Password managers are a tool that you commit to for the long term. Nobody wants to deal with switching their password vaults between different services. In my case, I opted in to LastPass back when it was the popular choice and it's been doing the job quietly enough for me. It stored passwords, synced everywhere without interruptions. That's precisely what you want and expect from software that guards pretty much your entire digital identity.

However, over time, I've noticed issues with reliability. There's, of course, the 2022 security breach to consider, but also creeping prices and the product itself didn't seem to be getting all that much attention from the developers. More than anything, there was the realization that my entire digital identity had been outsourced to a company that hasn't really proven that it is entirely trustworthy. Nor did I have any control over those price and policy changes. As someone who has been moving most of his tech stack to open-source alternatives, I figured this was as good a time as any to make the switch for my password manager. That's what led to Vaultwarden. It's powerful, but what's remarkable is just how unremarkable the migration ended up being. I was able to complete the entire set up and migration process within a few hours and my workflow didn't really change all that much.

Why Vaultwarden works

Bitwarden compatibility without the heavy backend

Vaultwarden is best described as being very similar to Bitwarden, but open-source. In fact, it is compatible with the same official apps and browser extensions but swaps out Bitwarden's heavy server infrastructure for something much lighter. That compatibility helps since Bitwarden develops its apps as a commercial product and I wanted a rock-solid app ecosystem.

What Vaultwarden really offers is a clean separation between the user experience and the backend. From the perspective of the user, everything behaves exactly like Bitwarden. Everything from autofill to syncing. The biggest differences are behind the scenes as the vault is hosted entirely on your infrastructure. The efficiency is another factor in Vaultwarden's favor. Since it is designed to run with minimal resources, you can easily deploy on even the most basic self-hosted environments. In my case, that's a Synology NAS, but even a Raspberry Pi should suffice.

Finally, there's the obvious self-hosting benefit of knowing exactly what you are running, where your data is stored and how it's being accessed. Effectively, you are free of any changes in corporate policies — all the standard benefits of switching to open-source alternatives.

The migration process

Setting up Vaultwarden and importing your passwords

The process of migrating over to Vaultwarden was pretty much uneventful, which is exactly how it should be. Before I even got started with installing Vaultwarden, my first step was planning and preparation, starting with exporting my data from LastPass. While doing that, I took the opportunity to clear up years of accumulated clutter. That included passwords for services I no longer used, accounts for websites that no longer existed and even personal notes that were no longer relevant.

I also made the effort of making duplicate copies of the export file and storing it separately. It's a simple precaution that I recommend for any kind of export and migration process as it lets you roll back easily and removes a lot of anxiety associated with the process. Even if something goes wrong, the original data remains untouched. By the time this process was done, my data was in a far better and cleaner state than it has been in years — an added benefit of migrating.

Setting up Vaultwarden itself was straightforward, especially if you are comfortable using Docker. The configuration process is minimal and once the service is up and running, you can log in through the web interface. The most time-consuming aspect for most will be setting up a reverse proxy. Accessing Vaultwarden mandates a secure HTTPS connection so you'll have to get a Lets Encrypt certificate and pair it up with something like Nginx or Caddy. In my case, I opted for Synology's built-in reverse proxy manager since I was already using it.

Once done, the actual import process is straightforward and you'll find built-in options to import the LastPass export file.Within minutes, all your saved passwords should show up in Vaultwarden. That's it. The Bitwarden Chrome Extension can then be used to connect to your self-hosted Vaultwarden instance, and you'll find that features like autofill and login prompts work exactly as you'd expect them to. Similarly, mobile synchronisation is fast and reliable with no delays or errors.

Switching to Vaultwarden was faster than I expected

I anticipated taking a full weekend to switch over from Lastpass to Vaultwarden, but in reality, outside of setting up the reverse proxy, the entire process doesn't take much more than an hour or two. In return, you get a password vault that's no longer tied to a subscription service or governed by policies outside your control. Everything works on your personal infrastructure. In practice too, you won't find much of a difference outside the label on the app. Vaultwarden works just as effortlessly as Lastpass. If you are already comfortable managing a few services and value full control over convenience, you'll find that it is surprisingly easy switch to make.