My work is investigating whether they can offer a password manager for their customers. They now want to see if they can use Vaultwarden for this. They want to host these themselves, adjust logos and then create accounts for the users.
I see on Github that Vaultwarden has the “GNU General Public License v3.0” license. This license authorizes “commercial use”.
Can my work use Vaultwarden to use as a password manager for customers? What limitations are there?
Thanks in advance,
Limitations are shown here as the differences between the official upstream version and Vaultwarden.
You are absolutely correct Vaultwarden should be able to be used for commercial use, though depending on your need it may or may not make sense.
We used Vaultwarden as a testing ground to test some premium features and some limited beta user testing and feedback.
While I think it is perfectly fine for home users (I personally run an instance to tinker and test) and small businesses, I do think larger commercial roll outs should highly consider the official project.
The above mentioned partity differences and currently missing features a larger operation would need for scale
While the official upstream project of Bitwarden is aware of Vaultwarden they are fairly accepting, (such is the way of open-source) though with some caveats. Bitwarden I do not believe would intentionally create incompatibility between their product and Vaultwarden.
But that being said there have been times where a Bitwarden update and release has caused issues specific to the Vaultwarden server as there is some incompatibly with the newer Bitwarden client and the Vaultwarden server. This primarily would affect the desktop client, mobile apps, and browser extensions. The web vault is bundled with Vaultwarden and has some tweaks for compatibility and would not auto-update from Bitwarden but would be updated when Vaultwarden is updated, so worst case the web-vault should still be accessible.
Until then you would be up to the Vaultwarden devs to implement a fix, (typically has been fairly quick for minor breaks) or if a feature would be added at all.
Vaultwarden is very much a roll your own solution, while there is great community support and the devs are active in helping out. Bitwarden is a commercial product with a guaranteed level of support, for something as critical as passwords and logins, etc and other company data that SLA may be needed. Backups go so far as long as your users actually do them.
Bitwarden can be self-hosted if you chose to still retain control of the deployment cycle etc, but there is still commercial support to fall back on should you need it depending on your level of willingness and knowledge on docker, hosting, network security, patch management, database administration, and data management and backups, plus disaster recovery planing and testing, etc.
Bitwarden while growing is still a fairly small company with a great open-source product. Many of the same reasons we love Bitwarden and Vaultwarden as an extension is thanks to the upstream project and their continued development. Remember without Bitwarden there would be no Vaultwarden.
Bitwarden provides a generous and suitable free tier for most users, their business model relies on larger enterprises who can absolutely foot the bill for a good security product to offset and subsidize the costs to keep personal user costs low and have continued development.
Remember devs need coffee and computers to code.
I absolutely think those who cannot afford it Vaultwarden is a great solution, and for many in some counties even the cost for a personal premium plan from Bitwarden at $10 USD /yearly may be a considerable wage.
While I fully support the Vaultwarden project, I am glad I was able to push our company towards the official project for commercial support and SLA.
I’ll leave you with this.
Also specifically regarding this portion, Bitwarden has a dedicated MSP offering geared towards third party support and management of additional customer organizations etc,
Vaultwarden does not have this provider portal
Thanks for the detailed answers. I also host vaultwarden myself which works well. I hadn’t heard of Bitwarden for Managed Service Providers before, looks good. I’ll investigate further.