At least Bitwarden encrypts the whole vault as a blob. I don't bother self-hosting because I figure I know less about hosting a Bitwarden vault than they do so it's not much more secure. If I had a local server on my LAN I might consider it, because then at least I have a few firewalls between me and the internet. I've been a happy paying Bitwarden user for several years now, since just before the first "minor" Lastpass breach.
Yeah, I’m definitely not trained in security like the password manager engineers are. But I keep wondering if being distributed offsets that risk. That is, I can spin up Bitwarden in my Unraid machine in like five minutes and behind a reverse proxy, nobody even knows it’s there to attack. Maybe I have some security vulnerability, but it seems significantly less likely to be tested than a centralized commercial service. Curious if others have thoughts. I’d happily pay Bitwarden for whatever.
Yea this is exactly where I am. I have an Unraid box at home, currently mostly using it as a NAS, Plex server and for some home automations.
I realize that "security through obscurity" is not a best practice but even if I trust SaaS Bitwarden to be more hardened than I will ever be, I can't help but think that any centralized password manager will have a target on their back so much larger than mine that it may even out.
The biggest risk I see with self-hosting is accidentally borking the whole thing and locking myself out of my vault. But I'll probably gain enough confidence to mitigate that somewhat soon.
I'm one of those software devs who don't do my own stuff, I happily pay services for good products, but I know it would be "better" security (probably) to have my own server in-home and all that. I don't just choose anything, but I don't want to deal with servers or technology debugging outside of my day job. I used to run my own servers and just got tired of having to maintain them; and even "fully automated" systems need maintenance.