Host Bitwarden .json file yourself?

Hello all,

currently I ‘host’ my Enpass .enpassdb vault file on my NAS. The Enpass mobile phone (iOS) app and the Enpass desktop app (Windows 11) access it via WebDAV.

I am considering to switch to Bitwarden, therefore:
Can I also realise such access via WebDAV to access the Bitwarden .json vault file with write/read functionality hosted on my NAS with the Bitwarden mobile app / windows client?

@bandchef Welcome to the forum!

The JSON file is a local cache of your vault data, so it is always stored on your local devices. I suppose that if you really wanted to, you could configure some kind of reparse point (symlink or junction) so that the actual file location would be on your NAS, but I don’t see the benefits of doing so (and I can certainly foresee problems caused by attempting this).

I think what you’re looking for is the ability to run your own server to host your account data (including the database). Instructions for installing a server are available here:

• Self-host with Docker (Unified Deployment beta)
• Self-host with Docker (Windows Standard Deployment)
• Self-host with Docker (Linux Standard Deployment)
• Self-host with Helm

personally I think self host your own bitwarden server instance maybe the choice if you want the full control over your data.

@InternetNotSafe Yeah, probably… but only if you are willing and able to maintain and update it regularly.

PS: Added “and able”, thanks to @grb

…and able (!)

Even when hosting, you do not have full control. Whether you self or cloud host, there are plenty of external parties that have some level of control:

• The software was still written by Bitwarden, so you are still subject to their quality control standards.
• You need to download it from some archive/store, so you are trusting that you received an authentic version.
• If using a third-party vault, you are also trusting their coding practices.
• If needing access from the Internet (e.g. for a mobile phone) you may need a firewall/VPN, expanding the scope of who has control over your data
• Self hosting includes the manufacturers of the sever hardware, the OS, your home network equipment, etc.
• If you have other applications on your device, they can potentially interact with Bitwarden. Ditto for the web browser into which you installed the extension.
• When self-hosting natural disasters (Palisades fire, large-scale flooding, hurricanes, etc) can “control” your data to a lesser geographical separation of your standby servers.

To me, the bigger question is if you trust Bitwarden in the first place. The best place to start with this is to review the security section of their help and perhaps their source code. If you can not develop trust in their products, you need to find a different product.

And, if you trust their encryption, how many additional layers are needed? For me, an extra-good Master Password and MFA are enough. But then again, I also need to weigh the decision against the fact that I make administrative errors such as forgetting to backup, postponing patches and keeping my off-site backups too close.