rack manifest · unit U05

Vaultwarden

passwords.itzgee.com

Every password, end-to-end encrypted, on your own hardware.

replaces LastPass · 1Password · Bitwarden

Vaultwarden is a password manager compatible with all the Bitwarden apps and browser extensions. Your logins, cards and secure notes are encrypted end-to-end — the server only ever holds ciphertext it cannot read. It is the one vault you want to survive everything else, so by design it stands apart from the platform single sign-on.

what it does

Native Bitwarden apps

Use the official Bitwarden desktop, mobile and browser clients — they talk straight to this server. Autofill, passkeys and generators, all pointed at your own hardware.

End-to-end encrypted

Everything is encrypted and decrypted on your devices with a key derived from your master password. The server stores only ciphertext — zero-knowledge by design.

Invite-only

Public sign-ups are disabled. New accounts exist only when invited from the admin panel — no open door on the internet.

Independent by design

Deliberately decoupled from the platform login. If single sign-on is ever down, your passwords are still reachable — the break-glass you never want chained to anything else.

Shielded at the edge

Sits behind the Cloudflare edge with WAF and DDoS protection in front of the login — the public boundary a vault deserves.

on this node

How it runs here.

identity
independent of platform SSO by design — the break-glass vault
encryption
zero-knowledge — server stores ciphertext only
edge
cloudflare waf + ddos in front of the login
backups
included in the nightly encrypted cross-site pull

access

Want a unit of your own?

Vaultwarden is part of every tenancy on the node — private, managed space behind your own login, provisioned by invitation.

see the tenancy process →