I earn commissions when you sign up or buy through the affiliate links on this page, at no extra cost to you.

Homelab · Alternative · By Mohammed Almuhanna · Updated

Self-Hosted Password Manager: Vaultwarden

Bitwarden Premium doubled to 19.80 dollars a year in January 2026, and 1Password Individual is up to 47.88. I run Vaultwarden instead, the lightweight build of the Bitwarden server, and it hands me the paid features for nothing. The money is not even my real reason. Your vault holds every password you own, and I would rather it sat on my own hardware than on a company that can reprice it or get breached. I keep mine off the open internet and reach it through a Cloudflare tunnel. One warning before you start. This is the one self-hosted service where getting it wrong is a disaster, because lose the box with no backup and you lose every password at once. Self-host it only if you will secure it and keep backups. If that makes you nervous, hosted Bitwarden is cheap, safe, and a perfectly reasonable answer.

Where I land

Vaultwarden gets my vote if you want every Bitwarden paid feature for free and you are comfortable guarding an internet-facing service that holds all your passwords. It is tiny, it uses the real Bitwarden apps, and the software costs nothing. If locking down a service this sensitive is not something you want to own, do not self-host this one. Hosted Bitwarden's free tier is genuinely good and its paid plan is cheap, and letting an audited company guard the vault is the smart call for most people, not a failure of nerve.

What a hosted manager is really selling you

1Password, LastPass, and hosted Bitwarden all sell the same core thing. Your passwords sync to every device, autofill works, you get breach alerts, and a security team guards the vault and keeps the backups. That security team is the real product. People leave for reasons that are easy to understand, the LastPass breaches wrecked trust and 1Password keeps raising its price. A self-hosted manager has to match the sync and the apps, and then it hands the security job to you. That swap is the decision you are actually making.

What it actually saves you

The savings are real but smaller than people assume, so here are the numbers. 1Password Individual runs 47.88 dollars a year in 2026. Bitwarden Premium doubled in January 2026 to 19.80 dollars a year, which is still cheap, and Bitwarden's free tier already covers unlimited passwords on unlimited devices. Those are the figures as of mid-2026, so check each provider's current pricing page before you decide. Vaultwarden's software costs nothing and unlocks the paid features, so over a few years you save real money against 1Password and a little against Bitwarden Premium. Some of that saving goes straight back out on hardware, electricity, and your own time. If 20 to 48 dollars a year is the only thing tempting you, it is not worth the security burden. Control and ownership are the reasons that hold up.

Vaultwarden, KeePass, or hosted Bitwarden

Vaultwarden

Vaultwarden is a Rust rewrite of the Bitwarden server that runs in about 50 MB of memory, in a single container, on hardware as small as a Raspberry Pi. You point the normal Bitwarden browser extensions, mobile apps, and desktop apps at your own server URL, so the client you use every day is the polished official one. It also unlocks the features Bitwarden charges for, like built-in two-factor codes and file attachments. The software is the easy part. Securing it is the real work, and that work is now yours, which means HTTPS, a strong admin token, controlling who can reach it, and keeping backups. I keep mine off the open internet and reach it through a Cloudflare tunnel.

KeePass

KeePassXC and the rest of the KeePass family take the opposite approach. There is no server at all, just an encrypted file you sync yourself with whatever you already run, like Nextcloud or Syncthing. It is rock solid and works fully offline, but you give up the smooth one-tap sync and the browser autofill is fiddlier. Pick it if you distrust any always-on service and you are happy managing a file.

Hosted Bitwarden

If you read the security part below and decide you would rather not run this yourself, that is the right call for a lot of people. Hosted Bitwarden gives you the same apps, audited servers, and someone else doing the backups, on a free tier that covers most needs. It has a place here because sometimes the right answer is to not self-host at all.

Securing it is the rent you pay

A password manager is the highest-value target you will ever host, so the rules here are not optional. Do not expose Vaultwarden to the raw internet on an open port. Put it behind HTTPS with a reverse proxy, or better, keep it off the public internet entirely and reach it through a mesh VPN like Tailscale or a Cloudflare tunnel, which is what I do. Set a strong admin token and turn off open signups once your accounts exist. Above all, back up the data. If the box dies and you kept no backup, you will lose every password at once. Keep at least one copy somewhere else.

Hardware barely matters

There is almost nothing to plan here. Vaultwarden is the lightest app I cover in this series. It runs happily on a Raspberry Pi, on the cheapest VPS you can rent, or as one more container on a box you already keep running, which is where mine lives. There is no real storage or CPU sizing to do, so the only running cost is the idle power of whatever it sits on. Check that with the homelab power calculator, or weigh a home box against a rented server with the self-hosting vs SaaS cost calculator, prefilled with the 1Password price.

Moving your vault in

Migrating in is the easy part. You export your vault from LastPass or 1Password to a file, import it into the Bitwarden client pointed at your Vaultwarden server, then securely delete the export file. The clients are the same ones the hosted service uses, so day to day nothing feels different once you are set up.

When you should not self-host this

Be honest with yourself here. Do not self-host your passwords if you are not comfortable setting up HTTPS and a reverse proxy or a VPN, if you would not reliably keep an offsite backup, or if losing access to your vault during a server problem would be a disaster you cannot absorb. For most people in that spot, hosted Bitwarden is the responsible choice. It is cheap, audited, backed up by someone else, and still end-to-end encrypted, so the company cannot read your vault. Self-host this only when control is worth the work and you trust yourself to do the security properly.

Common questions

Is Vaultwarden the same as Bitwarden?

It is a compatible reimplementation of the Bitwarden server in Rust, made by the community, not by Bitwarden. It speaks the same protocol, so the official Bitwarden apps work with it, and it is far lighter to run. Your vault stays end-to-end encrypted either way.

Is it safe to self-host my passwords?

It can be, if you secure it. The vault is end-to-end encrypted, so the bigger risks are exposing the server carelessly or losing it with no backup. Get HTTPS or a VPN, a strong admin token, and a backup right, and it is safe. Skip those and it is not.

Do the normal Bitwarden apps work with Vaultwarden?

Yes. You install the standard Bitwarden browser extension, mobile app, or desktop app, and point it at your server address. That is the whole appeal. The official client experience with your own backend.

How do I move from LastPass or 1Password?

Export your vault to a file, import it into the Bitwarden client connected to your Vaultwarden server, then delete the export file securely. It takes a few minutes.

Does Vaultwarden unlock the Bitwarden paid features?

Yes, the features Bitwarden charges for, like built-in two-factor codes and file attachments, are available for free on Vaultwarden. That is one of the main reasons people run it.