You say you use Bitwarden. Is that self hosted by any chance? If so, how do you handle the potential for an outage or server failure, where you’d presumably need some of the passwords to fix the problem in the first place.
Thanks for the reply! That makes sense. I’m still weary of the client somehow losing the cache while the server is down (two holes in the Swiss cheese lining up) but that is overly paranoid I know that
You should definitely be! I take backups every 6h for my self hosted vaultwarden (easier to manage and to backup, but not official, YMMV). You can also restore each backup automatically and have a “second service” you can run elsewhere (a standby basically), which will also ensure the backup works fine.
I have been running bit/vaultwarden now for I think 6 years, for my whole family and I have never needed to do anything, despite having had a few hiccups with the server.
Don’t take my word for it, but the clients (browser plugin, desktop app, mobile app) are designed to keep data locally I think. So the term cache might be misleading here because it suggests some temporary storage used just to save web requests, with a relatively quick expiration. In this case I think the plugin etc. can work potentially indefinitely without server - something to double-check, but I believe it’s the design.
Yes, I figured the word “cache” was used loosely in this case. But you know, the server is down and/or irrecoverable for a while, and then one’s phone gets swiped. Not inconceivable. So I think I’ll follow some of the advice here about a backup service or password stash
Yep, the browser extensions also have an encrypted cache, although it is less consistent imo. I’ve had times where my server was down and the extension just completely logged out then couldn’t authenticate so I couldn’t access the cache.
There is a setting now (in all types of client I think) to log out when you close down the browser. Your comment makes me realize that I probably want to NOT set that on at least one machine. I set that on the machines that are out and about.
Mine isn’t currently, but I’m working on it. The main complexity is that my wife and I share some passwords, and I want to make sure I do it properly so that transition is as smooth as possible. Vaultwarden is what you’d use to self-host.
But as others have said, I’m really not worried about it. Passwords are cached locally and only touch the server when syncing to the server. I want to self-host to protect against breaches, not because I’m worried about connectivity loss.
You can always backup your passwords (there’s an export feature) if you’re worried about it. I haven’t done it, but I imagine it wouldn’t be too hard to have a KeePass backup or something that you update manually every so often.
You say you use Bitwarden. Is that self hosted by any chance? If so, how do you handle the potential for an outage or server failure, where you’d presumably need some of the passwords to fix the problem in the first place.
The Bitwarden client has all the data cached, so the server can be down and you still get access to the passwords (same for internet connection).
Thanks for the reply! That makes sense. I’m still weary of the client somehow losing the cache while the server is down (two holes in the Swiss cheese lining up) but that is overly paranoid I know that
You should definitely be! I take backups every 6h for my self hosted vaultwarden (easier to manage and to backup, but not official, YMMV). You can also restore each backup automatically and have a “second service” you can run elsewhere (a standby basically), which will also ensure the backup works fine.
I have been running bit/vaultwarden now for I think 6 years, for my whole family and I have never needed to do anything, despite having had a few hiccups with the server.
Don’t take my word for it, but the clients (browser plugin, desktop app, mobile app) are designed to keep data locally I think. So the term cache might be misleading here because it suggests some temporary storage used just to save web requests, with a relatively quick expiration. In this case I think the plugin etc. can work potentially indefinitely without server - something to double-check, but I believe it’s the design.
Yes, I figured the word “cache” was used loosely in this case. But you know, the server is down and/or irrecoverable for a while, and then one’s phone gets swiped. Not inconceivable. So I think I’ll follow some of the advice here about a backup service or password stash
I also self host vault warden, it’s pretty straight forward. Like the other person said, it caches locally.
Thanks!
The local cache solves this problem mainly. Mine also replicates to one of my other servers occasionally.
How do you set up local caching? For non-phones?
Edit: TIL there are windows, Mac, and Linux apps for it. Sheesh.
Yep, the browser extensions also have an encrypted cache, although it is less consistent imo. I’ve had times where my server was down and the extension just completely logged out then couldn’t authenticate so I couldn’t access the cache.
Also TIL about the browser extensions!
There is a setting now (in all types of client I think) to log out when you close down the browser. Your comment makes me realize that I probably want to NOT set that on at least one machine. I set that on the machines that are out and about.
Mine isn’t currently, but I’m working on it. The main complexity is that my wife and I share some passwords, and I want to make sure I do it properly so that transition is as smooth as possible. Vaultwarden is what you’d use to self-host.
But as others have said, I’m really not worried about it. Passwords are cached locally and only touch the server when syncing to the server. I want to self-host to protect against breaches, not because I’m worried about connectivity loss.
You can always backup your passwords (there’s an export feature) if you’re worried about it. I haven’t done it, but I imagine it wouldn’t be too hard to have a KeePass backup or something that you update manually every so often.