Selfhosted

39574 readers

427 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

[email protected]

164

Why self host a password manager? (programming.dev)

submitted 3 days ago by [email protected] to c/[email protected]

154 comments fedilink hide all child comments

I'm going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden's paid tier is only $10 a year which I'm happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn't need any additional hardware.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 3 days ago (2 children)

This is what recommend as well. The various KeePasses all to pretty good jobs of merging databases, in case of sync conflicts, and you can utterly ignore whether you're online or not. Plus, there's a really fantastic tool, written by a veritable genius of a developer, that lets you use a KeePass DB as a secret service on your desktop.

[–] [email protected] 5 points 3 days ago

You delicious bastard! Thanks for the rook tip.

[–] [email protected] 2 points 2 days ago (1 children)

But keepassxc already provides a secret service ootb?

[–] [email protected] 1 points 2 days ago (1 children)

KeePassXC can't be run in headless mode, and the GUI is tightly coupled to the app. You have to have all of X installed, and have a display running, to run it.

Here's the runtime dependencies of KeePassXC:

linux-vdso.so.1
libQt5Svg.so.5
libqrencode.so.4
libQt5Concurrent.so.5
libpcsclite.so.1
libargon2.so.1
libQt5Network.so.5
libQt5Widgets.so.5
libbotan-3.so.5
libz.so.1
libminizip.so.1
libQt5DBus.so.5
libusb-1.0.so.0
libQt5X11Extras.so.5
libQt5Gui.so.5
libQt5Core.so.5
libX11.so.6
libstdc++.so.6
libm.so.6
libgcc_s.so.1
libc.so.6
/lib64/ld-linux-x86-64.so.2
libgssapi_krb5.so.2
libproxy.so.1
libssl.so.3
libcrypto.so.3
libbz2.so.1.0
liblzma.so.5
libsqlite3.so.0
libdbus-1.so.3
libudev.so.1
libGL.so.1
libpng16.so.16
libharfbuzz.so.0
libmd4c.so.0
libsystemd.so.0
libdouble-conversion.so.3
libicui18n.so.75
libicuuc.so.75
libpcre2-16.so.0
libzstd.so.1
libglib-2.0.so.0
libxcb.so.1
libkrb5.so.3
libk5crypto.so.3
libcom_err.so.2
libkrb5support.so.0
libkeyutils.so.1
libresolv.so.2
libpxbackend-1.0.so
libgobject-2.0.so.0
libcap.so.2
libGLdispatch.so.0
libGLX.so.0
libfreetype.so.6
libgraphite2.so.3
libicudata.so.75
libpcre2-8.so.0
libXau.so.6
libXdmcp.so.6
libcurl.so.4
libgio-2.0.so.0
libduktape.so.207
libffi.so.8
libbrotlidec.so.1
libnghttp3.so.9
libnghttp2.so.14
libidn2.so.0
libssh2.so.1
libpsl.so.5
libgmodule-2.0.so.0
libmount.so.1
libbrotlicommon.so.1
libunistring.so.5
libblkid.so.1

I don't know why it links to a systemd library. Here are the runtime dependencies of rook:

linux-vdso.so.1
libresolv.so.2
libc.so.6
/lib64/ld-linux-x86-64.so.2

Don't get me wrong: KeePassXC is one of my favorite programs. But don't leave it running all the time, and it can't be run on headless systems.

[–] [email protected] 2 points 2 days ago (1 children)

I see, thanks for explaining. So IIUC, rook is intended for headless systems?

[–] [email protected] 1 points 2 days ago

I use it for everything, but then, I wrote it. All of the desktop secret service tools have desktop dependencies (Gnome's uses Gnome libraries, KDE's pulls some KDE libraries) and run through DBUS; since I don't use a DE, it's a fair bit of unnecessary bloat. And I don't like GUI apps that just hang around in the background consuming resources. I open KeePassXC when I need to make changes to the DB, and then I shut it down. Otherwise, it hangs out in my task bar, distracting me.

Rook is for people who want to run on headless systems, or want to minimize resources usage, or don't use a desktop environment (such as Gnome or KDE), or don't run DBUS, or don't run systemd. It's for people who don't want a bunch of applications running in the background in their task bar. KeePassXC providing a secret service is great, but it's overkill if that's most of what it's providing for you, most of the time.

I don't think took is for everyone, or even for most people. It's for people who like to live mostly in the command line, or even in VTs.