Self hosting Bitwarden, especially with the unified setup, is becoming quite simple and is one of the big features setting Bitwarden apart from others.
To achieve a setup that can be used by as many enterprises as possible on as many systems as possible it is best to stick to Docker/Container best practices, which in case of Bitwarden means becoming stateless. I have not had too much experience with self hosting but from what I can see there are some local files left that describe a certain state of the application. Namely those are:
- A data-protection key (master encryption key?)
Writing logs to stdout/stderr is something every docker image should do and is considered “the way to go” around the container community.
The data-protection key is a sensitive secret, so it would make sense to utilize existing secret engines and best practices around that too.
I would request for the unified self-hosting of Bitwarden to have a stateless option(s) that does not require local storage.