Post

Vaultwarden

password manager server.

Posted
image
image
By ahmed bouayed
2 min read
Vaultwarden

Bitwarden is an open-source password manager that helps individuals and teams securely store, manage, and share passwords and sensitive information. It offers end-to-end encryption, cross-platform access, and features like password generation, autofill, and secure sharing.

Vaultwarden is a lightweight, self-hosted alternative to the Bitwarden password manager server. In this post, I’ll walk you through deploying Vaultwarden using Docker Compose, including SMTP setup for email notifications.

Prerequisites

  • Docker and Docker Compose installed on your server.
  • A domain name pointed to your server (for HTTPS).
  • (Optional) An SMTP provider for email notifications.

Step 1: Prepare the Directory

Create a directory for Vaultwarden and navigate into it:

1

mkdir vaultwarden && cd vaultwarden

Step 2: Create docker-compose.yml

Below is a sample docker-compose.yml file for Vaultwarden:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

# filepath: docker-compose.yml
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    volumes:
      - ./bitwarden:/data:rw
    ports:
      - 8000:80
    environment:
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=false
      - DOMAIN=${DOMAIN}
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_FROM=${SMTP_FROM}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_SECURITY=${SMTP_SECURITY}
      - SMTP_TIMEOUT=${SMTP_TIMEOUT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
  • ADMIN_TOKEN: Used to access the admin interface.
  • WEBSOCKET_ENABLED: Enables real-time updates.
  • SIGNUPS_ALLOWED: Set to true for initial setup, then false to disable public signups.
  • DOMAIN: Your Vaultwarden instance URL.
  • SMTP variables: Configure email notifications.

Step 3: Create .env File

Create a .env file in the same directory to store environment variables:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

# filepath: .env
# General Settings
ADMIN_TOKEN= # Generate with: openssl rand -base64 48
WEBSOCKET_ENABLED=true
SIGNUPS_ALLOWED=true # Set to false after creating your admin account
DOMAIN=https://bitwarden.example.com # Replace with your domain

# SMTP server configuration
SMTP_HOST=smtp-relay.sendinblue.com
[email protected] # Replace with your email
SMTP_TIMEOUT=15
[email protected] # SMTP username
SMTP_PASSWORD=yourpassword # SMTP password
SMTP_SECURITY=starttls     # Options: off, force_tls, starttls
SMTP_PORT=587

Step 4: Start Vaultwarden

Run the following command to start Vaultwarden:

1

docker compose up -d

Vaultwarden will be accessible at http://your-server-ip:8000 or via your domain if you set up a reverse proxy.

For production, use a reverse proxy like Nginx or Caddy to enable HTTPS. Vaultwarden Wiki: Reverse Proxy Examples

Step 6: Access the Admin Interface

Visit http://your-domain/admin and enter your ADMIN_TOKEN to access the admin panel.

References

Happy self-hosting!

security
docker
This post is licensed under CC BY 4.0 by the author.