rack manifest · unit U05
Vaultwarden
passwords.itzgee.com
Every password, end-to-end encrypted, on your own hardware.
replaces LastPass · 1Password · Bitwarden
Vaultwarden is a password manager compatible with all the Bitwarden apps and browser extensions. Your logins, cards and secure notes are encrypted end-to-end — the server only ever holds ciphertext it cannot read. It is the one vault you want to survive everything else, so by design it stands apart from the platform single sign-on.
what it does
Native Bitwarden apps
Use the official Bitwarden desktop, mobile and browser clients — they talk straight to this server. Autofill, passkeys and generators, all pointed at your own hardware.
End-to-end encrypted
Everything is encrypted and decrypted on your devices with a key derived from your master password. The server stores only ciphertext — zero-knowledge by design.
Invite-only
Public sign-ups are disabled. New accounts exist only when invited from the admin panel — no open door on the internet.
Independent by design
Deliberately decoupled from the platform login. If single sign-on is ever down, your passwords are still reachable — the break-glass you never want chained to anything else.
Shielded at the edge
Sits behind the Cloudflare edge with WAF and DDoS protection in front of the login — the public boundary a vault deserves.
on this node
How it runs here.
- identity
- independent of platform SSO by design — the break-glass vault
- encryption
- zero-knowledge — server stores ciphertext only
- edge
- cloudflare waf + ddos in front of the login
- backups
- included in the nightly encrypted cross-site pull
Runs inside the same defences as everything else here — /security for the six layers, /mesh for the tunnel it's backed up across.
access
Want a unit of your own?
Vaultwarden is part of every tenancy on the node — private, managed space behind your own login, provisioned by invitation.
see the tenancy process →