Does Proton Pass use a wireguard tunnel? Or does Bitwarden? TLS should suffice.
replyYes, you want to guard the machine that hosts your passwords. You can even physically keep it at home, and only proxy its port 443 wherever you have a presence in the public Internet.
Those at least have people whose literal jobs are to protect that stuff. The service, the clients, the transport, the environments, etc. That’s what I don’t have if I self host.
replyThat’s not to say anything is bulletproof… nothing useful is… just that I don’t entirely trust myself to be 100% on top of something like that as a hobby hosting endeavor.