Skip to content

Vaultwarden App

About

Bitwarden is an Open Source Password Management solution for individuals, teams, and business organizations. Vaultwarden is an unofficial Bitwarden compatible server written in Rust, fully compatible with the client apps.

Users

Bitwarden does not support Single Sign On. This is by design for security reasons. You must create a new password for your Bitwarden account.

By default, open registration is enabled. This can be changed via the config variables by editing /app/data/config.json using the File Manager. For example, to disable signup but allow invitations set the variables as below:

  "signups_allowed": false,
  "invitations_allowed": true,

Admin

The admin UI is located /admin. To login, look for the admin_token field inside /app/data/config.json using the File manager.

Starting with version 1.28, it is safer to generate an admin token using the built-in hash feature. Otherwise, warnings might be shown in the logs - Please generate a secure Argon2 PHC string by using vaultwarden hash or argon2.

To fix, open a web terminal and run:

# app/code/vaultwarden hash
Generate an Argon2id PHC string using the 'bitwarden' preset:

Password:
Confirm Password: 

ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$RCpl3a+FItyn4KBJVAtZ+EyP9+fK0hoRqqo9jEdyRJE$d7UfKfZYsZJad6OIKpzPtO2o2ccLkrHjEi5jXdWWkO0'

Take the above ADMIN_TOKEN and put it in /app/data/config.json in the field admin_token.

Important:

  • Remove the single quotes around the argon2id string above.
  • The token to login to the admin page is the password you entered above to generate the ADMIN_TOKEN.
  • config.json should be edited like below (please be careful about the quoting):
  "admin_token": "$argon2id$v=19$m=65540,t=3,p=4$RCpl3a+FItyn4KBJVAtZ+EyP9+fK0hoRqqo9jEdyRJE$d7UfKfZYsZJad6OIKpzPtO2o2ccLkrHjEi5jXdWWkO0"

Restart the app and verify if token actually changed.

Custom config

Custom environment variables can be set in /app/data/config.env using the File Manager.

Note that Vaultwarden's admin page generates config.json which overrides the above env vars. See config docs for more information on which values are readonly and can only be set using environment variables.