Bitwarden
Isn’t it proprietary?
Everything but a few proprietary, business focused modules in the backend (like managing multiple organisations) is AGPL licensed. Unless you’re a business, you can probably make do with just the open source code. They’ve even included a compile flag to disable all proprietary code. The clients are all GPL-licensed as far as I can tell.
You can also run Vaultwarden as the backend, which is a third party server that takes a lot less RAM but isn’t suitable for hosting thousands of active users at once. I also don’t think it has been audited, unlike the Bitwarden code. Great option if you trust them as much as you trust the Bitwarden company to maintain security.
To me storing passwords anywhere except for a machine I own is stupid in terms of security. But gtk it’s open-source. I didn’t know that.
How do you feel about encryption?
It depends on what kind of encryption it is but still giving someone your passwords isn’t a good idea. They can always decrypt everything. Forward secrecy is almost never guaranteed.
What is your threatmodel?
No, it’s open source.
Kind of, most of it is actually open source, so there’s a fully open source self hosted alternative called Vaultwarden.
But that has nothing to do with gpasswd.
Even the server part for Bitwarden is open source and you can self-host it. Yes, Vaultwarden is a community alternative which is known to be lighter, but you have the choice from Bitwarden too.
Purple
Same but without all the ads and blogspam wording: https://man.archlinux.org/man/core/shadow/gpasswd.1.en
Quick, someone make a yt video that explains even less with more confusion and a word from our sponsors!
And without the simple wording and practical explanations
Peak Linux right here. The only reading you ever need is man pages.