Passwords management

We should avoid circulating passwords at all, in order to avoid this passwords should be stored in a password manager and grant access through the password manager.

Some solutions:

  • LastPass (popular but proprietary and not free)
  • KeePass (popular, not on the cloud, database needs to be circulated)
  • Bitwarden (open source, seems to have cloud solution, to investigate)
  • Passbolt (open source? and self hosted, to investigate)

I need to do some research on Bitwarden and Passbolt as they seem good candidates. Will update once the research is done. I personally I am only familiar with LastPass and KeePass but the disadvantages mentioned above make them not suitable for us.

1 Like

Tomorrow I will try to spin up the docker container provided by Bitwarden on my own infrastructure and test it. So far it seems the best candidate imo.

@Leo any thoughts? For now I am happy to host it on my personal Digital Ocean account as I have spare nodes that are being completely wasted at the moment, but in the long run maybe better to host it somewhere else?

Been having a look to Bitwarden, seems amazing, easy to host and so on… But all the teams features require a license that starts at $5 pcm (even if selfhosting).

Going to check Passbolt, seems that it has less features but to enable teams for free in the self-hosted version.

1 Like

Really? How is that possible for Bitwarden?

People would just fork it and take that feature out.

I guess people could fork it… But no one has so far :rofl:

When you install their self-hosted docker solution it asks for a public/private key pair that links to your bitwarden account and the script that composes the docker image basically turns features on and off depending on the tier your account is on…

That’s kind of crap. The search goes on!

1 Like

I think I am quite happy with Passbolt (assuming we set it up on a proper server with working SMTP lol), it seems easy enough to use, it enables sharing passwords securely to managed users and it is free and open source… Definitely an improvement over sharing passwords on chats.

Waiting for @Leo’s feedback and if it is a go I am more than willing to set it up.