I’ve used Vaultwarden for at lesst 7 years, I’m sure for longer but I’m not sure how long.

Never had an issue with Vaultwarden itself. Restored from backups several times for a variety of reasons (migrating host, corrupt hard disk, re-installs) and that always worked first try.

In regards to hardering, the wiki has a good guide: https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Gu....

I have my vaultwarden running on a container on my home-lab server acessible only from Tailscale. The container itself is only accessible as its own node on my Tailscale private network and can’t be reached any other way (there are no inbound port forwards for the container itself, tailscale handles this)

My phone and laptop both use tailscale to access this and a few other containers I have set up similarly. I also have tailscale ACL rules to limit just “me” or whomever I want to allow to use it (family etc) also on my tailnet.

Backups are encrypted and stored locally as well as to AWS glacier.

I love it and it works great.

I've got it running in an LXC container. Other than occasionally updating it, it's been entirely trouble free (I did need to work to get it out of the Docker container but that's a problem most won't have). Honestly one of the most useful and low trouble self-hosted apps I've used next to Dokuwiki. As far as hardening, I have not done a huge amount, but it lives on my LAN and is only reachable via VPN from the outside, which again works surprisingly well even with my Android phone.

I just take ZFS snapshots. I've restored a couple of times that way just to test DR and it worked pretty well.

I've never had a reliability issue with Vaultwarden. Hosted it 5+ years now. Even with random off/on of the server and other bumps in the road in life, the Docker container I run has had no issues with hosting. The user interface is friendly but can be just a little slow.

Mine is not exposed to the public internet, though some friends of mine do. I use a VPN when I need to access fresh data from the home server, otherwise both the Firefox client and Android client will generally keep a cache of the last data pull when they had connection (so it wasn't an issue the 4 or so years I didn't have a VPN yet).

> how do you harden it?

By not exposing it to the wider internet. When I use a client (iPhone, browser, etc.) while on the home network, it syncs. While off the network, the last synced data is still there. That's been good enough for me.

> Anything I'm overlooking here?

Not technical, but the person behind that project now works for Bitwarden so there's some risk of a rugpull. Of course it's OSS but you'll need to trust a fork or maintain it yourself if said rugpull happens.

I touched it never aside from updates and it never failed. I compiled it from sources tho

It's as reliable as you make it.

https://github.com/doy/rbw Is an alternative Bitwarden cli front end. Probably has plenty of scaffolding to build a GUI frontend based on it.

Edit: Just a bit of googling turned up these as well.

https://github.com/AChep/keyguard-app https://github.com/sgolub/bitclient

There is not an alternative frontend that I'm aware of, but as the article mentions, the clients are Apache 2.0 licensed, so in the event of a rug pull, a fork and rebrand of the clients would be what is needed to restore service.

Better question is how difficult would it be to have keypass use vaultwarden for sync.

Their android app at least is open source and on available on their own f-droid repo

Technically yes but the frontend is so far open source so forking that is also something that could technically happen if company ever went back on it.