• GoJimi@lemm.ee
      link
      fedilink
      English
      arrow-up
      17
      ·
      4 months ago

      Exactly! Self hosted FTW. Chances of a data breach… Typically pretty minor if you are smart.

      • Pennomi@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        ·
        4 months ago

        Chances of losing the data is higher with selfhosting too. Unless you’re doing some sort of multizone replication, or course.

        • nialv7@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          4 months ago

          I use syncthing so there’s a copy of my password database on each of my devices.

        • GoJimi@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          Yeah. Daily and weekly cloud backups solve that for myself for sure.

        • Lem453@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          Borg backup to borgbase is not very expensive and borg will encrypt the data plus the vault is also encrypted

        • The Pantser@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          I am hosting on Home Assistant which itself gets a backup to my Google drive and my personal machine. So there are two backups, as long as HA doesn’t create a corrupted backup 3 weeks in a row I am good.

        • Russ@bitforged.space
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          As long as you’re still signed into BW from any of your devices, you can always export the vault from there.

          (But yes, actual backups are always a plus)

      • Lem453@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        Keep vaultwarden behind wireguard for local only access then also use https certs and good master password. Very secure like this

          • Lem453@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Security in layers.

            All your services should be using https. Vaultwarden in particular won’t even run without https unless you bypass a bunch of security measures.

            This is how to setup local only and external https, I highly recommend this as a baseline setup for every homelab. It allows you to choose how much security you want on a per app basis and makes adding new apps trivially easy.

            https://youtu.be/liV3c9m_OX8?si=TSWXoN_8SJDpAHaW

    • N1ghtstalk3r@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      4 months ago

      +1 for a self-hosted Vaultwarden instance. If you’re technically capable and have extra hardware laying around this is the best way to go.