You can still self-host on a rented VPS. And unless you have a managed VPS, then you’re still responsible for the security, and managed hosting is far too restrictive in terms of what you can do. It’s just up to you to decide if you trust that company to host your box.

And running one at home is cheap as hell.

This is exactly why I host my own stuff. I know how to tighten up the security to the point where it’s just as safe as it would be sitting on some other companies’ system, and I don’t have to worry about what they’re doing with my data, or a data breach. Seen too many companies that are lax on security (such as LastPass).

I throw extra encryption in place when means even if someone were to be able to gain physical access; they’ve got a hell of a brute force to go through just to break one part.

$5 gives you anyting you want.

Yup. The feature smacks you in the face.

It’s good if you like self-hosting stuff.

However, what I tell people is this:

If you know jack about security and how to lock down a machine that is running Vaultwarden, then it’s useless. You should go with Bitwarden.

If you’re looking to install it just to play around with, I would be very cautious about what you store there, unless you can lock the system down to where it’s not accessible by the outside internet and localized only to your network.

And I have redundant backups in place in case one decides to fail, which are all encrypted with GPG and a few other measures.

If you have it installed and not accessible to anyone else but you, it’s a fun project. I like using VW and BW.

The other bonus would be no one is going to look to target you specifically unless you’re turned into a target.

Whereas if BW were to be breached, it wouldn’t have anything to do with you.

However, BW utilizes encryption, so even if they did somehow manage to get in, they can’t read your passwords.

Honestly, what I’m missing is I wish Keybase would release their server source code.

Zoom has ran that software into the ground and buried keybase in a pile of sh*t. It would be like 10 Christmases in one if someone reversed the client to create an open-source server solution or Zoom released the server code for keybase.

I love Keybase. Absolutely love that program. I HATE the company who owns it.

You should be backing up your secrets to some type of app like Vaultwarden or KeePassXC.

And you shouldn’t need to VM host an android OS just to have a secondary means of authenticating. There are plenty of apps out there that support adding your secrets.

Vaultwarden, Bitwarden, KeePassXC, or hell, a Yubikey 5 device and then use Yubikey Authenticator.

Another option which I’ve used in the past is that you can set your domain up with Cloudflare and then either utilize a Tunnel, or restrict the domain to your own IP address and it will block all external traffic. I’ve utilized it for several projects and it has always worked flawlessly. Haven’t tried the Traefik / HAproxy method.

But Certbot / LetsEncrypt is extremely easy to use.