Self-hosted hot standby

So far my company is absolutely fine with Bitwarden availability. I mean, more than a year of intensive usage, and zero perceived downtime ? That’s a solid score among the few SaaS providers that we use today.

However, as a risk manager, I must take every situation in account. Due to the limited features of offline mode, if the web vault ends up down for a while, we might want to switch to an emergency mode with a self-hosted instance having a not-too-old version of collections.

If I understand correctly this doc, I can use our hosted license on an on-premise instance, right ?
Is there any usable “raw sync” mecanism that we could use to periodically download the web vault content and push it into the on-premise instance ? Of course, none of our user’s vaults are to be synced, I’m well aware of the underlying cryptographic notions here. But what about collection data ?

Hi thankfully better offline management and access is in the pipeline and should hopefully come out of the works soon (my hope).

In the meantime the Bitwarden API might be something too look into if you are familiar with and feel comfortable putting together something that could utilize the API.

The Bitwarden CLI will also play into this and scripts can be set up to export organization items for backup, and I’m sure secondary scripts could be used for importing to an on-prem Org as a hotspare.

1 Like

Thanks !

We indeed have quite some experience with the API and CLI, due to our hand-made collection sync bot, which leverage both mecanism. Although we use the CLI only to create newly added collections, the API not being able to do so, but being able to manage group access (I never understood why in the design process, the collection’s name was deemed sensitive and needing encryption, while the access management is left to the API without encryption).

However my primary question was : do I need a second license to host my hotspare, or do the hosted license can be used to active features on the hotspare while still being valid for the hosted organization ?

Ahh sorry for the miscommunication in understanding here, as I understand yes the license Bitwarden provides will activate all features that are currently being paid for in the premium membership either for personal vaults, or Organization vaults in self-hosted instances.

I have setup and run a small self-hosted instance for testing in my home-lab and use the family premium license.
As expected this activates the same subscription as is paid for in the cloud SaaS (though family members defaults to 6 members in total, you may need to switch license files if you add additional users in the SaaS cloud version of Bitwarden.

Not sure how this is handled but I would assume once you go over your user set allocation and add additional licenses in the Bitwarden cloud, one would need to download a new license file with that user seat limit and update it in the self-hosted instance, but I could be wrong here about this)

Had absolutely no issues issues or warning messages stating that I was currently using the cloud service as well as the self-hosted instance. You can “double dip” so to speak rather than being resigned to one or the other. I guess the assumption is Bitwarden provisions costs for their SaaS users, if there are companies that need to self-host for data compliance or security Bitwarden allows this easily, and those companies are still paying the same rates/user while taking some load off of Bitwarden’s cloud infracturcture, albeit to be fair the hardware requirementes are fairly minumal. If there is special use cases where licensed users such as myself want to run self-hosted to test, or special use cases such as yours in the company for a “hot-spare” Bitwarden does not restrict this.

Good, that’s a very comprehensive answer, thanks !

Then hotspare instance will probably a thing when I have some time free.

And I’m eager to see what offline features will come in the future too.

Thanks again,