That’s like the old “internet explorer, #1 browser… to download other browsers”

Port forwarding a wg udp port is way safer than port forwarding some application to login to from the internet. At least with WG you can’t even brute force it or anything, it’s a lightweight protocol that requires a client cert.

Was a bit of a concern to me but I have vw-backup running that backs up my vaultwarden config, and I use duplicati to send the backups to b2 storage so even if my entire nas blew up and was a total loss I would be able to get the data.

I also use duplicati to send a copy of the config to a vps so I can spin up a DR instance of vaultwarden if needed so I’ve got 3 copies of the data.