jeff/portioner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e6cbe708363d7a78d1a02d1fb657c18124901188
portioner/vaultwarden/RESEARCH.md

3.0 KiB
Raw Blame History

Self-Hosted Password Manager Research: Vaultwarden vs Alternatives

Conclusion & Recommendation

Vaultwarden (formerly bitwarden_rs) is the highly recommended choice for a self-hosted password manager for personal or family use, running on a Synology NAS.

It provides the premium experience and cross-platform compatibility of Bitwarden without the massive resource overhead of the official enterprise server.

Detailed Comparison

1. Vaultwarden

  • Architecture: A lightweight, community-driven server implementation of the Bitwarden API written in Rust.
  • Resource Usage: Extremely low CPU/RAM usage. Perfect for a Synology NAS environment. Often requires just a single Docker container.
  • Device Support: 100% compatible with all official Bitwarden clients:
    • Web Vault
    • iOS App
    • Android App
    • Browser Extensions (Chrome, Firefox, Safari, Edge, etc.)
    • Desktop Apps (Windows, macOS, Linux)
  • Features: Includes premium Bitwarden features for free, such as:
    • TOTP (Time-based One-Time Passwords) authenticator
    • File attachments
    • Organization/Family sharing
    • YubiKey / WebAuthn support

2. Official Bitwarden Server

  • Architecture: Commercially supported, enterprise-grade architecture using .NET Core and Microsoft SQL Server.
  • Resource Usage: Very heavy. A standard deployment spins up over 10 containers (mssql, web, api, identity, admin, sso, etc.) and consumes gigabytes of RAM. Not ideal for a standard NAS unless it has dedicated enterprise resources.
  • Features: Full enterprise features, directory sync, SSO integrations, commercial support.
  • Pros/Cons: While it is the "official" server, it is complete overkill for individual or small family usage, making Vaultwarden the pragmatic choice.

3. Passbolt

  • Architecture: Designed primarily for teams, agencies, and enterprise collaboration with a strong focus on compliance (GDPR, ISO 27001).
  • Security Model: Uses GnuPG (OpenPGP) for encryption, which is excellent for shared passwords but can be more complex for end-users to manage keys.
  • Device Support: Offers Web, iOS, Android, and Browser Extensions. However, the mobile experience is often cited as less "seamless" compared to Bitwarden for simple personal use.
  • Ease of Setup: Complex. It practically requires an SMTP server configuration just to invite your first user and complete the installation process.
  • Pros/Cons: Excellent for businesses needing granular, role-based password sharing, but overly complex and somewhat rigid for an individual home-lab user.

Next Steps for Repository

If you choose to proceed with Vaultwarden, the implementation should follow the repository standards:

  1. Create a dedicated svc-vaultwarden user on the NAS.
  2. Create a SETUP.md document for it.
  3. Implement an Intelligent Dry-Run script (create_vaultwarden_folders.sh).
  4. Deploy it via a docker-compose.portainer.yml stack grouped with a reverse proxy or cloudflared tunnel for secure remote access.
Reference in New Issue View Git Blame Copy Permalink