Vaultwarden

Lightweight Bitwarden-compatible password manager on a tiny Alpine LXC (256MB RAM, 1GB disk). Handles credential management for all household devices and doubles as the secrets tier for agent operations — API keys, tokens, and sensitive config that shouldn't live in plaintext. Admin panel available at `/admin` for self-service management. TLS is handled by Caddy.