Should You Self-Host Password Managers On-Premises?

📆 · ⏳ 4 min read · ·

Introduction

Recently I came across a thread on reddit where the OP mentioned that self hosting a password manager on raspberry Pi is a risky idea because you have to trust the hardware on which the device is running which most likely would be a microSD card.

This led me to think about the pros and cons of self-hosting password managers on-premises. So I started a discussion on r/selfhosted ↗️.

Several insightful responses from the community shed light on the pros and cons of this approach. Let’s explore their perspectives and dive into the heart of the matter: should you self-host your password manager on-premises?

đź’ˇ

This is my attempt to summarise the overall sentiment of the discussion since its quite long.

But if you are curious and have some extra time in hand, I would highly suggest you to read the entire thread.

The entire discussion can be found here ↗️.

Backup, Backup, Backup

Author: NecessaryPleasant644 - Comment ↗️

One recurring theme among self-hosters is the importance of robust backup strategies. It’s a common belief that if you’re going down the self-hosting path, you better have your backup game strong.

Regular automated backups and offsite copies are key to safeguarding your password vault. It’s like having insurance for your digital credentials.

Redundancy and Accessibility

Author: weaseldum - Comment ↗️

Some users opt for self-hosted solutions like KeepassXC ↗️, taking advantage of their personal NAS.

These solutions offer not just security but also redundancy. By using encryption and caching, you can ensure that even if your self-hosted system goes down temporarily, you can still access your passwords.

Plus, it works smoothly across various platforms, making it a versatile choice. However the OP mentioned that they don’t like any of the available iphone clients.

DIY Homelab Adventure

Author: sassdrew501 - Comment ↗️

Venturing into self-hosting can be an educational adventure. Even if you end up not self-hosting it, it’s an interesting opportunity to enhance your skills in system architecture and data resilience.

I learned about the 3-2-1 backup strategy which states that you should have 3 copies of your data (your actual data and then two copies of it), two different types of storage medias (This could be like an external hard drive or a usb) and, 1 off-site (that way if your house burns down you still have that copy to restore from)

Consider Uptime and ISP Reliability

Author: tyroswork - Comment ↗️

One factor to keep in mind is the near 100% uptime you need to maintain. While self-hosting offers control, it also means you’re at the mercy of your ISP’s reliability.

Losing access to your passwords due to an ISP outage can be a frustrating experience.

However, one thing to note is that if you are self-hosting bitwarden or vaultwarden, the clients for these creates a local encrypted copy of your vault. So even if your server goes down, you can still access your passwords.

Cloud as a Backup Option

This was a general sentiment from many folks in the thread.

Storing backups in the cloud, like a secure S3 bucket, can be part of your strategy. It’s an offsite solution that can save your data in case of catastrophic local failures.

What you can do it if the the vault does not provide encrypted backup, you can encrypt the backup file yourself and upload it to any cloud storage provider like S3, Google Drive, R2 etc.

Trusting Yourself vs. Trusting the Cloud

Again this was a general sentiment from many folks in the thread.

Some users admit they’d rather trust established cloud solutions than their own self-hosting abilities which is totally fair.

The cloud offers convenience and takes the burden of management off your shoulders. It’s a valid choice for those who prioritize simplicity and reliability over full control.

The Verdict

So, should you self-host your password manager on-premises? The answer depends on your level of tech-savviness, your appetite for managing backups and uptime, and your desire for control.

While self-hosting offers many advantages, including increased security and privacy, it comes with added responsibilities.

If you’re considering self-hosting, don’t do it blindly. Take a page from the homelab community’s book: prioritize backups, ensure redundancy, and be prepared for some technical tinkering.

However, if the idea of managing all this seems daunting, cloud-hosted password managers are a reasonable and reliable alternative.

In the end, it’s all about finding the balance between control and convenience that suits your needs.

You may also like

  • # homelab# selfhosted# networking

    Setup Caddy with automatic SSL certificates with Cloudflare

    Recently I migrated my homelab from using Nginx with local domain certificates to using Caddy with automatic SSL certificates from Cloudflare. This post will go over the steps I took to set up Caddy with Cloudflare.

  • # homelab# selfhosted

    PairDrop — Transfer files between devices seamlessly

    PairDrop is a self-hosted file transfer service that allows you to transfer files between devices seamlessly. It is a great alternative to services like Airdrop, Snapdrop, and ShareDrop.

  • # linux# homelab# selfhosted

    Setup Jellyfin with Hardware Acceleration on Orange Pi 5 (Rockchip RK3558)

    Recently I moved my Jellyfin to an Orange Pi 5 Plus server. The Orange Pi 5 has a Rockchip RK3558 SoC with integrated ARM Mali-G610. This guide will show you how to set up Jellyfin with hardware acceleration on the Orange Pi 5.