Public password managers are high value targets for hackers. OwnWarden makes it easy to run your own while minimizing the attack surface by using WireGuard VPN.
- Self-host Bitwarden (or compatible server) on Google Cloud.
- Make the service as highly secure as possible by:
- Using the proven WireGuard VPN
- Using proven Open Source software whenever possible
- Automatic security updates on all components
- Continuous Monitoring
- Make it simple to install and configure
- Installation optimized for Google Cloud's 'always free' e2-micro compute instance by using Vaultwarden (Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients).
_Note: if you follow these instructions the end product is a self-hosted instance of Vaultwarden running in the cloud and will be free unless you exceed the 1GB egress per month or have egress to China or Australia. Also it has to be deployed in one of the following regions: Oregon: us-west1, Iowa: us-central1, South Carolina: us-east1
-
Micro e1-micro VM running the security hardened Google Container Optimized OS.
-
VaultWarden API server accessible ONLY via WireGuard protocol using Tailscale.
-
Scheduled backups of the encrypted password vault stored in SQLite database to Google Cloud Storage
-
Automated updates of Operating System and VaultWarden
Before you start, ensure you have the following:
- A Google Cloud project. Create one by navigating to https://console.cloud.google.com
- A Tailscale account and auth key. This is to allow Vaultwarden to connect to you tailscale network.
- Terraform installed
- Google Cloud SDK (gcloud) installed and configured
$ git clone https://github.com/abhinavrau/ownwarden.git
$ cd ownwarden