Vaultwarden

Vaultwarden is an unofficial, open-source server implementation of the Bitwarden client API, written in Rust and maintained by Daniel García (GitHub: dani-garcia), a developer based in Spain, together with a community of contributors. It was formerly known as "bitwarden_rs" and was renamed to Vaultwarden to separate itself from the official Bitwarden server and avoid trademark and branding confusion. It is licensed under the **AGPL-3.0** licence — relicensed from GPLv3 specifically to close the loophole that would have allowed commercial SaaS use without contributing back. The reason Vaultwarden belongs in an EU-sovereignty directory is structural: it is **self-host-only**. There is no Vaultwarden cloud product, no Vaultwarden company, no commercial entity, no funding, no DPA, no sub-processors, and no telemetry — because there is nothing hosted to process. It is server software that a user or organisation runs themselves, fully compatible with the official Bitwarden desktop, mobile and browser clients, and deliberately lightweight so it can run on a small VPS or Raspberry Pi where the official resource-heavy Bitwarden server would be impractical. Run on EU infrastructure — Hetzner, OVHcloud, Scaleway, IONOS, STACKIT — it inherits a clean 5/5 compliance posture with no CLOUD Act exposure and zero vendor-counterparty risk: there is no vendor that could be acquired, change posture, or be served a US warrant. The trade-offs are the usual self-hosting ones, plus a couple specific to Vaultwarden. There is no enterprise SSO / SCIM support (a deliberate scope decision — that is where official Bitwarden's paid tiers differentiate), the operator is responsible for backups, TLS, and updates, and one of the active maintainers is employed by Bitwarden and contributes on their own time independently (reviewed by other maintainers). Vaultwarden is completely free; funding is via donations. Best fit: technically capable EU individuals, homelab users, and SMBs with IT capacity who want a Bitwarden-compatible vault under their own full control on EU infrastructure — and any procurement-grade buyer for whom "no vendor at all" is the strongest possible sovereignty answer.