Table of Contents
Vaultwarden
Vaultwarden is an unofficial Bitwarden server implementation written in Rust. It is compatible with the official Bitwarden clients, and is ideal for self-hosted deployments where running the official resource-heavy service is undesirable.
Vaultwarden is targeted towards individuals, families, and smaller organizations. Development of features that are mainly useful to larger organizations (e.g., single sign-on, directory syncing, etc.) is not a priority, though high-quality PRs that implement such features would be welcome.
There have been several audits done on Vaultwarden of which some are publicly available, read more about it on our Vaultwarden Audits wiki page.
Supported features
Vaultwarden implements the Bitwarden APIs required for most functionality, including:
-
Web interface (equivalent to https://vault.bitwarden.com/)
-
Personal vault support
-
Organization vault support
-
Groups, setting an environment variable is required in order to enable it)
-
Live sync (WebSocket only) for desktop/browser clients/extensions
-
Trash (soft delete)
-
Two-step login via email, Duo, YubiKey, and FIDO2 WebAuthn (including Nitrokeys and Solokeys)
-
Username generator integration with SimpleLogin, AnonAddy, or Firefox Relay
-
Directory Connector support
-
Live sync (push notifications) for mobile clients (Android/iOS)
-
Certain enterprise policies:
Missing features
Issue #246 contains the comprehensive list of feature requests, both features of the official server that are missing in Vaultwarden, as well as enhancements specific to Vaultwarden.
To simplify comparison with the official server, this section summarizes the features implemented in the official server that are not currently available in Vaultwarden.
Features that may be added as time permits (contributions are always welcome):
- Bitwarden Public API / Organization API key This feature is partially added, but only to support the Bitwarden Directory Connector.
Features that probably won't be added unless contributed:
- Single Sign-On (SSO)
- Custom roles
- Certain enterprise policies (UI not open source, would probably need to be configured via admin page):
Get in touch
To ask a question, offer suggestions, request new features, or get help configuring or installing the software, please use the forum.
If you spot any bugs or crashes with Vaultwarden itself, please create an issue. Make sure there aren't any similar issues open, though!
If you prefer to chat, we're usually hanging around at #vaultwarden:matrix.org room on Matrix. Feel free to join us!
FAQs
Container Image Usage
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
Deployment
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
HTTPS
Configuration
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration
Database
- Using the MariaDB (MySQL) Backend
- Using the PostgreSQL Backend
- Running without WAL enabled
- Migrating from MariaDB (MySQL) to SQLite