Why Vaultwarden?

Cloud password managers are convenient but you’re trusting a third party with your most sensitive data. Vaultwarden keeps it under your control:

  • Full Bitwarden compatibility — All official clients work out of the box.
  • 50 MB RAM — Runs on a Raspberry Pi or any tiny VPS.
  • End-to-end encryption — AES-256 client-side; server never sees decrypted data.
  • Organizations & sharing — Share passwords securely with family or team.
  • Free premium features — TOTP, file attachments, emergency access.

Prerequisites

  • Docker on any Linux server.
  • A domain with HTTPS (required for browser extensions).
  • A reverse proxy (Nginx, Caddy, or Traefik).

Step 1: Deploy with Docker

docker run -d \
  --name vaultwarden \
  --restart=always \
  -v /vw-data/:/data/ \
  -p 8080:80 \
  -e DOMAIN=https://vault.example.com \
  -e SIGNUPS_ALLOWED=true \
  -e SMTP_HOST=smtp.gmail.com \
  -e SMTP_PORT=587 \
  -e SMTP_SECURITY=starttls \
  -e SMTP_USERNAME=your@gmail.com \
  -e SMTP_PASSWORD=app-password \
  -e SMTP_FROM=your@gmail.com \
  vaultwarden/server:latest

Step 2: Essential Environment Variables

VariablePurpose
DOMAINYour full HTTPS URL (required for clients)
SIGNUPS_ALLOWEDSet to false after creating your accounts
SMTP_*Email config for password resets and 2FA
ADMIN_TOKENSecret token to access /admin panel
WEBSOCKET_ENABLEDSet to true for real-time sync

Step 3: Secure the Admin Panel

Generate a secure admin token:

openssl rand -base64 48

Add to your Docker env:

-e ADMIN_TOKEN=your-generated-token

Access at https://vault.example.com/admin. From here you can manage users, view diagnostics, and configure settings.


Step 4: Backup Strategy

#!/bin/bash
# /usr/local/bin/backup-vaultwarden.sh
BACKUP_DIR=/backup/vaultwarden/$(date +%Y-%m-%d)
mkdir -p $BACKUP_DIR
sqlite3 /vw-data/db.sqlite3 ".backup '$BACKUP_DIR/db.sqlite3'"
cp -r /vw-data/attachments $BACKUP_DIR/
cp /vw-data/rsa_key* $BACKUP_DIR/

Schedule daily: 0 3 * * * /usr/local/bin/backup-vaultwarden.sh


Vaultwarden vs Bitwarden Official

FeatureVaultwardenBitwarden (self-hosted)
RAM usage50-100 MB2+ GB
DatabaseSQLiteMSSQL
Docker images1 container10+ containers
Premium featuresAll free$10/year or self-hosted
MaintenanceMinimalComplex
Best forHomelabs, small teamsEnterprise

Troubleshooting

ProblemSolution
Browser extension can’t connectHTTPS is required; configure a reverse proxy with SSL
”Invalid credentials” after migrationClear browser extension cache; re-enter server URL
2FA codes not sending via emailVerify SMTP_* environment variables; test with /admin diagnostics
Mobile app not syncingCheck server URL includes https://; verify port is accessible
Admin panel shows blank pageRegenerate ADMIN_TOKEN; clear browser cookies for the domain

Summary

  • One Docker container replaces a cloud subscription.
  • All Bitwarden clients work natively — browser, mobile, desktop, CLI.
  • End-to-end encrypted — server never sees your passwords.
  • Disable SIGNUPS_ALLOWED after setup and back up daily.