Bitwarden vs Vaultwarden — Which Self-Hosted Password Manager Wins in 2026?
Bitwarden vs Vaultwarden: Which Self-Hosted Password Manager Wins in 2026?
If you're shopping for a password manager in 2026 and you've done any research, you've seen the two names that dominate open-source password management: Bitwarden and Vaultwarden. They share a common codebase, a common mission, and millions of users between them.
But they are not the same thing — and neither is the only option.
This guide compares Bitwarden, Vaultwarden (the lightweight self-hosted fork), and VaultKeepR (the decentralized newcomer). We'll look at architecture, encryption, self-hosting trade-offs, pricing, and what it takes to migrate. By the end, you'll know which approach fits your threat model.
Architecture: Three Ways to Store Your Vault
The most fundamental difference between these three tools is where your encrypted vault lives and who controls access to it.
| Aspect | Bitwarden | Vaultwarden | VaultKeepR |
|---|---|---|---|
| Storage model | Centralized (Bitwarden cloud, Azure) | Self-hosted (your server) | Decentralized (IPFS) |
| Server control | Bitwarden Inc. | You (full control) | No central server |
| Single point of failure | Bitwarden's infrastructure | Your server/domain | None (content-addressed) |
| Data persistence | Bitwarden uptime | Your server uptime | IPFS network (redundant) |
| Network dependency | Internet + DNS | Your server uptime | IPFS gateway or local node |
| Setup complexity | Sign up (minutes) | Docker + SQLite (hours) | Connect wallet (minutes) |
Bitwarden — Centralized by Design
Bitwarden follows a traditional SaaS model. Your vault is encrypted on your device, then synced to Bitwarden's servers running on Microsoft Azure. The encryption is client-side and zero-knowledge — Bitwarden cannot read your data.
The trade-off: availability depends on Bitwarden's infrastructure. If Bitwarden experiences an outage, you lose access to your vault. If Bitwarden shuts down (unlikely, but possible), you'd need to migrate to another tool.
Vaultwarden — Self-Hosted Control
Vaultwarden is an independent, lightweight reimplementation of the Bitwarden server API written in Rust. It lets you run the entire Bitwarden server backend on your own hardware — from a Raspberry Pi to a $5/month VPS.
The advantage: you own every byte. No third-party company can decide to change their pricing, terms, or feature availability. Your vault is available as long as your server is running.
The trade-off: you own every problem. Backups, TLS certificates, database migrations, OS updates, and uptime monitoring are all your responsibility. If your server dies and you don't have a backup, your vault goes with it.
VaultKeepR — Decentralized via IPFS
VaultKeepR takes a third path: instead of running a server or trusting a company's cloud, it stores your encrypted vault on IPFS — the InterPlanetary File System. Your vault is content-addressed, sharded across the network, and pinned by multiple nodes.
There's no server to maintain and no company to depend on. Your vault persists on the IPFS network regardless of whether VaultKeepR exists as a company. Authentication uses your crypto wallet (EIP-191 signatures) instead of an email-password combo, eliminating an entire class of phishing and server-compromise attacks.
Learn more about decentralized password storage →
Encryption: AES-256 vs. XChaCha20-Poly1305
All three tools encrypt your data client-side with strong cryptography, but the specific algorithms and key derivation functions differ in meaningful ways.
| Feature | Bitwarden | Vaultwarden | VaultKeepR |
|---|---|---|---|
| Cipher | AES-256-CBC | AES-256-CBC (same as Bitwarden) | XChaCha20-Poly1305 |
| Default KDF | PBKDF2 (100K iterations) | PBKDF2 (same as Bitwarden) | Argon2id |
| Alternative KDF | Argon2id (optional, since 2023) | Argon2id (optional) | Always Argon2id |
| Authentication | HMAC-SHA256 (separate) | HMAC-SHA256 | Poly1305 (built into AEAD) |
| Nonce / IV size | 128-bit | 128-bit | 192-bit |
| Key binding | Email + master password | Email + master password | Wallet signature + master password |
Why Bitwarden and Vaultwarden Are Identical Here
Since Vaultwarden reimplements the Bitwarden server API, the client (desktop app, browser extension, mobile app) is the same Bitwarden client. This means the encryption is identical: AES-256-CBC with HMAC-SHA256 for authentication, and PBKDF2 (or optionally Argon2id) for key derivation.
AES-256-CBC with HMAC is a well-vetted, secure combination. It has been the standard for over two decades. That said, it carries the overhead of a separate HMAC step and requires careful IV management.
Why VaultKeepR Uses XChaCha20-Poly1305
VaultKeepR opted for XChaCha20-Poly1305 for several reasons:
- Authenticated encryption (AEAD) — No separate HMAC step; authentication is built into the cipher. This eliminates the risk of encrypt-then-MAC ordering bugs.
- 192-bit nonces — Large enough that random nonce collision is effectively impossible, even for long-lived encryption keys. Compare this to AES-GCM's 96-bit nonces, which require careful counter management.
- Constant-time on any hardware — Unlike AES, which benefits from hardware AES-NI on modern CPUs but runs slower without it, ChaCha20 performs consistently on all platforms — from ARM-based phones to low-power servers.
- Production-proven — Used by Signal, WireGuard, Cloudflare, and Google's TLS stack.
Deep dive into XChaCha20-Poly1305 →
KDF Differences Matter
Bitwarden defaults to PBKDF2 with 100,000 iterations. You can enable Argon2id in the settings, but most users never touch these options. Vaultwarden inherits the same defaults.
VaultKeepR uses Argon2id exclusively with parameters tuned for modern hardware: 64 MB of memory, 3 iterations, and 4 threads of parallelism. This makes brute-force attacks dramatically more expensive — roughly 40,000× harder than PBKDF2 at Bitwarden's default settings.
Read our full Argon2id explainer →
Self-Hosting: Bitwarden vs. Vaultwarden vs. VaultKeepR
If you want to control your own infrastructure, here's what each option requires.
Self-Hosting Bitwarden
Bitwarden officially supports self-hosting, but it's not trivial. The official deployment uses Docker, SQL Server, and several supporting services:
Bitwarden self-hosted stack:
- Docker (required)
- SQL Server (Linux container, ~2 GB RAM minimum)
- nginx (reverse proxy)
- Identity server
- API server
- Web vault
- Attachments / icons services
- Certbot (Let's Encrypt, optional)
Recommended specs: 2 CPU cores, 4 GB RAM, 20 GB storage minimum. Running this on a Raspberry Pi is technically possible but not practical.
Self-Hosting Vaultwarden
Vaultwarden exists specifically to solve the heavyweight problem of self-hosting Bitwarden. Written in Rust, it's a single binary (or Docker image) that replaces the entire Bitwarden server stack:
Vaultwarden stack:
- Single binary or Docker image (~10 MB)
- SQLite (no separate database server needed)
- Optional: nginx for TLS termination
Recommended specs: 1 CPU core, 512 MB RAM, 1 GB storage. Easily runs on a Raspberry Pi 3/4, a $3/month VPS, or even an old laptop running 24/7.
| Resource | Bitwarden self-hosted | Vaultwarden | VaultKeepR |
|---|---|---|---|
| RAM required | ~4 GB | ~128–512 MB | None |
| CPU | 2+ cores | 1 core | None |
| Storage | ~20 GB | ~1 GB + attachments | None (IPFS) |
| Dependencies | Docker, SQL Server, nginx | Docker or binary, optionally nginx | None |
| Backup complexity | Database dump + config + attachments | Single SQLite file + config | IPFS CID backup |
| TLS / domain | Required | Required | Not required |
| Maintenance burden | Medium-high (DB migrations, updates) | Low (single binary updates) | None |
VaultKeepR — Zero Self-Hosting
VaultKeepR eliminates the self-hosting question entirely. Because your vault lives on IPFS, there is no server to provision, no TLS certificates to renew, and no databases to back up. You authenticate with your crypto wallet, and your vault is available on any device you authorize.
This isn't self-hosting — it's no-hosting. The infrastructure is the network itself.
Feature Comparison
| Feature | Bitwarden | Vaultwarden | VaultKeepR |
|---|---|---|---|
| Free tier | Unlimited passwords, 2 devices | Unlimited passwords (self-hosted) | Unlimited passwords, 5 devices |
| Browser extensions | Yes Chrome, Firefox, Safari, Edge, Brave, Opera | Yes Same (uses Bitwarden clients) | Yes Chrome (Firefox planned) |
| Mobile apps | Yes iOS + Android | Yes iOS + Android (Bitwarden apps) | Yes iOS (Android planned) |
| Desktop apps | Yes Windows, macOS, Linux | Yes Same Bitwarden desktop apps | Planned Desktop app on roadmap |
| TOTP | Yes Premium ($10/yr) | Yes Use Bitwarden Premium license | Yes Premium tier |
| Passkeys | Yes Supported | Yes Supported | Planned On roadmap |
| Email aliases | No | No | Yes Built-in (@vaultkeepr.xyz) |
| Shamir Secret Recovery | No | No | Yes Premium (3-of-5 threshold) |
| Team / Business | Yes Excellent | Moderate Limited (API-compatible, no admin console) | No Not available |
| Emergency access | Yes | Yes (same API) | Yes Shamir-based recovery |
| WebAuthn / FIDO2 | Yes Premium | Yes Premium (Bitwarden-compatible) | Yes Wallet-based (EIP-191) |
| Self-hosted | Yes (heavy) | Yes (lightweight) | No Not needed (IPFS) |
| Third-party audits | Yes Multiple completed | Yes Bitwarden audits apply to client | Planned Planned |
| Open source | Yes Server + client (GPL-3.0) | Yes Server (GPL-3.0), client same | Yes Core crypto (MIT) |
Pricing
Pricing is where the three diverge most sharply.
Bitwarden
| Plan | Price | Details |
|---|---|---|
| Free | $0 | Unlimited passwords, 2 devices |
| Premium | $10/year | TOTP, FIDO2, emergency access, 1 GB encrypted storage |
| Families | $40/year | 6 members, unlimited sharing |
| Teams | $36/user/year | 2FA, user groups, event logs |
| Enterprise | $48/user/year | SSO, directory sync, self-hosting |
Vaultwarden
| Component | Cost |
|---|---|
| Software | Free (open source) |
| Server / VPS | $3–10/month |
| Domain + TLS | $10–20/year (domain), $0 (Let's Encrypt) |
| Optional Bitwarden Premium | $10/year (if you want TOTP, FIDO2 from the Bitwarden client) |
| Time & maintenance | Your hourly rate × setup time |
Vaultwarden is "free" in the monetary sense, but it incurs infrastructure and maintenance costs. A cheap VPS plus domain runs roughly $50–140/year. If you value your time, the setup and ongoing maintenance adds to the true cost.
VaultKeepR
| Plan | Price | Details |
|---|---|---|
| Free | $0 | Unlimited passwords, 5 devices, full E2EE |
| Premium | One-time / subscription | TOTP, email aliases, Shamir recovery, 1 GB cloud |
| Pro | Subscription | 50 GB cloud, all Premium features |
| Ultimate | Subscription | Unlimited cloud, all features |
| Lifetime (crypto) | 299€ one-time | Ultimate for life, crypto-only payment |
VaultKeepR's free tier is genuinely generous — unlimited passwords on 5 devices with no self-hosting required. The paid tiers add cloud storage for attachments and advanced features like Shamir recovery and email aliases.
Migration Guide: How to Switch
Whether you're moving from Bitwarden, Vaultwarden, or another password manager, the migration process follows a similar pattern.
Step 1: Export Your Vault
From Bitwarden / Vaultwarden:
- Open the Bitwarden desktop app or web vault
- Go to Tools → Export Vault
- Choose CSV (recommended for compatibility) or JSON (if available)
- Enter your master password
- Save the file to a secure, temporary location
Important: The export is unencrypted plaintext. Treat this file like your master password — delete it securely after import.
Step 2: Set Up VaultKeepR
- Go to VaultKeepR download page and install the browser extension
- Connect your wallet (MetaMask, WalletConnect, or any EIP-1193 compatible wallet)
- Create your master password (this combines with your wallet signature for Argon2id key derivation)
- Your vault is initialized — now let's fill it
Step 3: Import Your Data
VaultKeepR supports CSV import. Upload your exported file via the web interface, review the mapping (most fields map automatically), and confirm the import.
The import process encrypts everything client-side before anything touches the network. Your data never reaches VaultKeepR's servers in plaintext — in fact, there are no vault servers at all.
Step 4: Verify and Decommission
After importing:
- Spot-check 5–10 entries to ensure passwords, URIs, and notes transferred correctly
- Test the browser extension — auto-fill on a site you use regularly
- Set up email aliases if you're on a Premium plan
- Configure Shamir recovery shares (3-of-5 threshold recommended)
- Keep your old vault export in a safe place for 30 days, then securely delete it
Security Checklist for Migration
- [ ] Confirm the export file was deleted after import (
shredorsrmon Linux/macOS) - [ ] Change the master password on any accounts that had their password stored in the old vault (optional but recommended)
- [ ] Verify all TOTP secrets are imported correctly
- [ ] Test that auto-fill works on at least 3 different sites
- [ ] Remove the old password manager's browser extension once you're confident
Full migration guide from Bitwarden →
Full migration guide from Vaultwarden →
FAQ
Is Vaultwarden legal? Does Bitwarden approve of it?
Yes, Vaultwarden is completely legal. It is an independent reimplementation of the Bitwarden server API, written from scratch in Rust. It does not contain any Bitwarden proprietary code. Bitwarden Inc. has been aware of the project for years — while they don't officially endorse or support it, they haven't taken any legal action against it. The project is mature and well-maintained, with thousands of GitHub stars and an active community.
Can I use Vaultwarden with the official Bitwarden clients?
Yes — this is the primary use case. Vaultwarden implements the Bitwarden API, so all official Bitwarden clients (desktop, browser extension, mobile, CLI) can connect to a Vaultwarden server by simply changing the server URL in the settings. The only exception is that some features like the Bitwarden admin console or certain enterprise features don't have Vaultwarden equivalents.
Which password manager is most secure: Bitwarden, Vaultwarden, or VaultKeepR?
All three use strong, client-side encryption — your data is encrypted before it ever leaves your device. The security differences come down to operational factors:
- Bitwarden has the most third-party audits and a dedicated security team, but your vault's availability depends on their servers.
- Vaultwarden removes third-party server risk but puts the operational burden on you. A misconfigured server (e.g., no TLS, weak admin password, no backups) can be riskier than trusting a well-run cloud service.
- VaultKeepR removes the server entirely via IPFS and adds wallet-based authentication, which eliminates email-phishing and server-compromise attack vectors. It has not yet completed a formal third-party audit (planned).
In cryptographic terms, VaultKeepR's Argon2id + XChaCha20-Poly1305 combination is more modern and resistant to brute-force than PBKDF2 + AES-256-CBC, but Bitwarden's Argon2id option closes that gap.
Do I need a crypto wallet to use VaultKeepR?
Yes, VaultKeepR uses your existing crypto wallet (MetaMask, WalletConnect, or any EIP-1193 compatible wallet) for authentication. The wallet signature serves as a cryptographic proof of identity — no email or password database is involved. If you don't have a wallet, you can create one for free with any of the supported wallet providers.
What happens if Vaultwarden's maintainers abandon the project?
Vaultwarden is open source (GPL-3.0), so the code will always be available and forkable. Since it's a single-binary Rust application that implements a stable API (Bitwarden's), it should continue working even without active development. However, security updates and bug fixes would stop. This is a real consideration — if you self-host Vaultwarden, you should monitor the project's maintenance status.
VaultKeepR's IPFS-based approach sidesteps this problem entirely: your vault persists on the network independent of any project's maintenance status.
Can I self-host VaultKeepR?
VaultKeepR doesn't need to be self-hosted — there are no servers to run. Your encrypted vault lives on IPFS, which is a peer-to-peer network. You can pin your own vault data to your own IPFS node for additional redundancy, but there's no server software to install or maintain.
Which One Should You Choose?
The right answer depends on your priorities:
Choose Bitwarden if you want a polished, fully-audited product with team features and you're comfortable trusting a reputable company's cloud infrastructure.
Choose Vaultwarden if you want full control over your data, you're comfortable running a server (or already have one), and you want to use Bitwarden's excellent clients on your own terms.
Choose VaultKeepR if you want zero-trust, zero-server password management with modern cryptography, wallet-based auth, and decentralized storage — without needing to maintain any infrastructure.
Each path is valid. The question is which trust model you're comfortable with.
Keep Reading
- VaultKeepR vs Bitwarden — Full Comparison
- VaultKeepR vs 1Password — Which Privacy Model Fits You?
- Compare VaultKeepR with Bitwarden
- Compare VaultKeepR with Vaultwarden
- Why XChaCha20-Poly1305 Is the Future of Encryption
- Argon2id Key Derivation — Explained
- The Case for Decentralized Password Storage
- What Is Zero-Knowledge Encryption?
- 5 Password Manager Mistakes That Put Your Data at Risk
- IPFS for Password Security
Ready for zero-server password management? VaultKeepR is free to start — no email, no credit card, no server setup. Just connect your wallet and take control of your passwords.
Ready to take control of your passwords?
VaultKeepR is the first decentralized password manager. Zero-knowledge. Wallet-native. Yours.
Try VaultKeepR →