# Self-Hosted Password Manager Research: Vaultwarden vs Alternatives ## Conclusion & Recommendation **Vaultwarden** (formerly bitwarden_rs) is the highly recommended choice for a self-hosted password manager for personal or family use, running on a Synology NAS. It provides the premium experience and cross-platform compatibility of Bitwarden without the massive resource overhead of the official enterprise server. ## Detailed Comparison ### 1. Vaultwarden * **Architecture**: A lightweight, community-driven server implementation of the Bitwarden API written in Rust. * **Resource Usage**: Extremely low CPU/RAM usage. Perfect for a Synology NAS environment. Often requires just a single Docker container. * **Device Support**: 100% compatible with all official Bitwarden clients: * Web Vault * iOS App * Android App * Browser Extensions (Chrome, Firefox, Safari, Edge, etc.) * Desktop Apps (Windows, macOS, Linux) * **Features**: Includes premium Bitwarden features for free, such as: * TOTP (Time-based One-Time Passwords) authenticator * File attachments * Organization/Family sharing * YubiKey / WebAuthn support ### 2. Official Bitwarden Server * **Architecture**: Commercially supported, enterprise-grade architecture using .NET Core and Microsoft SQL Server. * **Resource Usage**: Very heavy. A standard deployment spins up over 10 containers (mssql, web, api, identity, admin, sso, etc.) and consumes gigabytes of RAM. Not ideal for a standard NAS unless it has dedicated enterprise resources. * **Features**: Full enterprise features, directory sync, SSO integrations, commercial support. * **Pros/Cons**: While it is the "official" server, it is complete overkill for individual or small family usage, making Vaultwarden the pragmatic choice. ### 3. Passbolt * **Architecture**: Designed primarily for teams, agencies, and enterprise collaboration with a strong focus on compliance (GDPR, ISO 27001). * **Security Model**: Uses GnuPG (OpenPGP) for encryption, which is excellent for shared passwords but can be more complex for end-users to manage keys. * **Device Support**: Offers Web, iOS, Android, and Browser Extensions. However, the mobile experience is often cited as less "seamless" compared to Bitwarden for simple personal use. * **Ease of Setup**: Complex. It practically requires an SMTP server configuration just to invite your first user and complete the installation process. * **Pros/Cons**: Excellent for businesses needing granular, role-based password sharing, but overly complex and somewhat rigid for an individual home-lab user. ## Next Steps for Repository If you choose to proceed with Vaultwarden, the implementation should follow the repository standards: 1. Create a dedicated `svc-vaultwarden` user on the NAS. 2. Create a `SETUP.md` document for it. 3. Implement an Intelligent Dry-Run script (`create_vaultwarden_folders.sh`). 4. Deploy it via a `docker-compose.portainer.yml` stack grouped with a reverse proxy or cloudflared tunnel for secure remote access.