Docker on grainworkshttps://grainworks.tech/tags/docker/Recent content in Docker on grainworksHugoen-USWed, 10 Jun 2026 16:00:00 -0400Vaultwarden Migration & Security Assessmenthttps://grainworks.tech/projects/vaultwarden-migration/Wed, 10 Jun 2026 16:00:00 -0400https://grainworks.tech/projects/vaultwarden-migration/<p><strong>Status: Migration from old instance complete. Security assessment under review.</strong></p> <p>A thorough evaluation of the self-hosted Vaultwarden setup, including migration to a new server, comprehensive security assessment, replacement analysis, and alternative password management strategies.</p> <h2 id="what-was-done">What Was Done</h2> <ol> <li><strong>Cloned the production database</strong> from the UnRAID tower to the local Mini for redundancy</li> <li><strong>Performed a security assessment</strong> covering container hardening, backup strategy, TLS configuration, and access controls</li> <li><strong>Evaluated beyond-Bitwarden alternatives</strong> — what would it take to move away from Vaultwarden entirely? Including Passkey-first approaches, age-encrypted password stores (hermes-pass), and hardware-backed solutions</li> <li><strong>Maintained a mirror</strong> at <code>/Volumes/Mini_1Tb/Projects/vaultwarden-mirror/</code> for development and testing</li> </ol> <h2 id="source-files">Source Files</h2> <ul> <li><strong>Main repo:</strong> <code>/Volumes/Mini_1Tb/Projects/vaultwarden/</code></li> <li><strong>Mirror (dev):</strong> <code>/Volumes/Mini_1Tb/Projects/vaultwarden-mirror/</code></li> <li><strong>Security assessment:</strong> <code>vaultwarden-replacement-security-assessment.md</code></li> <li><strong>Replacement plan:</strong> <code>vaultwarden-replacement-plan.md</code></li> <li><strong>Beyond-Bitwarden analysis:</strong> <code>vaultwarden-replacement-beyond-bitwarden.md</code></li> </ul> <h2 id="key-findings">Key Findings</h2> <ul> <li>Current Vaultwarden deployment is stable but has hardening gaps</li> <li>Age-encrypted password stores (hermes-pass) offer a compelling alternative for CLI-centric workflows</li> <li>Passkey-first approaches are still maturing — Vaultwarden remains the better choice for shared/secrets management in the near term</li> <li>Hook scripts on the mirror enable custom pre/post-backup processing</li> </ul>