Is there a video where this whole SSL stuff is configured especially for Vaultwarden? I watched other videos about this but still have no idea how this works ☹️
Hi Chris, I also have nabu casa but I can't start the addon without SSL certificate, how can I run it? I can generate one with cloudflare but i was interested to know how can I do it with nabu casa. Thanks 🍻
I would be very reluctant to add much beyond the HA basics to HAOS because of the lack of control I have over it. In fact I just removed Mosquitto and Z2M from HAOS and I am hosting them in a different VM just to keep my options open.
I have HA running in a debian vm using proxmox, node red, mosquito, frigate, deepstack, mariadb, nginx, pihole are all running in their own vm. Like you I don't like HA controlling things.
Make sure you use a strong password for your password vault. The vaults of the LastPass users that used strong passwords are still secure. EDIT: People love to save the backup keys to their electronic fire safes in the safe. I hear this story all the time. Just heard it again last week. 😂
Pet peeve here. VaultWarden is not the Open Source BitWarden. BitWarden is the Open Source BitWarden. VaultWarden is a Rust implementation of the BitWarden code specifically made to get around the author of BitWarden wanting to charge for some features. VaultWarden could arguably be said to be a better and MORE open version of BitWarden, but at the end of the day both are Open Source. One is just for people that want to self host AND don't want to pay the dev for his work. You can self host BitWarden without VaultWarden and just pay for the premium license.
The majority of people use Vaultwarden for multiple reasons including footprint and resources. Many of them pay the ten dollars to support the project but prefer Vaultwarden. Bitwarden has said that their buisiness model doesn't rely on the personal 10 dollar a year tiers so I don't think the main reason people use Vaultwarden is to save ten dollars. Some do of course but not the typical reason.
I thought about using Vaultwarden, but ended up just using bitwarden hosted. Here is my thought process: 1. I just assume someone's going to get the password vault eventually. No software is 100% secure. Malware can always steal any local vault. Any software can have "supply chain issues" like SolarWinds. I'm using a non-memorable random 256-bit master passphrase so pastebin should even be fine for storage of the encrypted vault contents. 2. The automatic cloud sync from hosted providers is convenient. I assume they have good automated backups too. 3. The fees bitwarden charges support ongoing feature development. I see it as a built-in donation to thank the devs. It's the same way I look at Nabu Casa. 4. I use the password sharing features with my family members. I'm not going to live forever. I may be able to maintain the self-hosted solution but the family members I share passwords with cannot. It wouldn't be good if my family lost all their passwords should I no longer be able to maintain the server.
Good points. As with @jmr, your last 2 points fit with my thinking as well. I also run a mail server and other stuff that my family wouldn't be able to maintain so need to consider options for that maybe at some point.
@@chucksw1 That's one of my preferred options. I've been testing it for reliability for quite a few months. I had an error where the plugin didn't start a couple times but I believe whatever caused it has been fixed.
Thanks @jmr for pointing to the playlist! Lots of options for remote connectivity. I just turn on Tailscale when I leave the local network and I have a subnet router setting that allows tailscale to see my local network.
Thanks for watching. I have family members that use a spiral notebook as well. That notebook doesn't travel so anytime they need a password and we're not home, well... Also, many of the passwords in that notebook are duplicates so that is a big no-no in my book. Password managers do make it easier to auto-generate long and complex passwords.
Thanks for that great video again! I don't know if you can answer, but do you have any idea how to bypass the collection checkbox when adding a new password ? actually i have only 1 collection and this checkbox is mandatory. a bit anoying having to check this checkbox manually everytime. So any idea how to stop vaultwarden asking this info as mandatory, or selecting it automatically itself ?
@@mostlychris Sorry for delay. This checkbox is mandatory (and only appear) when using organization. So if you create an organization, you have no choice to have at least one collection in it, because when adding new item, and select to add it into this organization, a validation pop asking us to check at least one collection. In my case, i'm using organization to allow my wife and i to use different account to log in, and being able to create our "shared account/pw" and our personal one. Would be great if possible to set a "default collection" for new items. Or maybe you know a better way to fix my need :) Thanks again
If you've already got it running, no. Using the add-on makes it easy for those that don't want to deal with docker and don't have their own infrastructure.
Wow, what a great video! Thank you. I use Naba Casa to access my site remotely. Is there a configuration method/settings to access using SSL? I tried adding the default port to my Naba url, but it doesn't work. I opened the necessary port on my router. HA is running on a VirtualBox on a Win11 pc.
This is where you get into a bit more complex set up. Since Vaultwarden doesn't work with ingress, the usual way to access doesn't work. I use a method with Nginx Reverse proxy to access my stuff and then point to various internal resources. This way I only have one port open and let the proxy handle passing things where they need to go.
@@mostlychris Thanks so much for the videos! Great job! For me - I ended up providing HA ssl via your video that adds the pem and key files in HA using Cloudflare. For Bitwarden - vaultwarden, I ended up installing it on a Synology nas and used a Let's Encrypt cert. Everybody's configuration and needs are different. My next venture is Nginx Reverse proxy for my home network!
Hello, thanks for the video. I tried it on Nginx proxy Manage locally and I didn't get it . Could you make a video explainig how to do it. Vaultwarde doesn't allow the access Thanks
this is very interesting. when you create an account, is this all local only? I am being pressured from 1password to take my password vaults to their subscription model in the cloud, and there is NO way I'm doing that.
@@mostlychris definitely need to install and play with this. it's awesome that it looks like it will import my 1password data to get me started. if it syncs across my macs and iOS devices, it will be a slam dunk! thanks again for posting this!
what is the point of having LOCAL ONLY password manager? when I am in the restaurant I want to have access to my passwords, I want them to be updated/synchronised with my laptop and phone - you omitted this part or I did not watch it carefully Also: how is your own HA more secure than the giants on the market? what is the point of showing HOW IT DOES NOT WORK? @14:21
You can still access this stuff remotely. I do that all the time via my phone and laptop. I just have secure access to my network set up. It's seamless for the most part. Showing failures can help others understand if they run into the same failure. For example, the failure I point out in the video doesn't say it is related to an SSL error so I point that out in case someone gets stuck and doesn't understand what the generic error is. Of course, it could be other things, but that one is pretty common.
yeah... i got a bit lazy (time restricted) on setting up the whole SSL setup for this. That is a whole topic unto itself. I use AdGuard to redirect any request to my vault over to my Nginx reverse proxy that has SSL enabled for the Bitwarden host on my network. I do have a video on that for those that want to use that solution. There are just a bunch of different options for the SSL solution.
Other than the most usual answers- Cloud based, it's google and I don't trust them, I don't know what they are doing, I want more control. What is wrong with just using Google password manager? Serious question.
Nothing wrong with using any password manager that you trust. This is just an easy option for those that want to self-host. It is by far not the only option.
Bitwarden has been vetted. Vaultwarden has not. Hosting this inside HAOS is just a bad idea on so many levels. Host it separately. And securely. Bad idea. Let me repeat that. Bad idea.
![Clave Especial x Fuerza Regida - No Pasa Nada [Official Video]](http://i.ytimg.com/vi/3u2jaju71IQ/mqdefault.jpg)
Is there a video where this whole SSL stuff is configured especially for Vaultwarden? I watched other videos about this but still have no idea how this works ☹️
Hi Chris, I also have nabu casa but I can't start the addon without SSL certificate, how can I run it?
I can generate one with cloudflare but i was interested to know how can I do it with nabu casa.
Thanks
🍻
hello do you have already the answer because i have the same failer or problem in my system
I would be very reluctant to add much beyond the HA basics to HAOS because of the lack of control I have over it.
In fact I just removed Mosquitto and Z2M from HAOS and I am hosting them in a different VM just to keep my options open.
I have HA running in a debian vm using proxmox, node red, mosquito, frigate, deepstack, mariadb, nginx, pihole are all running in their own vm. Like you I don't like HA controlling things.
That's an option. You can self host Bitwarden outside of HA if you prefer.
Just what I have been looking for.
Make sure you use a strong password for your password vault. The vaults of the LastPass users that used strong passwords are still secure.
EDIT: People love to save the backup keys to their electronic fire safes in the safe. I hear this story all the time. Just heard it again last week. 😂
Good tips!
Pet peeve here. VaultWarden is not the Open Source BitWarden. BitWarden is the Open Source BitWarden. VaultWarden is a Rust implementation of the BitWarden code specifically made to get around the author of BitWarden wanting to charge for some features. VaultWarden could arguably be said to be a better and MORE open version of BitWarden, but at the end of the day both are Open Source. One is just for people that want to self host AND don't want to pay the dev for his work. You can self host BitWarden without VaultWarden and just pay for the premium license.
Thanks for the feedback and clarifications. Re-reading the github page, it's explained there as you say.
The majority of people use Vaultwarden for multiple reasons including footprint and resources. Many of them pay the ten dollars to support the project but prefer Vaultwarden. Bitwarden has said that their buisiness model doesn't rely on the personal 10 dollar a year tiers so I don't think the main reason people use Vaultwarden is to save ten dollars. Some do of course but not the typical reason.
I thought about using Vaultwarden, but ended up just using bitwarden hosted. Here is my thought process:
1. I just assume someone's going to get the password vault eventually. No software is 100% secure. Malware can always steal any local vault. Any software can have "supply chain issues" like SolarWinds. I'm using a non-memorable random 256-bit master passphrase so pastebin should even be fine for storage of the encrypted vault contents.
2. The automatic cloud sync from hosted providers is convenient. I assume they have good automated backups too.
3. The fees bitwarden charges support ongoing feature development. I see it as a built-in donation to thank the devs. It's the same way I look at Nabu Casa.
4. I use the password sharing features with my family members. I'm not going to live forever. I may be able to maintain the self-hosted solution but the family members I share passwords with cannot. It wouldn't be good if my family lost all their passwords should I no longer be able to maintain the server.
You last two reasons resonate with me the most. Particularly that family member won't be able to maintain my infrastructure properly.
Good points. As with @jmr, your last 2 points fit with my thinking as well. I also run a mail server and other stuff that my family wouldn't be able to maintain so need to consider options for that maybe at some point.
Web ui brings me to a page that can't be loaded. I tried with https and without the s. Nothing. Any ideas how I can fix this?
Need more details. Head over to my Discord for more help.
Same
I dont have ssl and run ha local
How to install the addon and run it?
Thanks for the video Chris, my bitwarden extension does not have a settings cog top left, have I overlooked something? Thanks
Do you have videos that describe the reverse proxy process? I'm interested in trying out your method of remote access.
I'm pretty sure he does. He has a ton of tutorials on accessing Home Assistant from outside your network.
Here is the playlist of different options.
ruclips.net/p/PLFFSkDDgcMEzI5QAk7wiXnsWpPkgR5e5y&si=EnSIkaIECMiOmarE
Watch his video on adding cloudflaird to HA
@@chucksw1 That's one of my preferred options. I've been testing it for reliability for quite a few months. I had an error where the plugin didn't start a couple times but I believe whatever caused it has been fixed.
Thanks @jmr for pointing to the playlist! Lots of options for remote connectivity. I just turn on Tailscale when I leave the local network and I have a subnet router setting that allows tailscale to see my local network.
Thanks for the video, but I will keep using a spiral ring notebook. Too much crap to go through.
Thanks for watching. I have family members that use a spiral notebook as well. That notebook doesn't travel so anytime they need a password and we're not home, well... Also, many of the passwords in that notebook are duplicates so that is a big no-no in my book. Password managers do make it easier to auto-generate long and complex passwords.
Thanks for that great video again! I don't know if you can answer, but do you have any idea how to bypass the collection checkbox when adding a new password ? actually i have only 1 collection and this checkbox is mandatory. a bit anoying having to check this checkbox manually everytime. So any idea how to stop vaultwarden asking this info as mandatory, or selecting it automatically itself ?
I don't get that checkbox. Not sure where you are seeing that.
@@mostlychris Sorry for delay. This checkbox is mandatory (and only appear) when using organization. So if you create an organization, you have no choice to have at least one collection in it, because when adding new item, and select to add it into this organization, a validation pop asking us to check at least one collection. In my case, i'm using organization to allow my wife and i to use different account to log in, and being able to create our "shared account/pw" and our personal one. Would be great if possible to set a "default collection" for new items. Or maybe you know a better way to fix my need :) Thanks again
Great Video! (y)
Ty
yw
So I run Vaultwarden as a docker container. Any benefit over running it from home assistant?
If you've already got it running, no. Using the add-on makes it easy for those that don't want to deal with docker and don't have their own infrastructure.
Can you share how you’re backing up the vault?
In the documentation it says to back up the db.sqlite3 file. I wasn’t able to find this SSHing into HA
If you go into the VaultWarden Web UI you can export your vault. That's a backup.
Wow, what a great video! Thank you. I use Naba Casa to access my site remotely. Is there a configuration method/settings to access using SSL? I tried adding the default port to my Naba url, but it doesn't work. I opened the necessary port on my router. HA is running on a VirtualBox on a Win11 pc.
I have the exact same issue.. VirtualBox on WIN10.
@@rhosk so haven't found any solutions using Nabu Casa
This is where you get into a bit more complex set up. Since Vaultwarden doesn't work with ingress, the usual way to access doesn't work. I use a method with Nginx Reverse proxy to access my stuff and then point to various internal resources. This way I only have one port open and let the proxy handle passing things where they need to go.
@@mostlychris Thanks so much for the videos! Great job! For me - I ended up providing HA ssl via your video that adds the pem and key files in HA using Cloudflare. For Bitwarden - vaultwarden, I ended up installing it on a Synology nas and used a Let's Encrypt cert. Everybody's configuration and needs are different. My next venture is Nginx Reverse proxy for my home network!
@@mostlychris So in the video where you mention using Nabu Casa to handle your SSL is incorrect?
Hello, thanks for the video.
I tried it on Nginx proxy Manage locally and I didn't get it .
Could you make a video explainig how to do it.
Vaultwarde doesn't allow the access
Thanks
You can watch my nginx proxy video and just point to your Vaultwarden URL:port based on what the video shows. It works the same way.
Thanks
this is very interesting. when you create an account, is this all local only? I am being pressured from 1password to take my password vaults to their subscription model in the cloud, and there is NO way I'm doing that.
It's all local. The account you create on a self hosted setup stays with the self hosting environment.
@@mostlychris definitely need to install and play with this. it's awesome that it looks like it will import my 1password data to get me started. if it syncs across my macs and iOS devices, it will be a slam dunk! thanks again for posting this!
No prob. Thanks for watching and good luck!
what is the point of having LOCAL ONLY password manager? when I am in the restaurant I want to have access to my passwords, I want them to be updated/synchronised with my laptop and phone - you omitted this part or I did not watch it carefully
Also: how is your own HA more secure than the giants on the market?
what is the point of showing HOW IT DOES NOT WORK? @14:21
You can still access this stuff remotely. I do that all the time via my phone and laptop. I just have secure access to my network set up. It's seamless for the most part.
Showing failures can help others understand if they run into the same failure. For example, the failure I point out in the video doesn't say it is related to an SSL error so I point that out in case someone gets stuck and doesn't understand what the generic error is. Of course, it could be other things, but that one is pretty common.
@@mostlychris showing failure is NOT a problem but not showing the solution... ;)
yeah... i got a bit lazy (time restricted) on setting up the whole SSL setup for this. That is a whole topic unto itself. I use AdGuard to redirect any request to my vault over to my Nginx reverse proxy that has SSL enabled for the Bitwarden host on my network. I do have a video on that for those that want to use that solution. There are just a bunch of different options for the SSL solution.
Other than the most usual answers- Cloud based, it's google and I don't trust them, I don't know what they are doing, I want more control. What is wrong with just using Google password manager? Serious question.
Nothing wrong with using any password manager that you trust. This is just an easy option for those that want to self-host. It is by far not the only option.
@@mostlychris Thanks Chris. I was just curious. I am seriously considering getting a Yubi key though!
I love mine. Get more than one though and add them to each site in case you lose a key.
Bitwarden has been vetted. Vaultwarden has not. Hosting this inside HAOS is just a bad idea on so many levels. Host it separately. And securely. Bad idea. Let me repeat that. Bad idea.