Let's Encrypt SSL/TLS certificates are free, as is Apache/Nginx/Caddy to reverse proxy Nextcloud or any other solution (if a web based interface is needed). You might also need something like ngrok ( https://ngrok.com/ ) for publically accessing the instance if you're behind NAT and are hosting it on a homelab, or alternatively just put it on one of the VPSes that you're using, if you have any.
Personally i'm using a similar setup (a WireGuard VPN tunnel or two in there as well) on my pre-existing VPSes, so the effective costs are 0$ for me. And the file based approach is actually superior to any (possibly) dubious browser plugins in my eyes.
Their client used to support this and they stopped. Because their current way makes them more money.
Their old client was super easy for non-technical users and groups (just enter Dropbox credentials, etc).
And specifically you only need the DB free tier to store a 1PW vault, so the only cost was paying for the 1PW client (which I am more than happy to pay for on major version updates, as long as it is not a subscription).
1PW removed functionality that existed, with goal (or at the very least the effect) of locking users into their own cloud platform with a new monthly bill.
My time probably isn't as valuable as that of the many people here (about 5x less earnings on average in Latvia when compared to places like US), therefore it definitely makes sense for me to upskill myself in any way possible, especially if I get usable software out of it.
But if you take the container based approach, there is almost no administration to be done:
First, install Docker: https://docs.docker.com/engine/install/ubuntu/#installation-methods (about 10 minutes, varies by distro)
Personally, i use Docker Swarm, but that's just a few more init commands and Docker Compose works as well: https://docs.docker.com/compose/install/ (about 5 minutes)
Then, set up something like Caddy for a reverse proxy: https://hub.docker.com/_/caddy (probably 20 minutes)
And then, set up Nextcloud: https://hub.docker.com/_/nextcloud (probably 20 minutes)
Lastly, install KeePass from the previously mentioned links and put the password DB in the synced folder (probably 10 minutes)
Ngrok, DNS challenges etc. might be necessary depending on the setup, but are not usually required for most regular VPSes.
Backups and updates should also be taken care of, but full VPS backups are mostly standard and you can just bump the container tag every month.
Furthermore, I'd argue that most of the cloud offerings are actually problematic because not all of them let you download the data as files. In contrast, KeePass works with files (much like SQLite) and therefore, if you'd prefer to use SD cards or Samba or NFS or whatever instead of VPSes to somewhat decrease the attack surface, or simply use tools that you know, then you can do that. Want Syncthing instead of Nextcloud? Go ahead!
I'm putting emphasis on this because the line of thinking that we need web SaaS platforms for everything is dangerous - it makes you think that the problem is more complicated than it actually is. Whereas in reality some people probably get away with using password protected spreadsheets (don't do this). The problem is complicated only from a security perspective. That's it.
The cloud solutions excel at convenience and things like browser plugins and it's good that they're offering options for the less technically inclined folk, but they're far from the only option.
I've got a lab for stuff I want to tinker with, but a password manager is seen as an "essential service" to me like e-mail and music. I'd much prefer to pay a bit per month and have a team of professionals deal with it if the servers go down.
If at the end of the day my home server breaks and I want to get on and watch Amazon Prime/Netflix/whatever I still can with a hosted password manager. I value my time and sanity a lot more than £2 a month.
Potentially. Are you looking to make a prototype, or are you trying to go to prod with mission critical data?
Most people here could trivially roll a prototype grade password manager in pretty limited time. Getting something hardened and reliable is a different story.
It does seem like an interesting and useful project, though there are also other more popular alternatives like Caddy: https://caddyserver.com/ (even though their V2 not being backwards compatible was a tad annoying)
Oh, and some people also have pretty good luck with software like Traefik: https://traefik.io/traefik/
Apart from that, just wanted to say that WireGuard is absolutely lovely! Pretty simple to set up, works well and uses way less resources than something like OpenVPN.
After setup I rarely have to think about it, maybe manually synch a conflict between the dB's every 3 months or so.
Overall, _very_ happy with the setup.