After years of self-hosting via Vaultwarden, the author finds Bitwarden’s client quality, vault migration tooling, and open-source trajectory unacceptable for serious use.
Key Takeaways
The official Bitwarden server requires MSSQL Express and refuses PostgreSQL/MariaDB; Vaultwarden (Rust) is 3x more popular on GitHub and uses a fraction of the RAM.
Moving items between vaults has no native bulk-move feature after ten years; the official workaround exports plaintext JSON and silently drops attachments, password history, and timestamps.
A 2024 @bitwarden/sdk-internal dependency included a license banning use with non-Bitwarden backends; Bitwarden called it a “packaging bug” and relicensed under GPLv3 after backlash.
Client updates have broken vault access without warning; the Android app’s 2024 rewrite from .NET MAUI to Kotlin shipped persistent regressions through quarterly releases.
$100M in PSG/Battery Ventures growth equity creates investor return pressure that the author argues is already shifting Bitwarden away from user-serving priorities.
Hacker News Comment Review
Consensus splits sharply by use case: cloud/free-tier users find the criticism overblown, while self-hosters and power users confirm real autofill and UX regressions, especially on Android.
Several commenters recommend Vaultwarden as the practical answer for self-hosting, though the article explicitly addresses Vaultwarden and argues the client-side problems persist regardless of backend.
The $20/year pricing drew skepticism toward the rent-seeking framing, but the licensing episode and VC backing were seen as legitimate long-term risk signals worth watching.
Notable Comments
@muppetman: Daily Bitwarden user who switched to 1Password for work; confirms Android autofill and domain-matching failures are real, not just author grievances.
