Published on 28 September, 2020
Tags: selfhosted and review
I’ve been a happy user of Bitwarden for over a year. In this article, I’ll talk about an alternate implementation of Bitwarden and my experience with it.
What is Bitwarden?
Bitwarden is a cloud-based password manager that implements zero-knowledge encryption. Everything stored in the cloud is encrypted using a single master password that only the user knows. The company provides a managed offering at bitwarden.com. It comes bundled with native applications, browser extensions, and even a command-line utility.
Bitwarden is also an open-source project that is implemented in C#. It requires an MSSQL Database to store the data. The Bitwarden Server is built for larger use-cases with higher resource requirements.
Why Bitwarden doesn't work for me?
The managed offering and even the free version is good enough for most people. They do offer convenient features in the premium version like TOTP, Encrypted storage, etc. I used it for a year before I decided to host it myself.
Bitwarden uses MSSQL, which is a proprietary (not to mention not free) relational database by Microsoft built primarily for Windows Servers. I don't have the experience, nor do I want to run Windows Servers. Also, since Bitwarden is built for larger use-cases like bitwarden.com, running the server is not feasible for an enthusiast like me.
Enters Bitwarden RS
A kind person Daniel García maintains the Bitwarden RS project that implements the Bitwarden API. It is written in Rust and designed for self-hosted use cases like mine. It primarily supports SQLite3 and also has support for MySQL and PostgreSQL for larger installations. Because the server is API compatible, all the clients work with it flawlessly.
The project conveniently packages the server together with the upstream frontend in a single Docker image. I decided to give it a try by running it on my Laptop and importing passwords from bitwarden.com. The server consumed a mere 10-15 MB of RAM during the trial run. It is perfect for even Raspberry Pi. The project ships docker images for ARM architectures as well.
I found out that it implements some of the premium functionality like TOTP and Groups with multiple collections. If you've ever used the TOTP with Bitwarden, then you would agree with me that it is one of the most convenient TOTP implementations. The client automatically copies the OTP to the clipboard when you autofill the password. So, all you have to do is paste it when the screen comes.
My Experience with Bitwarden RS
I was convinced after some initial testing and decided to switch over to it. I'm now running Bitwarden RS along with other SelfHosted services in the Kubernetes Cluster. In my case, only two people will use the server, so I configured it to use SQLite. It's been a little over two months, which includes a version upgrade, and it is running with no issues.
Side Note: SQLite is a solid and highly underrated database. Most websites can get away with it easily. I'll do some write-up about SQLite in the future.
Bitwarden implements zero-knowledge encryption, but when you use the managed service, they still have the data. This project allows you to control the data without really provisioning big (and costly) servers. Dani actively maintains the project with regular updates so that clients keep working. If you like the project and decide to use it, then consider sponsoring the project on Github. I didn't include installation instructions because the Wiki does a great job at that.