17
submitted 9 months ago* (last edited 9 months ago) by anamethatisnt@lemmy.world to c/selfhosted@lemmy.world

I'm looking into different self hosted open source multiuser password safes and while there are many options I haven't found one with a .deb or .rpm install - only a whole bunch of docker compose.

Do you know of any good options that are included in debian 12 or fedora 39 repositories or at least that has a .deb or .rpm?

Currently I'm using keepassxc but been asked for something that either has a webui login for end users or an android app.

edit 2024-02-17:
After looking into the .deb and .rpm options available (passbolt or unofficial vaultwarden-deb) I decided to bite the bullet and install a debian 12 vm that I will try out different docker solutions on.

all 25 comments
sorted by: hot top controversial new old
[-] smileyhead@discuss.tchncs.de 14 points 9 months ago

Vaultwarden is simpler to selfhost implementation of Bitwarden server fully compatible with it's apps.

ArchLinux have the server in official repos.

For Debian (.deb) I have found this unofficial repo: https://github.com/gvtulder/vaultwarden-deb Be mindful it suggests stupid installation method by downloading and executing the install.sh script directly, you may want to read it yourself before install.

For .rpm I haven't find any repositories that are actively maintained, but you may have more luck.

[-] anamethatisnt@lemmy.world 2 points 9 months ago

Thanks for the recommendation! Gonna look into vaultwarden-deb.

[-] Antimoon51@lemmy.world 6 points 9 months ago* (last edited 9 months ago)

There are keepass android apps like KeePassDX. You can have server sync with WebDav, but I don't know about shared databases. Should work if you configure the WebDav server etc.

A friend of mine is a big fan of bitwarden but I have no Idea if that fits your requirement. Should have a webui tho.

[-] anamethatisnt@lemmy.world 3 points 9 months ago

The problem with the KeePass apps is that it works by syncing database files which means that there can be sync conflicts. Okay for me to handle, but not for the rest of my household.
I really want a server-client system where everyone works in the same database.

Bitwarden is Docker, but also very well-liked. Might have to give up on the .deb / .rpm wish.
Thanks for the suggestion!

[-] wildbus8979@sh.itjust.works 2 points 9 months ago* (last edited 9 months ago)

KeepassXC implements a specific shared mode which is made to avoid conflicts.

I have no idea why no one uses it, I use it, works well.

[-] anamethatisnt@lemmy.world 2 points 9 months ago

This is the reason I don't use a shared database, I think that's what you're referencing?
Add ability to sync group structure with KeeShare - Status:Open
https://github.com/keepassxreboot/keepassxc/issues/3045

[-] wildbus8979@sh.itjust.works 1 points 9 months ago

KeyShare is, this issue is specifically about groups within KeyShare, you can create one KeyShare for each group if you require groups.

[-] anamethatisnt@lemmy.world 1 points 9 months ago

Would work if it was planned to be a system used by only techies or if we knew exactly what groups are wanted beforehand. Definitely gonna remember the tip, splitting it into several shared dbs didn't even hit me as an option.

[-] TCB13@lemmy.world 2 points 9 months ago

I use it too, works just fine.

[-] noogs@lemmy.noogs.me 5 points 9 months ago

The usual go to for self hosted password managers is VaultWarden. There's no deb or rpm package but you can get it spun up with docker pretty easily. Any reason you're specifically looking for "included" or packaged solutions? That's going to severely limit your options.

[-] Evkob@lemmy.ca 4 points 9 months ago

A quick search led me to Passbolt which has multiple user support, native installs for both Debian and Fedora (you'll need to add their repo manually, though) and an Android app, so it seems to fit all your criteria.

Just curious, are there any specific reasons you wish to avoid docker?

[-] anamethatisnt@lemmy.world 2 points 9 months ago

Easier for me to add a vm in my current system to handle backup, rollbacks and system updates. I'm much more confident that I can quickly restore a vm to new hardware f.e. Which feels important for a password vault.

Thanks a lot for the passbolt recommendation. Gonna look into it now!

[-] constantokra@lemmy.one 3 points 9 months ago

FYI, if you run vaultwarden using docker compose with your data volume as a folder, all you have to do is bring it down for like 1minute, make a backup of the folders, and bring it back up. I use a cron script to do this nightly. When my vps host went out of business, I restored my docker folder to a new vps and was up and running again in a couple minutes. Also, you could easily restore it to a virtual machine, if you like. Docker with compose is extremely portable.

[-] wreckedcarzz@lemmy.world 2 points 9 months ago

Stupid q but why is the stop/start necessary? I'm running VW (and a dozen other things) thru docker on a synology dsm and it performs backups daily+monthly. Is it actually necessary to stop the container just to copy it?

[-] constantokra@lemmy.one 2 points 9 months ago

I've read that best practice is to do a database dump, in addition to backing up all the data files. It's my understanding that there's a slight chance of corrupting something in the database if you don't stop the service first, since something could be changed while you're doing your backup.

The easiest solution for me, as well as for being able to just restore my files and start the service again somewhere else, is to stop, backup, and restart. It's down for less than 5 minutes while i'm asleep. If I expected better uptime than that I wouldn't be trying to self host.

[-] AbidanYre@lemmy.world 2 points 9 months ago

If you're already using a VM anyway (especially for the backend/web UI piece) restoring the image won't be any different for a server running docker vs one running apt packages.

[-] anamethatisnt@lemmy.world 2 points 9 months ago

True, I could use VM+Docker as you say. I've been thinking of making a dedicated "Docker VM" before when I've looked at interesting projects that has no other offerings.
I've felt that using docker in a vm robs docker of it's advantages so why use it at all if I'm planning on having a vm? I guess one answer is "because the software you want is delivered as a docker image".

[-] AbidanYre@lemmy.world 2 points 9 months ago

It may seem like unnecessary overhead, but dockerized vaultwarden in a VM has been a huge improvement for me compared to unix-pass.

And with the volumes set up right, moving it is as easy as copy/pasting the folder it all lives in.

[-] anamethatisnt@lemmy.world 2 points 9 months ago* (last edited 9 months ago)

Sounds like I should get my docker vm. :)

[-] Eideen@lemmy.world 1 points 9 months ago

Bitwarden have deb and rpm support.

[-] anamethatisnt@lemmy.world 1 points 9 months ago

Only client side from what I can find. The server seems to be Docker based.

[-] Eideen@lemmy.world 3 points 9 months ago

Server side is more complex. So for serverside you will be hard to find non docker og non manual installasion.

[-] anamethatisnt@lemmy.world 1 points 9 months ago

Passbolt and Vaultwarden has been recommended so far. Gonna look into them later! :)

[-] Eideen@lemmy.world 2 points 9 months ago

Vaultwarden is a lightweight server of bitwarden.

Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.

GitHub vaultwarden

this post was submitted on 15 Feb 2024
17 points (94.7% liked)

Selfhosted

40347 readers
196 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS