Hi everyone.

Given some recent… issues with Bitwarden’s leadership, I’ve been toying with Vaultwarden. It’s been great, and supports pretty much everything I need.

I currently locally host the vault, but I’m realizing that this could cause problems for my family if something were to happen to me. While not technologically inept, if my server at home crashed they would have no idea how to access it, and they would lose all of the passwords.

I was thinking that a vps might be a better choice for this, possibly with some reboot automation in case of outages. That would allow them enough time to initiate the emergency access and import everything before anything happens to the passwords.

I’ve also got encrypted M-disc backups of the most important passwords with timestamps of when they were last set. I’ve demonstrated and written down instructions on how to decrypt these. Of course I also have other backups, but I doubt they’d be able to retrieve the non-physical copies of the backups.

Anyway, is that what most people here do with Vaultwarden, use a VPS with mTLS or VPN? To add, I would only use a tunnel for this if I go this route, so no open ports.

  • BartyDeCanter@piefed.socialEnglish
    14·
    17 hours ago

    I run Vaultwarden on a VPS for some family and friends, along with a few other services. The way I have dealt with this is a physical printed out letter that explains the basic setup, where my digital notes/config/dockerfiles are, and most importantly what bills need paid to keep it all running. Next to that is a sealed envelope with recovery passwords to my vault and some other things.

    Both of them are kept next to my will in a filing cabinet, so that if I’m hit by a bus my family will have the info on what to do. The system is stable and the bills are on autopay, so they won’t have to immediately deal with it, but the instructions are there when ready. As part of it I have designated a friend as my “digital executor” to follow the instructions.

    The general outline of the letter is:

    To whoever is handling my affairs, thank you for reading this. This letter explains a small collection of computers I run that some friends and family rely on for photos, passwords, and a few other things. Nothing here is an emergency in the first hours or days. The goal of this letter is to help you keep things running long enough for those people to copy their own data out, and then shut everything down cleanly. You do not need to be technical to do the first and most important parts. The later parts will need a technical person, and I name one below.

    A companion to this letter is a SEALED ENVELOPE that contains the passwords, keys, and account logins. This letter deliberately contains NO passwords or secrets. If you have this letter but not the sealed envelope, find the envelope before going further - almost nothing can be accessed without it. Checklist of what the envelope should contain is in Section 7.

    1. Short Overview
    2. Service/Hardware/Users Chart
    3. The Bills to Pay
    4. The Password Manager
    5. What to Do
    6. Full Instructions and Notes Location
    7. The Sealed Envelope Contents
    8. Digital Executor