Skip to main content

Vaultwarden

About

Bitwarden is an Open Source Password Management solution for individuals, teams, and business organizations. Vaultwarden is an unofficial Bitwarden compatible server written in Rust, fully compatible with the client apps.

Disable Registration

When installed without Cloudron user management, open registration is enabled. This can be changed via the config variables by editing /app/data/config.json using the File Manager. For example, to disable signup but allow invitations set the variables as below:

  "signups_allowed": false,
  "invitations_allowed": true,

Restart the app for changes to take effect.

Admin

The admin UI is located /admin. To login, look for the admin_token field inside /app/data/config.json using the File manager.

Starting with version 1.28, it is safer to generate an admin token using the built-in hash feature. Otherwise, warnings might be shown in the logs - Please generate a secure Argon2 PHC string by using vaultwarden hash or argon2.

To fix, open a web terminal and run:

# /app/code/vaultwarden hash
Generate an Argon2id PHC string using the 'bitwarden' preset:

Password:
Confirm Password: 

ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$RCpl3a+FItyn4KBJVAtZ+EyP9+fK0hoRqqo9jEdyRJE$d7UfKfZYsZJad6OIKpzPtO2o2ccLkrHjEi5jXdWWkO0'

Take the above ADMIN_TOKEN and put it in /app/data/config.json in the field admin_token.

Important:

  • Remove the single quotes around the argon2id string above.
  • The token to login to the admin page is the password you entered above to generate the ADMIN_TOKEN.
  • config.json should be edited like below (please be careful about the quoting):
  "admin_token": "$argon2id$v=19$m=65540,t=3,p=4$RCpl3a+FItyn4KBJVAtZ+EyP9+fK0hoRqqo9jEdyRJE$d7UfKfZYsZJad6OIKpzPtO2o2ccLkrHjEi5jXdWWkO0"

Restart the app and verify if token actually changed.

Custom config

Custom environment variables can be set in /app/data/env.sh using the File Manager.

Note that Vaultwarden's admin page generates config.json which overrides the above env vars. See config docs for more information on which values are readonly and can only be set using environment variables.