Vaultwarden

tip

While I have been quite satisfied using a self-hosted official Bitwarden server, the large amount of containers and high resource usage has always seemed over the top for a “simple password vault”. Now, I ran into Bitwarden RS Vaultwarden, which is a server-api compatible server written in Rust as a single docker image having a lower resource demand.

Vaultwarden looked promising, so I decided to try it out to compare against the official server. The Using Docker Compose wiki page was of great help to set it up.

I’m already using Caddy Server as my main webserver and reverse proxy and set it up to serve Vaultwarden. So I just have to run the Vaultwarden image:

version: '3'

services:
  bitwarden:
    image: vaultwarden/server
    restart: always
    volumes:
      - /data/vaultwarden:/data
    environment:
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=false
      - ADMIN_TOKEN=<admin-token>
    ports:
      - 82:80
      - 3012:3012

Vaultwarden will be accessible from the internet intranet (the app caches the data, so there is no need to allow access from the internet; better safe than sorry!), so we can use the Bitwarden app on our phones, but I don’t want to allow people other than within my family to sign up for use of it. So I blocked it by setting SIGNUPS_ALLOWED to false.

Conclusion

All in all, moving over from the official server to Vaultwarden was done in a breeze and works just fine with the official Bitwarden app.

By the way, Vaultwarden allows setting up an organization which allows to share passwords between users. For the official server, this is a premium feature!

September 23, 2020