The original post: /r/selfhosted by /u/heisian on 2024-07-01 20:04:33.

Hey all, I recently did some tests with both platforms and thought I would share my findings while the information is still fresh.

To provide context, I installed both platforms on my TrueNAS SCALE server using IX-System’s official charts/deployments.

Here are my observations:

Passbolt Pros

  • Relatively good-looking UI.
  • Nice desktop app, but Windows only.
  • Easy management of users, groups, and permissions. Intuitive and easy to setup granular access.
  • Easy import of KeePass databases in their original format (.kbdx).
  • Easy to manage credentials in bulk (access, location, etc.).
  • Cool CLI for performing DevOps tasks

Passbolt Cons

  • Weird bugs when setting up for the first time. Requires searching through forums to fix various issues.
  • By design, it’s not easy to switch between user accounts either on web, browser extension, or desktop/mobile apps. This is probably what they bill as being more secure, but to me it feels limiting.
  • Desktop app is Windows only.
  • No support for additional sensitive fields beyond password/TOTP.
  • Very clunky username/password auto-fill.
  • Clunky setup of SMTP sendmail if using SSL/Port 465 (again, required searching through forums for the answer).
  • Failed my chase.com username/password field detection test.
  • No TOTP auto-fill.
  • Weird UI bug where administration options don’t show up for a newly-promoted admin user.

Vaultwarden Pros

  • Clean UI.
  • BitWarden clients support all platforms, all browsers.
  • Supports a decent variety of sensitive items: logins, credit cards, identities, notes.
  • Performance seems very fast.
  • Great username/password field detection (works on chase.com).
  • Good support for organizations.
  • Easy import of passwords in .csv and .xml formats.

Vaultwarden Cons

  • Clunky management of users (requires additional verification step to add to organization, though this could be a good thing).
  • Clunky management of groups (folders vs. collections, permissions), not intuitive, but once figured out works the way you want it to.
  • Clunky bulk management of credentials, cannot move multiple at a time between folders/collections.
  • No way to move credentials between organizations (security feature?).
  • No TOTP auto-fill.

I tried Vaultwarden first and didn’t like the clunkiness around user/group/access management. Then I decided to try Passbolt.

For me the final choice between the two came down to Passbolt’s lack of additional/custom sensitive data fields, lack of user switching, and lack of ability to detect form fields on sites with unconventional properties.

I understand that security is always a compromise between convenience and security, and perhaps Passbolt’s lack of user switching makes things more secure, but I’m not sure what the end effect of all that is. One workaround could be to have multiple user accounts in your OS and switch between those in order to be logged into multiple accounts, and that’s probably a good, if not more annoying, way to do it. Again it’s a compromise between convenience and security.

What I wish both platforms had was a TOTP auto-fill. I am used to KeePassXC being able to do a pretty damn good job of doing that for me.

tl;dr

Vaultwarden FTW