Table of Contents
- Frequently Asked Questions
- Is Vaultwarden associated with the Bitwarden project or Bitwarden, Inc?
- I've found a public Vaultwarden instance. Is it associated with this project? Is it safe to use?
- Can Vaultwarden connect to an Oracle MySQL V8.x database?
- My client (Desktop, Mobile, Web) does not work, I can not login or it complains about invalid certificates.
- Why do I see no icons for all my vault items?
- Websocket connections show wrong IP address
- Why does Vaultwarden say [INFO] No .env file found. even though I provided one?
- Can i run Vaultwarden as an Azure WebApp
- I did not find my answer here in the FAQ, what to do next?
Frequently Asked Questions
Is Vaultwarden associated with the Bitwarden project or Bitwarden, Inc?
Short answer, No. There sometimes is some contact between the developers of both projects, but there is no collaboration. Besides that, the Vaultwarden project only uses the web vault provided by Bitwarden, Inc with some patches to make it work with our implementation.
I've found a public Vaultwarden instance. Is it associated with this project? Is it safe to use?
This project does not host any public Vaultwarden instance and we don't endorse the use of any such site either. Cf. #3233 #4142 #4367
Can Vaultwarden connect to an Oracle MySQL V8.x database?
It could happen that you get the following warning when trying to start Vaultwarden when using Oracle MySQL v8.x
[vaultwarden::util][WARN] Can't connect to database, retrying: DieselConError.
[CAUSE] BadConnection(
"Authentication plugin \'caching_sha2_password\' cannot be loaded: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory",
)
Oracle MySQL v8.x uses a more secure password hashing method by default, which is good, but currently not supported by our builds.
You need to create the Vaultwarden user in a specific way so that it uses the old native password hashing.
-- Use this on MySQLv8 installations
CREATE USER 'vaultwarden'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yourpassword';
If you already created the user and only want to change the hashing method, use the following:
-- Change password type from caching_sha2_password to native
ALTER USER 'vaultwarden'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yourpassword';
Also see: Using MariaDB - Create Database and User
My client (Desktop, Mobile, Web) does not work, I can not login or it complains about invalid certificates.
The Bitwarden clients need a secure connection to fully work without any issues. Though some clients can work without a secure connection we do not recommend this.
Most of the time when people are using certificates and still have issues, they are using so called Self-Signed certificates. While those could provide a secure connection, some platforms do not allow or support this.
We recommend to use a service like Lets Encrypt to provide a valid and by most devices by default accepted certificate.
See the following page:
Why do I see no icons for all my vault items?
There are multiple reasons why there is no icon shown.
If it is just for a few of the vault items it could be that we are not able to extract it. Some sites have some protections enabled which causes our implementation to fail. Most of them require Javascript to work.
It could also be that the Vaultwarden server is not able to access the Internet or resolve DNS queries.
You could check the /admin/diagnostics
page (See Enabling admin page) to see if you can resolve DNS queries and have a connection to the Internet.
If that does work, there could also be a firewall or Outgoing Internet Proxy which maybe blocks these requests.
Websocket connections show wrong IP address
This is not something we can fix on our side. The library we use doesn't support any form of X-Forwarded-For
or Forward
headers.
It will always show the IP of the reverse proxy used unless you run vaultwarden directly without any proxy, or run a transparent proxy, that could cause it to do show the correct IP. It is not an important part to log, and if you use a reverse proxy you can probably also see this request in its logs which will have the correct IP.
Why does Vaultwarden say [INFO] No .env file found.
even though I provided one?
While launching, Vaultwarden checks for the existence of a file called .env
(if not changed via the environment variable ENV_FILE
) in the current working directory of the process. If you have not provided this file Vaultwarden will simply inform you that it has not found it. This file is not related to the env file you have provided to docker which loads in the environment variables on container creation or the EnvironmentFile used within a systemd .service.
Can i run Vaultwarden as an Azure WebApp
Unfortunately Azure WebApp's uses CIFS/Samba as their volume storage which does not support locking. This causes issues with the SQLite database file.
There are two ways to solve this.
- Do not use SQLite, but MariaDB/MySQL or Posgresql as the database backend.
- Try to disable WAL using the
ENABLE_DB_WAL
environment variable by setting it's value tofalse
. This needs to be done on a new file, so you need to remove the previously createddb.sqlite3
file and restart the Vaultwarden app again.
I did not find my answer here in the FAQ, what to do next?
Well, please try to search and click through our wonderful Wiki.
If that does not help you, try to look at either Github Discussions or Vaultwarden Forums.
If that also results in no solution, you could try to search the open and closed Issues.
If you still have not found an answer, you can start a topic on either Github Discussions or Vaultwarden Forums, or joins us in our chatroom.
FAQs
Container Image Usage
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
Deployment
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
HTTPS
Configuration
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration
Database
- Using the MariaDB (MySQL) Backend
- Using the PostgreSQL Backend
- Running without WAL enabled
- Migrating from MariaDB (MySQL) to SQLite