get notified when I publish something new, and unsubscribe at any time.

Need help with your software project? Let’s talk

You may also like

  • # homelab

    AdGuard Home + Tailscale = Erase Ads on the Go

    Fed up with pesky online ads? In this blog, I'll show you how a dynamic duo, AdGuard Home and Tailscale, can give you ad-free browsing anytime, anywhere. It's a technical adventure that's worth every click.

  • # homelab

    How I Safeguard Essential Data in My Homelab with Off-site Backup on Cloud

    Data is the lifeblood of my homelab, and losing it would be a nightmare. Join me in exploring my backup strategy, featuring rclone and systemd, to keep my databases, vital data, and even passwords safe and sound in the cloud.

  • # cloudflare# homelab

    Unleash the Power of Self-Hosted Services with Cloudflare Tunnels

    Say goodbye to complicated port forwarding and hello to effortless access to your self-hosted services with Cloudflare Tunnels. Discover how to configure and use this game-changing technology.