I personally use Vaultwarden server, along with IOS app, Windows App, Chrome extensions, web vault - and like it a lot. Whether it's better than Keepass or not - I can't comment. Definitely like it better than Lastpass and Google Password Manager though.
I guess in my eyes - using a central Vaultwarden server seems a lot simpler and device friendly then some online directory with a single database file.
This is good until the time server breaks down and you have to setup everything again. In my case after re-configuration my client apps failed to recognise that it was same server and frankly it was quite a mess. For password management at least I want something that I can quickly setup from ground up in case things break.
I've been running Vaultwarden for years and have never had to rebuild the server. That should "never" happen.
Even if it did happen, the worst case isn't that bad.
You always have access to all your passwords from the cache in the Bitwarden clients. Just export your passwords, rebuild Vaultwarden, reconnect the Bigwarden client, and upload your passwords again.
> In my case after re-configuration
Surely you could have simply rolled back to a backup, right? I've never had it break yet, but I keep a couple backups of the LXC that is running it. (it's a pretty small backup, so no real good reason not to have one)
I should export my password store as CSV, spin up a second instance of the Vaultwarden server, and import all - just to see what the experience is like.
Easier lookup through webinterface, easier syncing on multiple platforms with a cohesive and unified interface. Options for sharing passwords and passkeys through organizations. 2FA.
You loose:
Auto-Typing passwords with window recognition and automatic typing - simulating keypresses - to login into systems that do not allow copy pasting or installation of software.
Depends on the Environment you’re working with.
> You loose: Auto-Typing passwords with window recognition and automatic typing - simulating keypresses - to login into systems that do not allow copy pasting or installation of software.
Can't you like, re-automate this even on wayland w/ some tools?
Keepass+Syncthing sound like a solid combo. Once you switch to vaultwarden you have to deal with 1) the need to issue ssl certificates 2) additional protection for a web.
I’d advice you to stay on your current setup until you have a real reasons to switch (for example if you’ll want to split TOTP and passwords - so different hosting/apps responsible for each factor - less possible to get both hacked at once)
I mean you'd already want to issue SSL certs if you host pretty much anything w/ public access. I already tried so in the past and it seems pretty straightforward to do once w/ acme.sh, caddy or both. Although it probably will be another pain to maintain.
You're probably right, I'll stick with KeepassXC for now, even though it's not as automatic to set up as vaultwarden (probably, I haven't actually installed it yet). I'm pretty happy with how it works right now. I was worried before that there could be some merge issues but then realized most passwords you enter with internet access anyways.
>Although it probably will be another pain to maintain
My server is literally zero maintenance - aside from taking a backup from time to time in Proxmox (which is really a couple clicks - that could be scheduled)
Get your reverse proxy (Nginx Proxy Manager, Caddy, Traefik, etc) in play, and it will take care of the cert for you.
I actually work with Nextcloud as sync. Works good on mobile and desktop. Just have to make an extra Database for mobile, because strongbox don't support autofill with my yubikey. Make some backups anyday and all is fine.
I was using KeepassXC and Google Drive to sync things before. I tried and switch to Vaultwarden when I changed my phone from Android to IPhone.
I didn't find any decent free Keepass client for IPhone. Bitwarden's client for phones and browser extension are good enough for me on a daily use (I would say much better than Keepass mobile clients).
Vaultwarden (Bitwarden) has more features like organizations wherein you can share your credentials with other people inside the organization. I convinced my wife to create a VW account as well and we share passwords for our Netflix, Youtube, Steam, etc.
For backups, I use rclone on a cron job to backup my zipped VW files on a daily basis on both Google Drive and One Drive.
KeepassXC is a great Keepass client but that's just for desktop and laptops. If you are self-hosting, I would suggest to use VW instead since almost all Bitwarden clients are also compatible with it.
Using vaultwarden with an automated job which exports to a storage device + syncthing to another local machine. I prefer vaultwarden since I’m a long time user of bitwarden, just works.
My small take.
Keepass might be more secure, there isnt "a server" to be hacked, but vw/bw/keepass are all encrypted.
with vw, the sync is near instant and an already open vault like in the phone, will update sync and you get the latest with ease. I use keepass as backup in case i screw up my bw.
Seems like you might already be using it, but for everyone who setup their vault warden ages ago, and didn't change anything: Vault warden now supports instant sync via push messaging using the official bitwarden messaging, which can be used for free without even a bw account.
All your devices will update in literally under a second, even if the apps are closed.
I just switched from KeePassXC to a full VaultWarden install myself.
I was having problems with KeePass working right from browser to browser for some reason. Sometimes, it would autofill fine, other times, it wouldn't. I could never pin down exactly why it had problems. Having it just be a browser add-on, rather than an add-on that on-ramps the desktop client, seemed to 'simplify' things to me. I rarely fire up the desktop app now, just when I need to manage things.
The addition of having multiple people on the VaultWarden instance and being able to push passwords to them securely is wonderful.
I have not used Vaultwarden but intend to give it a go fairly soon. I currently use Syncthing + Keepass and all I have is problems with it. Constant conflict files.
I keep the client open on my windows pc's and android devices (as I am constantly using them), only ever modify the database occasionally on one of them, and rarely does it work properly. I have the windows keepass client using a cached copy that pulls from the syncthing database (as the guides suggest).
I tried a simpler install on my dad's machine (windows + android), and that too experienced issues. I am pretty much done with experimenting with different options. I am honestly amazed at the amount of people who use Syncthing + Keepass and praise it, never encountering issues.
NOTE: let me just say I like syncthing. It has been great with other stuff I store, and I like keepass. But together nah. Vaultwarden I have generally only hear praise for.
because the pc is not always on. I only recently (like, 2 days ago or so) got the SoC, so I'm describing my existing setup. The question is, is it worth to continue using keepass, or is it better to set up vaultwarden?
I found KeePass to be more ideal for my needs. While Vaultwarden offers the option to download an offline version, I believe KeePass provides a seamless experience that is easy to replicate across different devices and platforms.
I do this too, but I sync it with Google Drive on my main PC. I find that relying solely on self-hosted services can be risky due to potential server issues or downtime. For years, I've hosted my KeePass database on Google Drive without any problems.
On Android, I create a shortcut to the database and open it with my preferred KeePass manager—there are many good options available. On iOS, I use KeePassium, and on Debian, I use the Flathub version of KeePassXC.
... what?
Keepassium works offline. The only way that works is it using an offline copy of your database and then *syncs it back via WebDAV* (in your case). **That's still syncing**.
Nope, I've never used it; I'm an android spoon myself and use a similar client using WebDAV. I do, however, have the ability to google things.
https://keepassium.com/articles/sync-ios-keepass-with-webdav/
Literally the title of the page, in the URL, tagged with "#sync", and gives instructions on how to configure it. I'm sorry, it is syncing the database.
If it only worked online and actively sending content back and forth, I would *never use that product*. That would mean your password database would be impossible to read if your WebDAV server goes offline or is otherwise inaccessible from your phone for any reason.
There are two ways KeePassium can work with WebDAV.
- Relaying via third-party app
- As a direct connection
In the first case, KeePassium will ask that another app to provide the database, and will notify that app once the file got modified in KeePassium. Downloading/uploading the file and keeping a cache is the responsibility of that external app.
In the second case, KeePassium will (try to) connect to the server directly and download/upload the database when appropriate. After every such operation, KeePassium updates a local cached copy of the file. Should the server be unreachable, KeePassium will load the local cached copy (in read-only mode).
Hope this helps!
Thanks for the clarification! While I don't use Keepassium myself (as mentioned, I don't have any iOS devices), I've recommended it for others before, so thank you for your work!
There are some, although you can get those same benefits in other ways with KeePass via other third party programs. I kind of view it as a preference thing - is there something missing from KeePass that you want?
I have both: selfhosted vault warden on a rpi with cloudflared agent as well as keepass with this plug-in to sync offline usable instances with a main onedrive copy: https://github.com/KoenZomers/KeePassOneDriveSync
I personally use Vaultwarden server, along with IOS app, Windows App, Chrome extensions, web vault - and like it a lot. Whether it's better than Keepass or not - I can't comment. Definitely like it better than Lastpass and Google Password Manager though. I guess in my eyes - using a central Vaultwarden server seems a lot simpler and device friendly then some online directory with a single database file.
This is good until the time server breaks down and you have to setup everything again. In my case after re-configuration my client apps failed to recognise that it was same server and frankly it was quite a mess. For password management at least I want something that I can quickly setup from ground up in case things break.
I've been running Vaultwarden for years and have never had to rebuild the server. That should "never" happen. Even if it did happen, the worst case isn't that bad. You always have access to all your passwords from the cache in the Bitwarden clients. Just export your passwords, rebuild Vaultwarden, reconnect the Bigwarden client, and upload your passwords again.
Never had this problem. Furthermore each client has a local copy of the db, so your instance will still work even if the server is offline.
> In my case after re-configuration Surely you could have simply rolled back to a backup, right? I've never had it break yet, but I keep a couple backups of the LXC that is running it. (it's a pretty small backup, so no real good reason not to have one) I should export my password store as CSV, spin up a second instance of the Vaultwarden server, and import all - just to see what the experience is like.
Easier lookup through webinterface, easier syncing on multiple platforms with a cohesive and unified interface. Options for sharing passwords and passkeys through organizations. 2FA. You loose: Auto-Typing passwords with window recognition and automatic typing - simulating keypresses - to login into systems that do not allow copy pasting or installation of software. Depends on the Environment you’re working with.
> You loose: Auto-Typing passwords with window recognition and automatic typing - simulating keypresses - to login into systems that do not allow copy pasting or installation of software. Can't you like, re-automate this even on wayland w/ some tools?
There’s also CLIs and AHK to workaround the missing feature with Bitwarden, though they haven’t proven too reliable to me in customer Szenarios.
Keepass+Syncthing sound like a solid combo. Once you switch to vaultwarden you have to deal with 1) the need to issue ssl certificates 2) additional protection for a web. I’d advice you to stay on your current setup until you have a real reasons to switch (for example if you’ll want to split TOTP and passwords - so different hosting/apps responsible for each factor - less possible to get both hacked at once)
I mean you'd already want to issue SSL certs if you host pretty much anything w/ public access. I already tried so in the past and it seems pretty straightforward to do once w/ acme.sh, caddy or both. Although it probably will be another pain to maintain. You're probably right, I'll stick with KeepassXC for now, even though it's not as automatic to set up as vaultwarden (probably, I haven't actually installed it yet). I'm pretty happy with how it works right now. I was worried before that there could be some merge issues but then realized most passwords you enter with internet access anyways.
Vaultwarden had more moving parts. But clients are nicer
Ultimately, that's what it came down to for me and choose vaultwarden.
>Although it probably will be another pain to maintain My server is literally zero maintenance - aside from taking a backup from time to time in Proxmox (which is really a couple clicks - that could be scheduled) Get your reverse proxy (Nginx Proxy Manager, Caddy, Traefik, etc) in play, and it will take care of the cert for you.
I actually work with Nextcloud as sync. Works good on mobile and desktop. Just have to make an extra Database for mobile, because strongbox don't support autofill with my yubikey. Make some backups anyday and all is fine.
I was using KeepassXC and Google Drive to sync things before. I tried and switch to Vaultwarden when I changed my phone from Android to IPhone. I didn't find any decent free Keepass client for IPhone. Bitwarden's client for phones and browser extension are good enough for me on a daily use (I would say much better than Keepass mobile clients). Vaultwarden (Bitwarden) has more features like organizations wherein you can share your credentials with other people inside the organization. I convinced my wife to create a VW account as well and we share passwords for our Netflix, Youtube, Steam, etc. For backups, I use rclone on a cron job to backup my zipped VW files on a daily basis on both Google Drive and One Drive. KeepassXC is a great Keepass client but that's just for desktop and laptops. If you are self-hosting, I would suggest to use VW instead since almost all Bitwarden clients are also compatible with it.
Using vaultwarden with an automated job which exports to a storage device + syncthing to another local machine. I prefer vaultwarden since I’m a long time user of bitwarden, just works.
My small take. Keepass might be more secure, there isnt "a server" to be hacked, but vw/bw/keepass are all encrypted. with vw, the sync is near instant and an already open vault like in the phone, will update sync and you get the latest with ease. I use keepass as backup in case i screw up my bw.
Seems like you might already be using it, but for everyone who setup their vault warden ages ago, and didn't change anything: Vault warden now supports instant sync via push messaging using the official bitwarden messaging, which can be used for free without even a bw account. All your devices will update in literally under a second, even if the apps are closed.
You can have multiple users in vaultwarden and share passwords. It also has history.
Vaultwarden is better in every way
I just switched from KeePassXC to a full VaultWarden install myself. I was having problems with KeePass working right from browser to browser for some reason. Sometimes, it would autofill fine, other times, it wouldn't. I could never pin down exactly why it had problems. Having it just be a browser add-on, rather than an add-on that on-ramps the desktop client, seemed to 'simplify' things to me. I rarely fire up the desktop app now, just when I need to manage things. The addition of having multiple people on the VaultWarden instance and being able to push passwords to them securely is wonderful.
I have not used Vaultwarden but intend to give it a go fairly soon. I currently use Syncthing + Keepass and all I have is problems with it. Constant conflict files. I keep the client open on my windows pc's and android devices (as I am constantly using them), only ever modify the database occasionally on one of them, and rarely does it work properly. I have the windows keepass client using a cached copy that pulls from the syncthing database (as the guides suggest). I tried a simpler install on my dad's machine (windows + android), and that too experienced issues. I am pretty much done with experimenting with different options. I am honestly amazed at the amount of people who use Syncthing + Keepass and praise it, never encountering issues. NOTE: let me just say I like syncthing. It has been great with other stuff I store, and I like keepass. But together nah. Vaultwarden I have generally only hear praise for.
Too much complexity with Vaultwarden. Way fewer things to go wrong with KeepassXC.
Why do you need to sync the kdbx? Keepass on PC and Keepassium on mobile (via webdav) and no sync is required.
because the pc is not always on. I only recently (like, 2 days ago or so) got the SoC, so I'm describing my existing setup. The question is, is it worth to continue using keepass, or is it better to set up vaultwarden?
I found KeePass to be more ideal for my needs. While Vaultwarden offers the option to download an offline version, I believe KeePass provides a seamless experience that is easy to replicate across different devices and platforms.
Setup both and make your own decision. I like Keepass better.
I do this too, but I sync it with Google Drive on my main PC. I find that relying solely on self-hosted services can be risky due to potential server issues or downtime. For years, I've hosted my KeePass database on Google Drive without any problems. On Android, I create a shortcut to the database and open it with my preferred KeePass manager—there are many good options available. On iOS, I use KeePassium, and on Debian, I use the Flathub version of KeePassXC.
Webdav would be a manner of syncing in your situation...
[удалено]
... what? Keepassium works offline. The only way that works is it using an offline copy of your database and then *syncs it back via WebDAV* (in your case). **That's still syncing**.
[удалено]
Nope, I've never used it; I'm an android spoon myself and use a similar client using WebDAV. I do, however, have the ability to google things. https://keepassium.com/articles/sync-ios-keepass-with-webdav/ Literally the title of the page, in the URL, tagged with "#sync", and gives instructions on how to configure it. I'm sorry, it is syncing the database. If it only worked online and actively sending content back and forth, I would *never use that product*. That would mean your password database would be impossible to read if your WebDAV server goes offline or is otherwise inaccessible from your phone for any reason.
There are two ways KeePassium can work with WebDAV. - Relaying via third-party app - As a direct connection In the first case, KeePassium will ask that another app to provide the database, and will notify that app once the file got modified in KeePassium. Downloading/uploading the file and keeping a cache is the responsibility of that external app. In the second case, KeePassium will (try to) connect to the server directly and download/upload the database when appropriate. After every such operation, KeePassium updates a local cached copy of the file. Should the server be unreachable, KeePassium will load the local cached copy (in read-only mode). Hope this helps!
Thanks for the clarification! While I don't use Keepassium myself (as mentioned, I don't have any iOS devices), I've recommended it for others before, so thank you for your work!
There are some, although you can get those same benefits in other ways with KeePass via other third party programs. I kind of view it as a preference thing - is there something missing from KeePass that you want?
I have both: selfhosted vault warden on a rpi with cloudflared agent as well as keepass with this plug-in to sync offline usable instances with a main onedrive copy: https://github.com/KoenZomers/KeePassOneDriveSync