Latest issue

Breaking Free: Why I Moved My Passwords, Cloud Storage and Content to a Sovereign Server

Breaking Free: Why I Moved My Passwords, Cloud Storage and Content to a Sovereign Server
Photo by Joshua Sortino / Unsplash

"For years, I’ve preached about digital privacy while paying monthly subscriptions to have my most sensitive data—my passwords and my thoughts—stored on someone else's hardware. This week, I decided to close the loop. By pairing Bitwarden for secrets management with Ghost for professional publishing and Next Cloud for hosting my own cloud storage, I’ve built a self-hosted 'command center' that I own entirely. Here is how I built it and the hard lessons I learned about securing a tripple-stack environment."


The Problem: The Illusion of "Free" and "Secure"
We live in an era of SaaS (Software as a Service) Fatigue. Every tool we use—from our password managers to our blogging platforms—has been moved behind a subscription wall. While this offers convenience, it creates a precarious dependency. If a provider changes their terms of service, suffers a breach, or hikes their prices, your digital life is held hostage.

For a developer or a privacy-conscious user, this is unacceptable. I realized that my most critical data—the "keys to the kingdom" in Bitwarden and my "intellectual footprint" in Ghost—were scattered across servers I didn't control, subject to security audits I couldn't see.

The Philosophy: Digital Sovereignty
Digital Sovereignty is the practice of regaining power over your digital presence. It’s about moving from being a tenant on the web to being a landlord. By self-hosting:

You own the database: No one can "de-platform" your blog.

You own the encryption: Your password vault isn't just encrypted; its location and access logs are private to you.

You own the cost: Instead of paying $10/month per service, you pay for raw compute power that scales with you.

The Turning Point: The LastPass Wake-Up Call
For a long time, I was comfortable in the "cloud-managed" lane. But the 2022/2023 breaches were a cold shower. Seeing the details emerge—the stolen vault backups, the compromised master passwords, and the realization that my most sensitive data was sitting in a proprietary black box—changed my perspective overnight.

I realized that security through obscurity is not security. The breach taught me that if I’m not the one managing the server, I’m not the one who truly decides how safe my data is. I didn't just want a new password manager; I wanted to know exactly where my encrypted blobs were stored, who had access to the logs, and how the encryption was handled. This led me to Bitwarden, which allowed me to migrate my digital life onto a server where I hold the keys—literally and figuratively.

The Technical Challenge: The "Production-at-Home" Mindset
However, sovereignty comes with a price: responsibility. When you self-host a password manager, you become the SysAdmin, the Security Engineer, and the Backup Specialist. You cannot simply "spin up a container" and walk away.

This blog is a deep dive into the Production-at-Home mindset. We aren't just running scripts; we are building an architecture that balances the high-performance requirements of a Node.js-based CMS (Ghost) with the paranoid security requirements of a secrets vault (Bitwarden).

The Stack at a Glance
To achieve this, I settled on a "Lean & Mean" stack designed for high uptime and low overhead:

The Engine: Docker & Docker Compose (for reproducible environments).

The Vault: Bitwarden (a Rust based implementation of core SDK with a high focus on memory safety).

The Cloud: Next Cloud (an Open source cloud platform offering a self hostable file sync and several collaboration features)

The Stage: Ghost (a headless-ready CMS for modern publishing).

The Shield: A Reverse Proxy (handling automated TLS 1.3 encryption and headers hardening).

Why these specific tools?
You might ask: Why host a blog and a password manager together? The answer lies in Resource Synergy. Ghost is a Node.js application that benefits from fast I/O, while Bitwarden is written in Rust, making it incredibly memory-efficient. Together, they can comfortably share a modest VPS or home server without fighting for CPU cycles, allowing you to maximize your hardware investment without compromising the speed of your blog or the responsiveness of your vault.

While, we begin our journey into self hosting our infrastructure, I will also present you with a potential cost savings of owning your digital presence in the up coming posts..., so stay tuned...