Does anyone use the self hosted version of psono password manager? The demo looks very nice, however it seems to be very niche and it is rarely recommended. It appears in the “awesome selfhosted” repo, though.
I’m looking for a password manager for a small business, and bitwarden looks quite complex (and expensive) and I’m not very comfortable with vaultwarden.
This is going to sound weird, but I think I tried it a few days ago on my server. I never installed it at the time because of all of their setup steps to enable OICD login. I’ve been on the hunt for a OICD/SSO compatible one since Vaultwarden isn’t yet capable of such a thing. I just installed Authentik and it sparked the search. LOL - I’ve used Vaultwarden for a few years now and have yet to find anything quite as capable as it for managing my well over 500 logins I’ve accumulated over the years.
Your post got me to install it and I believe it will work, I’m testing it and can report later if you want. :)
Testing so far - I got it to do the SSO with a little work. There’s a TON of file editing which needs to be done, so as long as you follow their docs, it should work okay. I was able to export my Bitwarden plain JSON file (I use Vaultwarden), and it was flawless. The server dumped all of the logins into a folder so you have to expand that to get to the main logins which if you had them in folders already, are there as “Sub Folders” if you will. You can move the folders one-by-one but not en-masse which may be a show stopper for some. Especially if you have many to move like I do.
PROS:
Enterprise version is free which supports SAML/OPEN ID and others whereas their personal doesn’t. SSO login was SEAMLESS as in you clicked the login button, and immediately logged into the server. No separate username/password to enter.
It has a pretty nice GUI out of the box
CONS
TOTP is NOT included in the logins, this means that in order to get to the TOTP code, you have to search for it using the browser plugin, then copy it from your web portal and then copy it over to the tab you were on. On my Firefox session, it FROZE IT UP For longer than the TOTP code expiration so I had to copy a new one and was able to pass the login through.
You have to be logged into the web panel before the browser extension will work. You can close the tab though and it will retain your session. Compared to below, it’s a night/day difference where there -it logs in to the server without ever touching the web vault which I rarely ever use.
vs.
**Vaultwarden/Bitwarden **
Maybe I’m spoiled, but I’ve completely grown accustomed to the pasting of the TOTP code during my login session after I fill in the credentials. This by far is hard to break the cycle. Some may argue that it’s not secure to store your TOTP in the same password manager and they are probably right, but for me, it’s enough. :)
Vaultwarden is working on SSO it seems so this may be something to consider if you are working into the SSO world like I have been. github.com/dani-garcia/vaultwarden/pull/1955
Edit to fix formatting and add another con about the plugin this time.
Vaultwarden is a fork of Bitwarden with a few more features enabled and some minor (although potentially important) differences. It works with any Bitwarden front end. It’s on my todo to eventually migrate to from Bitwarden for the free TOTP
They probably won’t break compatibility with Vaultwarden on purpose since that’d also break their own server implementation. Bitwarden would have to ensure that all selfhosted servers are up to date before pushing a breaking auto update. This likely means enough time for vaultwarden to catch up.
Few things hurt a company providing critical software more than breaking users access without notice.
The passwords would still be accessible through the webui anyway.
Edit: If your not comfortable it’s better to not use it. Password manager are critical and have to be trusted.
Thanks for the example! I had hoped Bitwarden wouldn’t break older servers so quickly. Luckily it seems like vaultwarden released a new working version 7 days before, the clients broke older servers. I’ll definitly check my new release notifications for vaultwarden right now.
Add comment