Services

Managed Bitwarden

Self-hosted open-source password manager with EU data sovereignty

The problem with Bitwarden.com SaaS#

Bitwarden is the gold standard for open-source password management — but the hosted SaaS product creates real problems for teams with strict security or compliance requirements:

  • US-hosted vault: Your credentials, TOTP secrets, and secure notes live on Bitwarden's US cloud infrastructure
  • Shared infrastructure: Your vault data coexists with thousands of other organizations on shared servers
  • No data residency control: You cannot guarantee where your credentials are stored or processed
  • Third-party dependency: A Bitwarden service outage or acquisition event puts your team's credential access at risk
  • Compliance gaps: Many regulated industries and privacy-conscious organizations cannot accept third-party credential storage

For teams in finance, healthcare, automotive, or any organization with GDPR data sovereignty requirements, these are not minor concerns — they are blockers.

The solution: single-tenant Bitwarden on EU infrastructure#

We provision and operate dedicated Bitwarden instances on EU-based infrastructure using Docker. Your Bitwarden is yours alone:

  • Single-tenant: Dedicated server for your organization — no shared compute, storage, or network with other customers
  • EU-hosted: Frankfurt, Amsterdam, Helsinki, or any EU region of your choice
  • Your domain: vault.yourcompany.com with SSL and custom branding
  • Zero-knowledge architecture: End-to-end encryption means even we cannot read your vault data

What's included#

Infrastructure hosting#

  • Dedicated EU server provisioned and configured for your Bitwarden instance
  • SSL certificate with your custom domain (e.g., vault.yourcompany.com)
  • Network-level isolation and firewall configuration

Docker management#

  • Initial Bitwarden Docker deployment and configuration
  • Rolling zero-downtime upgrades as new Bitwarden versions are released
  • Container health monitoring and automatic restarts

Backups and recovery#

  • Daily encrypted backups with 30-day retention
  • Tested restore procedures so recovery is fast and reliable
  • Backup storage in a separate EU region from your primary instance

Monitoring and operations#

  • 24/7 uptime monitoring with alerting
  • Proactive capacity management as your user count grows
  • Incident response for any service disruptions

SSO and directory sync setup#

  • Initial configuration of SSO (Okta, Entra ID, Google Workspace, AD FS)
  • SCIM directory sync setup for automatic user provisioning and deprovisioning
  • Ongoing SSO and SCIM support as your identity provider changes

Bitwarden Enterprise license#

Bitwarden Enterprise is required to enable SSO, SCIM, advanced audit logs, and policy enforcement. The license is $6/user/month, billed directly by Bitwarden or invoiced through us.

What Bitwarden Enterprise adds:

  • SSO: SAML 2.0 / OIDC integration with your identity provider
  • SCIM: Automatic user provisioning and group sync from Entra ID, Okta, or Google
  • Advanced audit logs: Full event log of vault access, sharing, and admin actions
  • Vault export controls: Prevent users from exporting vault data
  • Custom policies: Enforce master password requirements, 2FA, and more

Our infrastructure management fee covers the server hosting, Docker ops, backups, monitoring, and SSO/SCIM setup — not the Bitwarden license itself.

Compliance#

  • GDPR: We provide a Data Processing Agreement (DPA). Your vault data stays in the EU.
  • SOC 2 Type II: Our infrastructure providers hold SOC 2 Type II certification.
  • Data residency: You choose the EU region; vault data does not leave it.
  • Open source: Bitwarden's full codebase is public on GitHub and independently audited. No proprietary black-box components.

Open-source advantage#

Bitwarden is the only major password manager with a fully open-source codebase — client apps, server, and CLI are all auditable on GitHub. This matters because:

  • Independent security researchers can (and do) audit the code
  • You are not trusting a proprietary encryption implementation
  • If Bitwarden ever changes direction, the open-source foundation means community forks can maintain compatibility
  • You can verify exactly what code is running on your self-hosted instance
  • Sovereign Productivity Suite — Self-hosted Zimbra, OnlyOffice, and Nextcloud for teams that want full data sovereignty across email, documents, and file storage
  • Certificate Management — Automated TLS certificate lifecycle for your Bitwarden and other self-hosted services
  • Security Audit — Comprehensive security posture assessment including credential management practices