44 lines
3.0 KiB
Markdown
44 lines
3.0 KiB
Markdown
|
# Self-Hosted Password Manager Research: Vaultwarden vs Alternatives
|
||
|
|
|
||
|
|
## Conclusion & Recommendation
|
||
|
|
**Vaultwarden** (formerly bitwarden_rs) is the highly recommended choice for a self-hosted password manager for personal or family use, running on a Synology NAS.
|
||
|
|
|
||
|
|
It provides the premium experience and cross-platform compatibility of Bitwarden without the massive resource overhead of the official enterprise server.
|
||
|
|
|
||
|
|
## Detailed Comparison
|
||
|
|
|
||
|
|
### 1. Vaultwarden
|
||
|
|
* **Architecture**: A lightweight, community-driven server implementation of the Bitwarden API written in Rust.
|
||
|
|
* **Resource Usage**: Extremely low CPU/RAM usage. Perfect for a Synology NAS environment. Often requires just a single Docker container.
|
||
|
|
* **Device Support**: 100% compatible with all official Bitwarden clients:
|
||
|
|
* Web Vault
|
||
|
|
* iOS App
|
||
|
|
* Android App
|
||
|
|
* Browser Extensions (Chrome, Firefox, Safari, Edge, etc.)
|
||
|
|
* Desktop Apps (Windows, macOS, Linux)
|
||
|
|
* **Features**: Includes premium Bitwarden features for free, such as:
|
||
|
|
* TOTP (Time-based One-Time Passwords) authenticator
|
||
|
|
* File attachments
|
||
|
|
* Organization/Family sharing
|
||
|
|
* YubiKey / WebAuthn support
|
||
|
|
|
||
|
|
### 2. Official Bitwarden Server
|
||
|
|
* **Architecture**: Commercially supported, enterprise-grade architecture using .NET Core and Microsoft SQL Server.
|
||
|
|
* **Resource Usage**: Very heavy. A standard deployment spins up over 10 containers (mssql, web, api, identity, admin, sso, etc.) and consumes gigabytes of RAM. Not ideal for a standard NAS unless it has dedicated enterprise resources.
|
||
|
|
* **Features**: Full enterprise features, directory sync, SSO integrations, commercial support.
|
||
|
|
* **Pros/Cons**: While it is the "official" server, it is complete overkill for individual or small family usage, making Vaultwarden the pragmatic choice.
|
||
|
|
|
||
|
|
### 3. Passbolt
|
||
|
|
* **Architecture**: Designed primarily for teams, agencies, and enterprise collaboration with a strong focus on compliance (GDPR, ISO 27001).
|
||
|
|
* **Security Model**: Uses GnuPG (OpenPGP) for encryption, which is excellent for shared passwords but can be more complex for end-users to manage keys.
|
||
|
|
* **Device Support**: Offers Web, iOS, Android, and Browser Extensions. However, the mobile experience is often cited as less "seamless" compared to Bitwarden for simple personal use.
|
||
|
|
* **Ease of Setup**: Complex. It practically requires an SMTP server configuration just to invite your first user and complete the installation process.
|
||
|
|
* **Pros/Cons**: Excellent for businesses needing granular, role-based password sharing, but overly complex and somewhat rigid for an individual home-lab user.
|
||
|
|
|
||
|
|
## Next Steps for Repository
|
||
|
|
If you choose to proceed with Vaultwarden, the implementation should follow the repository standards:
|
||
|
|
1. Create a dedicated `svc-vaultwarden` user on the NAS.
|
||
|
|
2. Create a `SETUP.md` document for it.
|
||
|
|
3. Implement an Intelligent Dry-Run script (`create_vaultwarden_folders.sh`).
|
||
|
|
4. Deploy it via a `docker-compose.portainer.yml` stack grouped with a reverse proxy or cloudflared tunnel for secure remote access.
|