I've been using (and paying for) Bitwarden for years now, but it appears they have recently chosen to abandon open source[1].<p>I'm not all too happy with having the rug pulled from under me. Is there an alternative that you would recommend? Preferably something that is open source, audited and has an Android client. Happy to pay a reasonable subscription.<p>[1] https://github.com/bitwarden/clients/issues/11611
Is this really that dire? Comment from the GitHub issue:<p>"Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.<p>the SDK and the client are two separate programs<p>code for each program is in separate repositories<p>the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3<p>Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug."
Isn't VaultWarden what you want?<p><a href="https://github.com/dani-garcia/vaultwarden">https://github.com/dani-garcia/vaultwarden</a>
Per their response to this issue, seems like this is a bug: While they do have some non-FOSS code in their `sdk` package, the client should still be buildable without the SDK:<p>> Hi @brjsp,
> Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.
>
>
> the SDK and the client are two separate programs
> code for each program is in separate repositories
> the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3
> Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.
I drink enough of the foss koolaid to earn my community card but I’m also a nearly 40-year old realist. I just put everything in 1Password and pay them and forget about it.<p>If they do something heinous I’ll move to something else but this is not something I want to mess with.
I would not recommend a password manager with a cloud component dependency, that is the means by which the proverbial rugs are pulled. It's important to be in control of the vault yourself. Any keepass variant should do such as keepass2 and keepassxc.
Not FOSS at all, but I've used 1password for years and love it. It's one of the few pieces of software that just works across my devices (Mac/iPad/Android phone), cloud sync is awesome, and built-in support for cloud-synced 2FA and Passkeys means I never have to worry about replacing devices.<p>I pay for a family plan and share it with family members. It's really wonderful and something I never have to worry about.<p>It's not the kind of thing worth wasting time self-building and hosting, IMO, especially the cloud component. I don't want to keep up with all the latest exploits and zero-days; much rather have a commercial company taking care of it with a vested interest in keeping your data safe.<p>There are FOSS things like Keepass XC. But the overall experience just sucks compared to 1password.
Use KeePass and its variants, for storing the encrypted data in a local file. Use any of the file sync products to sync the file across devices, e.g. Dropbox, Syncthing, etc.
I'll likely be migrating over to Proton Pass[1] since I already have a Proton Mail subscription anyway. Seems like it meets all your criteria depending on what you consider to be a reasonable cost for a subscription.<p>[1] <a href="https://proton.me/pass" rel="nofollow">https://proton.me/pass</a>
Don't look forward but look back. A secure open format with many possible open source frontends (like keepass/keepassx/keepassxc) and maybe cloud sync.
Not open source, but a non-profit foundation guarding it: <a href="https://proton.me/pass" rel="nofollow">https://proton.me/pass</a> edit: Is open source actually: <a href="https://github.com/protonpass/">https://github.com/protonpass/</a>
I have been self hosting <a href="https://github.com/dani-garcia/vaultwarden">https://github.com/dani-garcia/vaultwarden</a>, it has been good to me.
in response to the topic of bitwarden being vc funded i have started to migrate to keypassxc. It works pretty fine, also export / import worked good, some minor issues with to strict db-locking policy which i think i managed to fix in the settings. It's missing cloud sync, but i do my file sync over syncthing anyway. But i'm on osx and i havent tested on windows yet.
Very few open source password managers that have cloud sync and modern clients on popular platforms (I honestly don’t know any that I can recommend)<p>The logic is making things open source can allow attackers to more easily identify vulnerabilities (flawed logic, but there’s some truth to it)<p>I would stick to BitWarden or consider 1Password if I were you<p>I did see <a href="https://passky.org/" rel="nofollow">https://passky.org/</a> sometime back, might work for you on Android