It does seem like most password managers have no moat for import/export, so I’m kinda banking on the idea that I can quickly migrate to Proton Pass or vaultwarden if things get ugly.

I just don’t want to self-host if I can avoid it.

Staying on top of managing the application and the environment is a whole different level of diligence when the thing I’m self hosting is the keys to my life. At a minimum it would have to be behind something like a wireguard tunnel to a trusted machine, and that’s an added headache for daily use.

▲

nine_k 6 hours ago | parent [-]

Does Proton Pass use a wireguard tunnel? Or does Bitwarden? TLS should suffice.

Yes, you want to guard the machine that hosts your passwords. You can even physically keep it at home, and only proxy its port 443 wherever you have a presence in the public Internet.

	▲	dd8601fn 5 hours ago \| parent [-]
		Those at least have people whose literal jobs are to protect that stuff. The service, the clients, the transport, the environments, etc. That’s what I don’t have if I self host. That’s not to say anything is bulletproof… nothing useful is… just that I don’t entirely trust myself to be 100% on top of something like that as a hobby hosting endeavor.