I enjoy self hosting, but what tipped the scales for me in favor of using Bitwarden’s servers is that I’m 100% confident I’m not as good as hardening my system from being compromised as they are. The vault is going to be encrypted anyway, and I think there’s a lower chance of it falling into the wrong hands if it’s hosted with Bitwarden. Same reason I don’t self-host email.

Plus Bitwarden is a cool company and the product is open source, and the premium features are unreasonably low priced.

Maybe worth to mention that bitwarden also propose bitwarden.eu to host data in Europe. I’ve used bitwarden.com for years, and switch to bitwarden.eu a few month ago because of reasons, you know…

One little bonus for using Vaultwarden is that you get access to premium features for free. But still, I put availability much higher when it comes to password management, so I would go with paid Bitwarden. That is what I did before moving to Keepass.

Bitwarden is dirt cheap. I can never host and be as reliable as they are for that price.

If in the future you think you might bring family/relations onboard to the password manager, it may be worthwhile to pay for a BitWarden family plan. BitWarden is really low-cost and they publish their stuff as FOSS (and therefore are worth supporting), but crucially you don’t want to be the point of technical support for when something doesn’t work for someone else. Self-hosting a password manager is an easier thing to do if you’re only doing it for yourself.

That said, I use a self-hosted Vaultwarden server as backup (i.e. I manually bring the server online and sync to my phone now and again), and my primary password manager is through Keepassxc, which is a completely separate and offline password manager program.

Edit: Forgot to mention, you can always start with free BitWarden and then export your data and delete your account if you decide to self-host.

If I get hit by a bus, then the passwords for the things that my wife needs to settle things gets sent to her, and the infra isn’t something that I maintain and could be down.

Worth $10/yr, by far.

I self host vaultwarden and its great. Its an easy self host, and in my experience, it has never gone down on me.

That being said, my experience is anecdotal. If you do go the vaultwarden route, realize that your vault is still accessible on your devices (phone, whatever) even if your server goes down, or if you just lose network connectivity. They hold local (encrypted at rest) copies of your vault that are periodically updated.

Additionally, regardless of the route you take you should absolutely be practicing a good 3-2-1 backup strategy with your password vault, as with any other data you value.

I’d throw in option 3: use a KeePass2 database, sync it using whatever sync tool you like (SyncThing, iCloud, NextCloud, WebDAV, …) and use compatible apps (KeepassXC, Strongbox, etc.)

I had a similar dilemma and just went with bitwarden because I don’t trust myself not to fuck up. Bitwarden can’t access the passwords without my master pw (afaik) so I feel safe knowing that. I use it on all my devices so it gets synced there and even if the service is down, I have my passwords.

I,ll self host it when I reach the next level of paranoia.

I have used the free Bitwarden now for untold years. It not only houses passwords for personal applications, I use it to keep track of my business account passwords as well. The only problem I’ve had with Bitwarden is their recent UI retool which ended up causing a huge ruckus among the user base to the point where they gave an option to switch back.

There is a certain level of trust for whatever option you choose. If you use Bitwarden free, then you have to trust that Bitwarden will keep your data is safe on their servers. If you self host, the onus of trust lies in you’re ability to secure your server, and to the extent that you trust your host as well. The latter option leaves me a bit queasy, so I do not selfhost my passwords in a selfhosted vault.

Others may have more trust in their security skills than I do. LOL There’s just a lot of sensitive data I have housed within Bitwarden free. Selfhosting it would keep me up at nights.

At the end of the day you have to trust someone (Bitwarden, Hoster, Hardware Manufacturer…). It comes down to your threat profile and what you personally accept as a risk vs. effort (or convenience). For me Bitwarden was acceptable, but I switched to self hosting Vaultwarden ca. 3 years ago. Main reasons being the advanced features (sharing some passwords with the family, setting up a tech savvy friend to take over my vault should I get hit by a bus, etc.). I did not have any relevant downtime of that service in years.