Yes, but vaultwarden isn't something you can casually run by yourself without some careful thinking. You are hosting secrets whose longevity is important, so if deploying yourself, take good care of backups and do regular drills, so you validate that the backups work, that they aren't corrupted and that you keep a copy off-site.
Actually, I didn't have any careful planning when I started out self-hosting Vaultwarden. I didn't even have system backup (was just a script kiddie back then, didn't even know about 1-2-3). I have to migrate my instance 3-4 times. But because I'm just hosting Vaultwarden for myself, I can export the whole account from one of the Bitwarden clients (either the extension or mobile app) and reimport it in the new instance. Because I always have at least three devices with active use connected to my Vaultwarden instance, for me this also counts as 3 off-site backup that can be used to re-instate the whole setup.
It is surprisingly very durable and maintenance-free even for a script kiddie like me to maintain. My advice is (at least when it comes to Vaultwarden) don't think too much about this, just selfhost it, at least for yourself. You'll probably be able to manage it when something happen.
Me and some friends have each been hosting vaultwarden casually for years now. What problem do you see? I mean if the Server goes down and gets completely corrupted, worst case, all my devices still have the version of the vault they recently used. Technically every device has it's own backup of the vault.
If I stay offline for more than 30 days, can I still access my local passwords? Honest question, because if that's the case it's nice, but I think you'd need to somehow authenticate before accessing your local vault.
Thanks for making me check. Did not know this: "Offline Vault sessions will expire after 30 days. Except for mobile client applications, which will expire after 90 days." But for me that is enough time to feel safe, still will do backups regularly.
If you’re self-hosting,
and not using their official clients,
your database stays functional in perpetuity.
Which client? Is there a unofficial client for android that doesn't expire?
You need a VPS, correct? Are there any concerns about hardening your VPS from attackers? I worry about my ability to harden a public - facing service that is handling something so critical for myself.
Don't make it public facing! Put it behind a VPN!!
Use a host that takes care of this for you.
My host has prebuilds for Vaultwarden.
You should be doing regular exports/backups of your vault regardless of how it's hosted. Bitwarden could go belly up tomorrow and lose all their stored vault data.
Is there anything stopping a commercial Vaultwarden host?
Competing with the authority bitwarden the company has over the bitwarden open source project. That's just the first thing off the top of my head. Very few people go to the competitor offering the exact same thing but with less say on the popular codebase.
That already somewhat exists.
Reimplementing the server side is the easy part.
But a commercial offer will need rebranding the client, and maintaining forks is much more involved. As long as Bit warden publishes the sources ...
IMO a paper print-out of all passwords and backup codes is the most reliable backup. No bit-rot, no third party, and "degradation" is obvious - fire, flood, etc.
Theft is also usually obvious.
If self-hosting, keep at a separate location than your hard drives.