Did you ever just reset your password because you were clueless about the credentials you once set?
Or are you “taking the risk” by keeping it simple using the same password for every single service you use?
If any of this sounds familiar I’m glad you found this article, and it’s my great pleasure to invite you into …
What is Vaultwarden? #
Vaultwarden (formerly known as Bitwarden_rs) is an alternative implementation of the Bitwarden server API, compatible with all
Bitwarden clients.
Most of Bitwarden’s features are implemented, including:
- Organizations support
- Attachments
- Vault API support
- Serving the static files for Vault interface
- Website icons API
- Authenticator and U2F support
- YubiKey and Duo support
Check this link to see the full feature set.
How can I use it? #
Once Bitwarden is up and running your own instance can be used with all known Bitwarden clients, Browser Add-on’s or of course the integrated the web vault. All you have to do is configure the URL of your Vaultwarden installation in each of the clients or use the web vault by accessing the URL via a browser.
Here is how you configure the Bitwarden Windows client, this can be taken as example of all other clients too since the configuration is very similar.
You’re now able to log into your Self-hosted Vaultwarden installation.
Installation #
Install Vaultwarden via docker-compose.
version: '3'
services:
vaultwarden:
container_name: vaultwarden
image: vaultwarden/server:latest
restart: unless-stopped
ports:
- <PORT>:80
- 3012:3012
volumes:
- bw-data:/data
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- bw-data:/log
environment:
- WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=true
- ADMIN_TOKEN=<ADMIN_PW>
- INVITATIONS_ALLOWED=true
- SHOW_PASSWORD_HINT=false
volumes:
bw-data:
<PORT>, <ADMIN_PW>.
ADMIN_TOKEN is your password when accessing the admin portal via
https://vault.domain.tld/admin, choose a secure password.
Since SIGNUPS_ALLOWED is set to true you are now able to navigate to
https://vault.domain.tld and register your first user.
Now head back to your web vault and make sure your created account is working.
If you don’t want to allow registration for future users you should change SIGNUPS_ALLOWED to false and rebuild your docker container.
docker-compose up -d --force-recreate
Password managers hold very sensitive data, I strongly recommend not to publish them to the internet without further security measures.
Read my guides on securing access via WireGuard or adding another layer of security with Authelia.
Admin Portal #
The admin panel allows granular configuration of general settings and features such as Email settings or multiple 2FA settings.
Navigate to
https://vault.domain.tld or http://<IP-ADDRESS>:<PORT>/admin and log in using the ADMIN_TOKEN you set in the docker-compose.yml.
Find the SMTP Email Settings tab to set your SMTP relay up which enables you to invite new users via email.
Now head to the Users section in the top navigation bar and invite a user.
These are just a few examples, there are many more settings to explore in the admin panel.
Final thoughts #
I wish more people knew how easy your digital life could be using a solid password manager like Bitwarden / Vaultwarden.
The available clients are perfectly integrated, and autofill functions work like a charm, try it yourself and spread the word to your friends and family.
Don’t forget to show some love and leave a ⭐ at the Vaultwarden GitHub Repo.