I had been maintaining (and patching) this package since 2018 on AUR and it's amazing to see it being promoted to community. Electron is definitely not the easiest to work with, but it's been fun turning a fat electron app into a sub-10MB package.
Yeah, me too! I can even use it on iOS for that matter. It’s honestly good enough.
I actually tried setting up a bit warden server on a (not so old) computer but had just so much trouble with the docker image, couldn’t really find docs on how to set up without it, just ridiculous in my opinion. A few months later, I tried using pass full time and so far it’s been great!
Good to hear. There is a great app for it on Android, and I remember there being at least one for IOS.
On the desktop for browser integration there are at least a couple well-maintained extensions. There is also gopass for sharing passwords with a team or multiple people.
I use Password Store a dozen times a day, but for sharing passwords with my family Bitwarden is great. Cross platform, easy enough for anyone to use regardless of the IT profficiency and open source enough that I trust it more than Lastpass etc.
Pass saves each password in a separate GPG encrypted file. I personally like this approach because it integrates into Git extremely well and they have `pass git` commands and also if you're syncing with a cloud service it only updates the actual passwords that have been modified, as opposed to something else which may need to sync a 300MB+ database whenever you update a single password or some metadata.
How "open source" is Bitwarden? From what I can tell (https://bitwarden.com/pricing/), the client is open-source, but the service feature-gates a large number of features behind premium accounts. Is this feature-gating accomplished by the server or the client? Is Bitwarden truly community-owned free open-source software, or solely a complement to their commercial services and open-source to make for better marketing?
Yup, technically it looks like you can only use that "for the sole purposes of internal development and internal testing, and only in a non-production environment".
Basically, they clearly don't police individual users self-hosting, but they maintain the right to knock on the door of companies.
Sure, but the initial assertion was that only the client was open source which is clearly false, so I was refuting that. I did not speak the the FOSS nature of the software.
The Bitwarden server is source-available, but not open source. This is because, for example, section 2.3 of the license agreement (https://github.com/bitwarden/server/blob/master/LICENSE_BITW...) conflicts with section 6 of the Open Source Definition (https://opensource.org/osd), titled No Discrimination Against Fields of Endeavor. I think the specific terminology is what others here are disputing.
The Bitwarden desktop and mobile clients are open source because they are under GPLv3, a license that meets the OSD. Vaultwarden is also GPLv3.
That licence is neither open source, nor free/libre software. Almost all licenses that are open source are also free/libre, and vice versa. Exceptions are very rare, because of how similar the definitions of open source software and free/libre software are in practise.
(By the way, the only widely accepted definition of open source software is the one published by the OSI, and the only widely accepted definition of free/libre software is the one published by the FSF, so those are the definitions we use.)
It's not "Open Source" except by the literal definition that the source is open to read (but by that definition, the software is free to access, too). It's just freeware / sample code.
> 2.4 Third Party Software. The Commercial Modules may contain or be provided with third party open source libraries, components, utilities and other open source software (collectively, "Open Source Software").
which implies that the Commercial Modules, themselves, are not Open Source Software.
(Also it clearly doesn't follow the Open Source Definition or any other standard definition of Open Source.)
I looked through the official server. 96 out of 1680 files were located in the bitwarden_license directory, so I'd say a lot less than "half" the official server. Nonetheless their web offering is still non-free, and from hearing about the difficulties self-hosting, it's probably a bad idea.
However I don't know whether I'm better off using Bitwarden free, paid, self-hosting and managing backups myself, or just sticking with Firefox Sync (which has a truly awful barely-working Android app).
We switched to vaultwarden from a much older Java+Flash based credential manager where I work, and I gotta say it's pretty good. It's a little weird the way accounts work from our perspective, but it makes sense given where it came from. And it's a distributed as a docker container, so it's pretty easy to deploy. Had to write a script to translate the old manager's export format into something vaultwarden could import, but it does have a lot of other managers' formats built in.
I've used vaultwarden (formerly bitwarden_rs) for probably 2 years now. The author keeps up with the upstream quite well. It's written in rust and uses SQLite, which makes it lightweight and appropriate for a single user setup. It's so good it even passed the WAF test.
Bitwarden offers a browser extension you can use, I use it daily. You create a master password which only you know and then you can auto fill and generate new password just like Apple Keychain.
I think you can self host with the browser extension, yeah. Personally I just use the standard hosting because I don’t have a good way to self-host but it shouldn’t be tied to any particular host.
38 comments
[ 4.9 ms ] story [ 93.9 ms ] threadI actually tried setting up a bit warden server on a (not so old) computer but had just so much trouble with the docker image, couldn’t really find docs on how to set up without it, just ridiculous in my opinion. A few months later, I tried using pass full time and so far it’s been great!
On the desktop for browser integration there are at least a couple well-maintained extensions. There is also gopass for sharing passwords with a team or multiple people.
Basically, they clearly don't police individual users self-hosting, but they maintain the right to knock on the door of companies.
Redistribution is also not allowed.
The Bitwarden desktop and mobile clients are open source because they are under GPLv3, a license that meets the OSD. Vaultwarden is also GPLv3.
(By the way, the only widely accepted definition of open source software is the one published by the OSI, and the only widely accepted definition of free/libre software is the one published by the FSF, so those are the definitions we use.)
The license for this code https://github.com/bitwarden/server/blob/master/LICENSE_BITW... says,
> 2.4 Third Party Software. The Commercial Modules may contain or be provided with third party open source libraries, components, utilities and other open source software (collectively, "Open Source Software").
which implies that the Commercial Modules, themselves, are not Open Source Software.
(Also it clearly doesn't follow the Open Source Definition or any other standard definition of Open Source.)
Last I looked, it wasn't fun to self-host anyway. Vaultwarden ftw!
However I don't know whether I'm better off using Bitwarden free, paid, self-hosting and managing backups myself, or just sticking with Firefox Sync (which has a truly awful barely-working Android app).
Edit Found the on-prem license docs: https://bitwarden.com/help/article/licensing-on-premise/
Edit You could also just fork it and enable the features if you wanted to spend the time doing so.
Apple made it easy so I didn't think about the concept much so not sure what I need. Is a password manager just for all my browser logins?
I've been curious about 1Password but it seems closed source and you can't self host so why bother. I'm leaving Apple for that reason.
If you use pass (https://www.passwordstore.org/) there is also a Firefox extension in the offical Arch repos: https://archlinux.org/packages/community/any/browserpass-fir...