Vaultwarden Password Manager
Vaultwarden lightweight Bitwarden-compatible password manager server.
Overview
Vaultwarden is an unofficial Bitwarden server implementation written in Rust that provides a lightweight, self-hosted password management solution. Originally developed as bitwarden_rs, this open-source alternative offers full compatibility with official Bitwarden clients while requiring significantly fewer system resources than the official Bitwarden server. Vaultwarden enables individuals and organizations to maintain complete control over their password data while enjoying all premium Bitwarden features without subscription costs. This Docker deployment creates a complete password management infrastructure with web vault access, WebSocket support for real-time synchronization, and an administrative interface for server management. The container exposes both the main web interface on port 8080 and WebSocket notifications on port 3012, ensuring full client compatibility and instant synchronization across devices. This configuration is ideal for privacy-conscious users, small teams, families, and organizations that require complete data sovereignty over their credential storage. Vaultwarden's minimal resource footprint makes it perfect for home servers, VPS deployments, or edge computing environments where the official Bitwarden server would be too resource-intensive.
Key Features
- Full Bitwarden API compatibility with all official clients (desktop, mobile, browser extensions)
- Complete premium feature set including organizations, collections, and secure sharing at no cost
- WebSocket notifications for real-time synchronization across all connected devices
- Built-in administrative panel for user management and server configuration
- Two-factor authentication support with TOTP, WebAuthn, and Duo integration
- Emergency access functionality for trusted contacts and account recovery
- Lightweight Rust implementation requiring only 50MB RAM minimum
- Email invitation system for secure user onboarding and organization management
Common Use Cases
- 1Family password management with secure sharing of household accounts and subscriptions
- 2Small business credential storage with team access to shared services and applications
- 3Development team management of API keys, database credentials, and deployment secrets
- 4Privacy-focused individuals avoiding cloud-based password services
- 5Home lab enthusiasts centralizing authentication for self-hosted services
- 6Organizations requiring air-gapped or on-premises credential management
- 7Educational institutions providing password management for students and staff
Prerequisites
- Docker and Docker Compose installed on host system
- Minimum 128MB RAM available for container (50MB minimum, 128MB+ recommended)
- Available ports 8080 and 3012 on host system
- Domain name configured if enabling HTTPS and browser extension support
- SMTP server credentials if email invitations and notifications are required
- SSL certificate and reverse proxy knowledge for production HTTPS deployment
For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms
docker-compose.yml
docker-compose.yml
1services: 2 vaultwarden: 3 image: vaultwarden/server:latest4 container_name: vaultwarden5 environment: 6 - DOMAIN=${DOMAIN}7 - ADMIN_TOKEN=${ADMIN_TOKEN}8 - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}9 - INVITATIONS_ALLOWED=true10 - WEBSOCKET_ENABLED=true11 - LOG_LEVEL=info12 volumes: 13 - vaultwarden_data:/data14 ports: 15 - "8080:80"16 - "3012:3012"17 restart: unless-stopped18 networks: 19 - vaultwarden-network2021volumes: 22 vaultwarden_data: 2324networks: 25 vaultwarden-network: 26 driver: bridge.env Template
.env
1# Vaultwarden2DOMAIN=https://vaultwarden.example.com3ADMIN_TOKEN=your-secure-admin-token4SIGNUPS_ALLOWED=trueUsage Notes
- 1Web vault at http://localhost:8080
- 2Admin panel at /admin
- 3Use official Bitwarden clients
- 4Set SIGNUPS_ALLOWED=false after setup
- 5HTTPS required for browser extension
Quick Start
terminal
1# 1. Create the compose file2cat > docker-compose.yml << 'EOF'3services:4 vaultwarden:5 image: vaultwarden/server:latest6 container_name: vaultwarden7 environment:8 - DOMAIN=${DOMAIN}9 - ADMIN_TOKEN=${ADMIN_TOKEN}10 - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}11 - INVITATIONS_ALLOWED=true12 - WEBSOCKET_ENABLED=true13 - LOG_LEVEL=info14 volumes:15 - vaultwarden_data:/data16 ports:17 - "8080:80"18 - "3012:3012"19 restart: unless-stopped20 networks:21 - vaultwarden-network2223volumes:24 vaultwarden_data:2526networks:27 vaultwarden-network:28 driver: bridge29EOF3031# 2. Create the .env file32cat > .env << 'EOF'33# Vaultwarden34DOMAIN=https://vaultwarden.example.com35ADMIN_TOKEN=your-secure-admin-token36SIGNUPS_ALLOWED=true37EOF3839# 3. Start the services40docker compose up -d4142# 4. View logs43docker compose logs -fOne-Liner
Run this command to download and set up the recipe in one step:
terminal
1curl -fsSL https://docker.recipes/api/recipes/vaultwarden-passwords/run | bashTroubleshooting
- Browser extension not connecting: Ensure HTTPS is configured as browser extensions require secure connections to function properly
- WebSocket sync failures: Verify port 3012 is accessible and WEBSOCKET_ENABLED=true in environment variables
- Admin panel inaccessible: Generate and set ADMIN_TOKEN environment variable using openssl or argon2 hash
- Email invitations not sending: Configure SMTP settings including SMTP_HOST, SMTP_FROM, SMTP_USERNAME, and SMTP_PASSWORD
- High memory usage: Disable database WAL mode by setting DATABASE_MAX_CONNS=1 for memory-constrained environments
- Container startup failures: Check file permissions on vaultwarden_data volume and ensure proper ownership
Community Notes
Loading...
Loading notes...
Download Recipe Kit
Get all files in a ready-to-deploy package
Includes docker-compose.yml, .env template, README, and license
Components
vaultwarden
Tags
#vaultwarden#bitwarden#passwords#security#self-hosted
Category
Security & NetworkingAd Space
Shortcuts: C CopyF FavoriteD Download