Would love to selfhost. However, I have no trust in my skills to secure my device in the same manner as a provider, and I do not wish my database to be compromised.
I’ve had my VPS exposed to the internet for a while and never been pwned. No professional experience. Use SSH keys, not password authentication. Use FDE if physical access is in your threat model. Use a firewall to prevent connection on internal-only ports.
Vaultwarden will store your passwords encrypted (obviously) so even if your database does get stolen, the attacker shouldn’t be able to read your passwords without your master password.
I know about Tailscale. I don’t use it because I want my VPS to be exposed to the internet; some of my services are supposed to be public. And those that aren’t, have their own authentication systems that are adequately secure for their purposes. I just don’t need Tailscale so I’ve not bothered with the setup.
Would love to selfhost. However, I have no trust in my skills to secure my device in the same manner as a provider, and I do not wish my database to be compromised.
Then use Keepass, which is literally just a local app.
I’ve had my VPS exposed to the internet for a while and never been pwned. No professional experience. Use SSH keys, not password authentication. Use FDE if physical access is in your threat model. Use a firewall to prevent connection on internal-only ports.
Vaultwarden will store your passwords encrypted (obviously) so even if your database does get stolen, the attacker shouldn’t be able to read your passwords without your master password.
If you use Tailscale or Netbird, you can avoid exposing your VPS to the internet completely.
https://lemmy.ca/comment/22449085
I know about Tailscale. I don’t use it because I want my VPS to be exposed to the internet; some of my services are supposed to be public. And those that aren’t, have their own authentication systems that are adequately secure for their purposes. I just don’t need Tailscale so I’ve not bothered with the setup.