VaultWarden

VaultWarden is an unofficial, self-hosted server for Bitwarden, written in Rust. It provides a lightweight, secure, and efficient alternative to the official Bitwarden server, allowing users to manage their passwords and sensitive information on their own infrastructure.

Overview

VaultWarden is fully compatible with the official Bitwarden clients, including the web vault, browser extensions, mobile apps, and desktop applications. This means you can seamlessly switch to VaultWarden without changing your existing Bitwarden setup. It implements nearly all of the Bitwarden Client API, supporting key features such as:

• Collections, password sharing, member roles, groups, event logs, admin password reset, directory connector, and policies.
• A web interface equivalent to the official Bitwarden web vault.
• Secure data storage with options for SQLite, MySQL, or PostgreSQL databases.

VaultWarden is designed for individuals, families, and small organizations who prefer self-hosting for greater control over their data and privacy. By self-hosting VaultWarden, you ensure that your sensitive information remains under your control and is not reliant on third-party services.

Key Benefits

• Lightweight and Efficient: Written in Rust, VaultWarden is optimized for performance and resource usage, making it ideal for deployment on smaller servers or even single-board computers like the Raspberry Pi.
• Self-Hosted Security: You maintain full control over your data, ensuring privacy and security without relying on external cloud services.
• Easy Deployment: VaultWarden can be easily deployed using Docker, with pre-built images available for quick setup. It can also be installed directly on a server for more customized deployments.

Deployment Instructions

OPTIONAL: Clone vaultwarden on host vaultwarden will be deployed.

git clone https://github.com/dani-garcia/vaultwarden.git

Create a local CA ROOT Cert on host vaultwarden will be deployed.

This can be done on your deployment host by following these instructions found on the vaultwarden GitHub Wiki. Or, use the below steps to use mkcert on your local dev machine.

Create a local CA ROOT and certs on your local dev environment.

A locally-trusted certificate is required for use with .internal domains. mkcert

This will generate a local CA ROOT Cert into ~/.local/share/mkcert

mkcert -CAROOT

Generate certificates for your internal domain.

mkcert "*.moeny.internal"

Add the generated cert and key to ./certs directory on the host vaultwarden will be deployed. These will be volume mapped by docker-compose.yaml.

Add SMTP Credentials to .env

Amazon SES? SendGrid? A GMail Account? A self hosted postfix server? So many choices!

SMTP_HOST=mypostfixserver.domain.com SMTP_FROM=vaultwarden@domain.com
SMTP_FROM_NAME=My Self Hosted Vault Warden
SMTP_USERNAME=smtp_user@domain.com
SMTP_PASSWORD=muchSECUREwow!buc-cees

Docker Compose Up

docker compose up

Got stuck? Check out the Using Docker Compose found in the VaultWarden GitHub.

Create an acccout

Visit the URL for your deployment and create yourself a user.

Hardening Guide

Would hurt to review this further and verify your levels of comfort.

⚠️ Self signed certs will need to be installed on client devices in order for native BitWarden Clients to communicate with self hosted deployment.

The README.md within the mkcert GitHub Repo provides instructions for how to install the root CA and enable full trust in it. These steps will vary based on your client operating system.