In the latest episode of “they will always sell you out” - they sold you out! Who would’ve thought.
Hoping for a good alternative client to appear, the writing is on the wall. Vaultwarden can’t exist without “leeching” off of Bitwarden.
Jesus, I’m tired of switching password managers.
KeePassXC + KeePassDX is probably the best option, with the downside of no way to sync easily (syncthing is probably the best option there)
I might switch back at some point, been getting frustrated with the bitwarden extension performance always being so poor.
Merge conflicts are a concern for KeePass, especially for those that don’t want to resolve them. Sync is difficult. AFAIK this is a very common issue with Syncthing setups.
Also, the portability from Bitwarden to KP leaves a bit to be desired, though that’s probably 90% on BW.
I’ve been using KeePass with Syncthing for 5+ years now and I think I’ve only had a sync issue once in all this time.
Granted I do make sure I only use the database on one device at a time (so not making edits on desktop and my phone at the same time) and I’m using XC and DX clients not the OG KeePass program.
I’m curious what is causing sync issues to make it “common”, I use my db every day.
Merge conflicts are a concern for KeePass
It’s really not that much of an issue. I sync my database between several devices, some of which are only used occasionally. Rarely do I ever have a merge conflict.
If you’re editing the database on multiple devices before they have a chance to sync with each other, maybe stop doing that. That’s what causes merge issues.
XC is really nice, but the devs are kinda dicks about not integrating some sort of syncing option, instead telling everyone who asks to “just point it to a local folder and use <insert sync tool of your choice> to keep that folder updated.” Which isn’t terrible advice, but some of us don’t have that option on managed devices.
I ended up using Keepass2Android and just pointing it at my webdav server, it seems to work pretty well!
On desktop it’s already taken care of since I put the DB in my folders that already sync via Syncthing.
I love K2A, been using it for well over a decade now. I really should toss the dev some cash… They’ve kept the UI consistent for years.
I just got Bit warden this year! Gah. Where are we jumping?
Vaultwarden
Vaultwarden relies on Bitwarden existing.
Not really. Convenience relies on the app and browser plugin, but they could be recreated like the server was.
That would be quite nice to see.
KeePass
KeePass isn’t going anywhere. They’re also dragging their feet on passkey support, so you might go with KeepassXC.
They also don’t effectively allow collaboration though, which is my cheif reason for using a cloud hosted password manager.
KeePass isn’t meant to be used that way. It’s a personal password manager. Always has been.
Valid. But it’s also valid that it now doesn’t work for me or anyone who also helps manage other people’s lives or works on a team ¯_(ツ)_/¯
Gotta use the right tool for the job. Sorry KeePass doesn’t work for you. It really is a fantastic piece of software.
Sure they do. Multiple people can have a file open at the same time. I use it for exactly this every day at work.
With KeePassXC, that is. I don’t know if other flavors have different support. I use XC primarily for the browser extension.
And you can both modify the same things without causing horrible conflict issues? And you can share only parts of your vault with someone rather than having entirely different vaults you have to switch between? I’m assuming you mean putting the file somewhere like Google Drive, and you can access it offline even if you can’t edit it offline? For feature parity with Bitwarden, obviously ideally one could edit any time and it would resolve problems when it came back online if there were any but Bitwarden doesn’t allow this.
Yes, no conflicts. I don’t know if you can only share part of vault; I just created a separate one for a separate team.
I wouldn’t put it in Google Drive or anything like that. The separate sync logic will definitely cause conflicts.
I’m not worried about having access if I’m offline, because if I’m offline I’m not going to be able to log into anything anyway.
I guess a laptop, server, IoT device, or WiFi connection when your main device doesn’t have internet is out of scope for you?
Like fixing my laptop and not wanting to type the new password into my phone instead of copy/paste, sync when online?
And how are you sharing a file, to multiple people anywhere in the world realtime ish, without a cloud service you or someone else hosts? Doesn’t that necessitate some syncronization logic?It’s hosted on a local network share, so we don’t need Internet access.
If can’t copy paste, I just type it out.
We use a VPN to the office.
I think the original title was more helpful because it shows that this is a recent development. Maybe you can add “new CEO”?
Bitwarden scrubs ‘Always free’ and ‘Inclusion’ values from its website as longtime execs step down
In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO of both Acquia and Insightsoftware, touts his experience with “all facets of mergers and acquisitions” on his own LinkedIn page, including experience working with leading private equity firms.
CFO Stephen Morrison also left Bitwarden in April, replaced by former InVision CEO Michael Shenkman. Both Crandell and Morrison joined the company in 2019. Kyle Spearrin, who started Bitwarden as a fun hobby project in 2015, remains the company’s CTO.
The year of keepass and syncthing!.
Has Vaultwarden said anything yet? I imagine that, if necessary, given that bitwarden’s client is still open, at the point they choose to try and close it, we, the users, can fork it and establish it for vaultwarden, correct? Or, maybe even the vaultwarden team will think about forking it themselves and making a light client as well to pair with the current server.
But Vaultwarden can exist without “leeching” they just haven’t needed to yet. That’s more symbiotic than parasitic. The parasite class just took over Bitwarden after all.
Not to my knowledge. As far as forks go, that’s true. However, Vaultwarden would need to become an independent team, and even if they don’t take over maintaining the client, someone else would need to become independent. While it can work, it can also lead to very nasty, longstanding bugs or security issues due to scale, budget, and effort. I see this a lot with Apple apps for example - smaller developers understandably don’t want to deal with Apple’s crap and costs, and everyone suffers in the end.
If you look at the current state of the cybersecurity world, it’s not kind to open-source developers. AI-generated BS is dredging up vulnerabilities on all sides. So security is also a big concern. Someone like Bitwarden has a lot of budget to swing.
Vaultwarden itself is incredibly good, but not perfect:
~~https://nvd.nist.gov/vuln/detail/CVE-2026-26012.~~
Edit: Bad example, point is security is a concern with a smaller team.
You’re right. And that’s why more of us need to contribute and spread the word of projects to support them.
Honestly, FOSS is our last bastion against this consumerist hellscape. I’m working on learning to build my own discord-like front end on matrix specifically for gaming. But I’m just one guy. We’ve all gotta pick where we place our effort and support those around us similarly.
Vaultwarden taking over bitwarden, should they shut doen as open source, I think would be entirely worthy. But it might need more people to either help vaultwarden or maintain it on their own, you’re right.
To me, seeing and learning about all of these projects gives me hope. All of these people and communities working to build things out of passion and dedication, because they care and want to provide value to others. No profit motive necessary. We just need to be there to support them as we’ve tied capital to our survival currently.
Move to KeePassXC or its recent LLM-free fork while you still can, because at some point Bitwarden is going to try to go closed-source again.
Oh crap, how’s KeePass got an LLM involved‽ Time to look into this now…
I did find https://codeberg.org/ChiPass/ChiPass , but it looks like a very new project.
Yeah, I’m no fan of slopcoding either, but this policy addresses those who contribute AI-generated code; it is most certainly not “our devs are shipping AI slopcode”.
Seems a lot here missed this part:
All code submissions go through a rigorous review process regardless of the development workflow or submitter.
Linus Torvalds does the same thing with the Linux kernel. He gets AI-generated slopcode submissions all the time. They’re reviewed by real people, and like most submissions Linus gets, sloppy work is rejected, AI and human alike.
why this over keepassxc?
When someone says “use KeePass”, we generally mean ”use an app based on KeePass".
Personally, I use the OG KeePass (work laptop), KeePass XC (all personal machines), Keepass2Android (personal Pixel), and Keepassium (work iPhone).
Whichever one you use is entirely subjective. Also, XC wouldn’t exist without the OG KeePass, so maybe don’t be a tribal weird-ass over it.
I’ve been wanting to move to KeePass from my current vaultwarden. What’s the most seamless way to synchronize the DB across GrapheneOS and Arch?
I trust Syncthing for syncing files, but it kind of feels insufficient for an actual encrypted database.
What works for you for syncing?
The encrypted database is a file. Syncthing handles it perfectly fine. KeePass’ protocol has versioning and merge support built right in, so all of the KeePass variants work great with each other without issues over Syncthing.
Just make sure you’re not editing the database on multiple machines at the same time - that’ll cause merge conflicts.
This is why corporate promises can never be trusted, because a new CEO can change those promises on a whim.
It’s part of why despite being interested in Beeper, I never signed up for it because I had questions about if those privacy promises they made would be kept if they sold to a bigger company… which they eventually did.
On the plus side Bitwarden already made an official open source self-hosted version, which can be forked and/or return to the community developed Vaultwarden roots.
Meanwhile KeepassXC keeps on chugging along.
FYI beeper is really just matrix with bridges. Once I realized that I set up my own and now I have the same functionalities as beeper, self hosted, with a choice of clients.
i was just thinking this week with the passphrase addition how good bitwarden is and when will the other shoe drop. There it is.
Keepass (all variants and forks) has a passphrase generator, been built-in for years.
The writing is on the wall for BW, and has been for quite some time now.
Every company is basically evil at this point.
Since Dodge v. Ford Motor Co (1919), if not earlier.
See also: https://reclaimdemocracy.org/corporate-accountability-history-corporations-us/
Yep. Thanks, Dodge brothers, for setting that precedent. Pig fuckers.
Vaultwarden here I come
BW news dropped, so you’re going to move to something that still requires the BW app?
Circular logic, friend. Ditch everything related to BW. Move to a truly open password manager like KeePass (including its various forks).
They responded on reddit and walked some of it back as an “oversight”: https://www.reddit.com/r/Bitwarden/comments/1tdvnh7/comment/olznwcv/. Allegedly, I’m too lazy to verify.
A change that would require intent to make is not a mistake or oversight.
This sucks. I committed to Bitwarden years ago and now am going to have to switch before they lock me in the garden.
They also haven’t addressed the removal of inclusion and transparency from their goals.
EDIT: They did. They said it’s “less of a priority”. The article I shared has been updated. I smell corporate bullshit though. “Oversight” this, “priority shift” that, they’d have to work hard to gain any trust back.
Keepassxc and whatever I’m using off f droid for Android. Then is sync with proton drive. Works well for me. I do the same for my one time password backups. You don’t even need to pay for a subscription to proton. These are small files. Free version is good enough
Yes, I use KeePassDX as well.
sync with proton drive
That’s not good enough. Stay entirely offline. Keep your own stuff in sync via Syncthing and Syncthing-Fork daisy chains, especially if they’re small files.
Has the sketchiness around the Syncthing fork hand-off get sorted?
Yes, the previous maintainer of Syncthing-Fork gave it the green light. Honestly, from the explanation they gave, it sounds like they just have major social anxiety. But it’s all settled. Even the maintainer for the Google Play version is good with it.
I fucking knew this would happen years ago. Something always smelled “off” about BW.
you saw that something on the internet will go to shit in a couple of years? speak to us, oracle! :)
Right? Lmao who would’ve thought??















