Prefab system images From Russia With Love, including password managers and surfing proxies, spun up on a VPS operated by totally unknown people (probably remoted to the actual DC from some place with bad water)...security nightmare. When I see Statue of Liberty sticking up out of the water on the shoreline, imma scream like Charles Heston! Need Congress/FTC to set guidelines. In mean time, know that you don't get all the benefits of that stack for "free", you're burning down future hours that will be in disaster recovery mode.
You might like Pass [0] or GoPass [1] which had more features the last I looked at it.
They both store passwords/data in gpg-encrypted files in a git repo. I'm not sure what the state of GUIs/browser plugins are for it, but I'm pretty sure there are some out there.
You can also set up your git config to be able to diff encrypted .gpg files so that the files are diff-able even though they're encrypted.
Yeah, I like Pass the most in this space, but it doesn't encrypt the index of logins/items that you're keeping. I.e. it's a folder tree of encrypted files, so you can see the sites, logins and other things that I'm using. That's kind of a deal breaker for me, though I'm pondering if I'm being practical, or just overly cautious.
Bitwarden can be self-hosted and it's server is open source (and security audited, for what it's worth). I've used it for a few years or so and I've had no issues this far.
Vault or Bitwarden are great for projects once they get serious - Unfortunately there isn't a one-size-fits all solution that doesn't suck in one way or another. Setting up vault is fairly non-trivial.
Not him, but I'm gonna use this as a chance to plug unison[1]. I've been using it for more than a year now to keep files synced across more than 3 computers and it works flawlessly. It gets a tad slow to start propogating changes if you have too many files and a weak server (around 150k files, server has an Atom N2800), but it's not more than 15 seconds.
One nifty thing is that you don't need to run unison on the server ever, just have it installed. I have systemd units that I enable on my client machines and that does all of the syncing; unison connects to the server with ssh and does all the work there over that.
I use both, and one thing I found that is sucky about WG is that it does not work well with the Windows firewall. I need to give full permission to an app to be able to access ip addresses routed by WG. Tinc does not have this problem.
WG also doesn't do dynamic mesh routing. With tinc, I can have a network path down, and my mesh will find it's way around it. Tinc is slower than WG, but I will take that hit for the benefit of availability. (my preference anyway)
One thing I noticed with tinc is that it does not take advantage of sysctl network tuning. I had to increase the network buffers for that dynamic routing to not make as much of a noticeable slowdown.
All web-services are reverse-proxied through traefik
At home:
On a remote server: