this post was submitted on 27 Jun 2026
49 points (100.0% liked)

Selfhosted

60177 readers
559 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
49
Vaultwarden while allowing family emergency access (piefed.blahaj.zone)
submitted 17 hours ago* (last edited 17 hours ago) by CorrectAlias@piefed.blahaj.zone to c/selfhosted@lemmy.world
21 comments fedilink hide all child comments
 

Hi everyone.

Given some recent.. issues with Bitwarden's leadership, I've been toying with Vaultwarden. It's been great, and supports pretty much everything I need.

I currently locally host the vault, but I'm realizing that this could cause problems for my family if something were to happen to me. While not technologically inept, if my server at home crashed they would have no idea how to access it, and they would lose all of the passwords.

I was thinking that a vps might be a better choice for this, possibly with some reboot automation in case of outages. That would allow them enough time to initiate the emergency access and import everything before anything happens to the passwords.

I've also got encrypted M-disc backups of the most important passwords with timestamps of when they were last set. I've demonstrated and written down instructions on how to decrypt these. Of course I also have other backups, but I doubt they'd be able to retrieve the non-physical copies of the backups.

Anyway, is that what most people here do with Vaultwarden, use a VPS with mTLS or VPN? To add, I would only use a tunnel for this if I go this route, so no open ports.

you are viewing a single comment's thread
view the rest of the comments
[–] NaibofTabr@infosec.pub 17 points 14 hours ago* (last edited 14 hours ago)

You are running into the ultimate, and ultimately unavoidable, limitation of self-hosting, which is the self.

You should run a VM on the VPS for Vaultwarden, with no other services in the VM except whatever you need to connect to it remotely. Keep it simple. Run an exact copy of the VM on your local server. Have the VPS instance push its database to the local instance regularly, to keep up with any changes that your users make. Make regular backups of the local instance.

When you need to update the software, freeze an image of the local VM and then update the local VM, then when you're sure it's stable, copy the updated local VM to the VPS. If either the local or VPS instance crashes out, you should be able to recover (or reproduce) one from the other.

In the end though, it is functionally impossible to ensure reliability by yourself. Hosting Vaultwarden on a VPS shifts the responsibility for running the underlying server and network connection to the provider, and probably removing the dependence on your residential network connection will be better for your family/users.

You are still the weak point in your system. You need someone else who can log in to your local server, and into the VPS, and perform recovery if needed. There is no technical solution for this. You cannot be the sole admin, and also ensure reliability for other users.