Should You Self-Host Password Managers On-Premises?

📆 · ⏳ 4 min read ·
# homelab
·

Introduction

Recently I came across a thread on reddit where the OP mentioned that self hosting a password manager on raspberry Pi is a risky idea because you have to trust the hardware on which the device is running which most likely would be a microSD card.

This led me to think about the pros and cons of self-hosting password managers on-premises. So I started a discussion on r/selfhosted ↗️.

Several insightful responses from the community shed light on the pros and cons of this approach. Let’s explore their perspectives and dive into the heart of the matter: should you self-host your password manager on-premises?

đź’ˇ

This is my attempt to summarise the overall sentiment of the discussion since its quite long.

But if you are curious and have some extra time in hand, I would highly suggest you to read the entire thread.

The entire discussion can be found here ↗️.

Backup, Backup, Backup

Author: NecessaryPleasant644 - Comment ↗️

One recurring theme among self-hosters is the importance of robust backup strategies. It’s a common belief that if you’re going down the self-hosting path, you better have your backup game strong.

Regular automated backups and offsite copies are key to safeguarding your password vault. It’s like having insurance for your digital credentials.

Redundancy and Accessibility

Author: weaseldum - Comment ↗️

Some users opt for self-hosted solutions like KeepassXC ↗️, taking advantage of their personal NAS.

These solutions offer not just security but also redundancy. By using encryption and caching, you can ensure that even if your self-hosted system goes down temporarily, you can still access your passwords.

Plus, it works smoothly across various platforms, making it a versatile choice. However the OP mentioned that they don’t like any of the available iphone clients.

DIY Homelab Adventure

Author: sassdrew501 - Comment ↗️

Venturing into self-hosting can be an educational adventure. Even if you end up not self-hosting it, it’s an interesting opportunity to enhance your skills in system architecture and data resilience.

I learned about the 3-2-1 backup strategy which states that you should have 3 copies of your data (your actual data and then two copies of it), two different types of storage medias (This could be like an external hard drive or a usb) and, 1 off-site (that way if your house burns down you still have that copy to restore from)

Consider Uptime and ISP Reliability

Author: tyroswork - Comment ↗️

One factor to keep in mind is the near 100% uptime you need to maintain. While self-hosting offers control, it also means you’re at the mercy of your ISP’s reliability.

Losing access to your passwords due to an ISP outage can be a frustrating experience.

However, one thing to note is that if you are self-hosting bitwarden or vaultwarden, the clients for these creates a local encrypted copy of your vault. So even if your server goes down, you can still access your passwords.

Cloud as a Backup Option

This was a general sentiment from many folks in the thread.

Storing backups in the cloud, like a secure S3 bucket, can be part of your strategy. It’s an offsite solution that can save your data in case of catastrophic local failures.

What you can do it if the the vault does not provide encrypted backup, you can encrypt the backup file yourself and upload it to any cloud storage provider like S3, Google Drive, R2 etc.

Trusting Yourself vs. Trusting the Cloud

Again this was a general sentiment from many folks in the thread.

Some users admit they’d rather trust established cloud solutions than their own self-hosting abilities which is totally fair.

The cloud offers convenience and takes the burden of management off your shoulders. It’s a valid choice for those who prioritize simplicity and reliability over full control.

The Verdict

So, should you self-host your password manager on-premises? The answer depends on your level of tech-savviness, your appetite for managing backups and uptime, and your desire for control.

While self-hosting offers many advantages, including increased security and privacy, it comes with added responsibilities.

If you’re considering self-hosting, don’t do it blindly. Take a page from the homelab community’s book: prioritize backups, ensure redundancy, and be prepared for some technical tinkering.

However, if the idea of managing all this seems daunting, cloud-hosted password managers are a reasonable and reliable alternative.

In the end, it’s all about finding the balance between control and convenience that suits your needs.

Share on

Share on Twitter

Need help with your software project? Let’s talk

Previous Article

Selecting the Right Git Merging Strategy: Merge Commit, Squash and Merge, or Rebase and Merge

Next Article

Handling Failures in Distributed Systems: The Circuit Breaker Pattern Explained

You may also like

  • # homelab

    Ansible — Configuration as Code for building up my Homelab

    I have been using Ansible to manage my homelab infrastructure. It's a great tool to automate the deployment and configuration of servers and services. Let me share with you how I use Ansible to manage my homelab.

  • # homelab# networking

    AdGuard Home — Network Wide Ad Blocking in your Homelab

    Let's talk about AdGuardHome, a network-wide ad blocking software that you can run in your homelab. It's a great way to block ads and trackers on your network without having to install ad blockers on every device.

  • # homelab# networking

    Nginx — The reverse proxy in my Homelab

    Nginx is a powerful reverse proxy that I use in my homelab to expose services to the internet. In this post, I'll show you how I use it and how you can use it too.