Bitwarden is one of just a handful of vault-based password managers that offers the option of self-hosting its software on a local device or network server. Earlier this month, the company announced a new “lightweight” deployment option that is less resource intensive and that will ultimately work across multiple databases and architectures.
Self-hosting can sometimes be considered more trouble than it is worth. You need to have the skills to install, maintain, update, and monitor the software, and – in a company – make sure more than one person has these skills. You also have to ensure you are not allocating more capacity than necessary to optimize costs and have plans in place to recover data in an emergency.
However, self-hosting can also give you more control over your data, make it easier to comply with industry privacy and security regulations, and – when the software is built on open source code – increase the opportunities for customization. Generally, provided you know what you are doing, self-hosting can have multiple advantages over vendor-hosting.
Why Self-Host a Password Manager?
In many companies, password managers secure the “keys to the kingdom”. When used to their full potential, password managers not only maintain (and autofill) unique and complex passwords for each account, but they can also be used to store payment details, digital certificates, and other confidential data that cybercriminals would like to get their hands on.
Despite vendors claiming zero knowledge and end-to-end encryption, self-hosting a password manager eliminates any concerns that somebody outside the company will be able to access on-premises data. It also ensures that if the password manager vendor suffers an outage or the Internet goes down temporarily, data stored in the password manager is still available.
Why the Bitwarden Password Manager?
Bitwarden is an open source, vault-based password manager with a generous free tier and thereafter premium, family, and business tiers that offer more features per dollar than most other password managers. It is also one of the easiest to deploy, configure, and use – making it more practical than most, and less likely to be circumnavigated by end users.
It is also one of just a handful of password managers that offer a self-host option on Linux and Windows servers, and any other machine that supports Docker Engine and Docker Compose. However, up until recently, it was necessary to deploy the software on Microsoft SQL databases with x64 CPU architectures using a minimum of eleven Docker containers.
What is the New Self-Hosting Deployment Option?
Bitwarden´s new self-hosting deployment option – currently available as a beta release – gives individuals and companies more choice about how they self-host the password manager. In addition to Microsoft SQL databases, the password manager can be hosted on MySQL and PostgreSQL databases using x64, ARMv7, or ARM64 CPU architectures.
Additionally, rather than having to deploy a minimum of eleven Docker containers, it takes only one Docker container to run the password manager using the new lightweight self-hosting deployment option – reducing both management and cost. Bitwarden says more options will be added as the new option reaches maturity – however, while a beta release, there are some caveats.
At the minute, Bitwarden is recommending that individuals and businesses do not use the new self-hosting deployment option if they are managing “organizations” – user groups through which passwords and other credentials can be shared. This may temporarily eliminate the option for family and enterprise users, although free and premium individual users can try the new option now.
To find out more about the new self-hosting deployment option, visit the Bitwarden blog or review the install and deploy Help page to see how the new “unified” option may fit into your self-hosting plans.