How to Replace LastPass with Vaultwarden

In December 2022, LastPass disclosed that attackers had stolen encrypted vault backups for roughly 30 million users. That was bad. What's worse — three years later, those stolen vaults are still being cracked. Over $438 million in cryptocurrency has been traced back to that single breach, with thefts still happening through late 2025.

If you're still on LastPass, or if this story makes you uneasy about trusting any SaaS password manager, there's a straightforward way out: self-host your own.

Meet Vaultwarden

Vaultwarden is an open-source, Bitwarden-compatible password manager server written in Rust. It implements the full Bitwarden API, which means every official Bitwarden client — browser extensions, mobile apps, desktop apps, CLI — works with it out of the box.

The difference? Vaultwarden runs in a single Docker container using around 50 MB of RAM. The official Bitwarden self-hosted server needs ~11 containers and at least 2 GB of RAM. And all the features Bitwarden locks behind a premium subscription — TOTP authenticator, file attachments, Send, emergency access, organization sharing — are included in Vaultwarden for free.

It has 57K GitHub stars and 161 contributors. This isn't a hobby project — it's battle-tested infrastructure that thousands of teams rely on daily.

Why Self-Hosting Your Passwords Matters

The LastPass breach didn't happen because passwords were poorly encrypted. It happened because a DevOps engineer's personal computer got compromised through an unpatched Plex server, and that engineer was one of only four people with access to the decryption keys for LastPass's cloud storage.

That's the fundamental problem with SaaS password managers: you're trusting someone else's infrastructure, someone else's employees, and someone else's security practices with the keys to your entire digital life.

With Vaultwarden on your own server, the vault data never leaves your infrastructure. There's no cloud backup for an attacker to steal. No third-party employee whose laptop can be compromised. Your passwords, your server, your rules.

The Migration: LastPass to Vaultwarden in 15 Minutes

Here's the actual process. It's simpler than you'd expect.

Step 1: Deploy Vaultwarden

The fastest way is through Elestio — select Vaultwarden from the marketplace, pick a provider (2 CPU / 4 GB RAM is more than enough), and click Deploy. You'll have a running instance with automated SSL, backups, and monitoring in under five minutes. Infrastructure cost starts at ~$16/month on Netcup.

Step 2: Export from LastPass

Log into your LastPass web vault. Go to Advanced Options > Export > LastPass CSV File. Confirm via email, and save the .csv file locally.

Important: This file contains all your passwords in plaintext. Don't email it, don't upload it anywhere, and delete it as soon as the import is done.

Step 3: Import into Vaultwarden

Log into your new Vaultwarden web vault. Navigate to Tools > Import Data, select "LastPass (csv)" from the format dropdown, upload your file, and click Import.

That's it. All your passwords, notes, and saved form data are now in your self-hosted vault.

Step 4: Connect Your Devices

Install the official Bitwarden app on your phone, browser, and desktop. On the login screen, tap the server/region selector, choose "Self-hosted", and enter your Vaultwarden URL (e.g., https://vault.yourdomain.com). Log in with your new credentials.

Step 5: Lock Down and Clean Up

• Enable 2FA on your Vaultwarden account (TOTP or hardware key)
• Verify a few passwords with special characters imported correctly
• Permanently delete the exported CSV file
• Delete your LastPass account

What You Get Out of the Box

Vaultwarden isn't a stripped-down alternative — it's feature-complete:

• TOTP Authenticator — Store 2FA seeds alongside passwords, auto-generate codes. No separate authenticator app needed.
• Send — Share encrypted text or files (up to 500 MB) via a unique link. Password-protected, auto-expiring, no account required for the recipient.
• Organizations — Create shared vaults for your team with fine-grained access control and collections.
• Emergency Access — Designate trusted contacts who can request vault access with a configurable waiting period.
• File Attachments — Attach documents, recovery codes, and certificates directly to vault entries.

The Real Cost Comparison

The math is clear: Vaultwarden's flat infrastructure cost doesn't scale with your team size. At 10 users you're already saving. At 50, it's not even close.

Troubleshooting

Browser extension won't connect Vaultwarden requires HTTPS for client connections. On Elestio, SSL is handled automatically. If you're self-hosting elsewhere, make sure your reverse proxy has a valid certificate. For custom domain setup on Elestio, follow the official domain configuration guide.

Special characters look wrong after import LastPass CSV exports sometimes HTML-encode characters like &, <, and >. After importing, spot-check a few entries with special characters in passwords and fix manually if needed.

Mobile app asks for "organization license" You might be running an older Bitwarden client version. Update to the latest Bitwarden app — Vaultwarden v1.35+ is compatible with current clients, and no license file is needed.

Take Back Your Passwords

Look, the LastPass breach wasn't a one-off freak accident. It was the predictable result of centralizing millions of password vaults in one place and hoping the perimeter holds. That $438 million in stolen crypto is proof it didn't.

Self-hosting your password manager with Vaultwarden puts you back in control. The migration takes 15 minutes, the clients are the same polished Bitwarden apps you'd use anyway, and your vault data stays on your infrastructure — not in someone else's breach report.

Deploy Vaultwarden on Elestio and make the switch today.

Thanks for reading. See you in the next one 👋