Back to Blog

Vaultwarden: Self-Hosted Bitwarden for Free

Deploy Vaultwarden, a lightweight Bitwarden-compatible password manager. Get all premium features free while keeping your passwords under your control.

Posted by

Vaultwarden password manager interface

Your Passwords, Your Server

Password managers are essential for digital security, but storing all your passwords on someone else's server feels risky. What if they get breached? What if they change their pricing? With Vaultwarden, you get the full Bitwarden experience on your own infrastructure.

Vaultwarden is a lightweight, open-source implementation of the Bitwarden API. It's fully compatible with all official Bitwarden clients and includes premium features for free.

Why Vaultwarden Over Bitwarden?

  • Lightweight: Uses minimal RAM (under 50MB vs 2GB+ for official Bitwarden)
  • Premium features free: TOTP, file attachments, emergency access
  • Self-contained: Single Docker container, SQLite database
  • Active development: Regular updates and security patches
  • Full compatibility: Works with all Bitwarden apps and extensions

Docker Compose Setup

Vaultwarden is one of the simplest services to deploy:

version: "3.8"

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    ports:
      - "8080:80"
    environment:
      - DOMAIN=https://vault.yourdomain.com
      - SIGNUPS_ALLOWED=true
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      - WEBSOCKET_ENABLED=true
      - LOG_LEVEL=info
    volumes:
      - ./data:/data
    restart: unless-stopped

Create a .env file with a secure admin token:

# Generate with: openssl rand -base64 48
ADMIN_TOKEN=your_very_long_random_token_here

Critical: HTTPS is Required

Vaultwarden and Bitwarden clients require HTTPS for security. You have several options:

  • Cloudflare Tunnel: Free, easy, handles SSL automatically
  • Traefik: Reverse proxy with automatic Let's Encrypt certificates
  • Nginx Proxy Manager: GUI-based reverse proxy with SSL
  • Caddy: Automatic HTTPS with minimal configuration

Never expose Vaultwarden over plain HTTP - your passwords would be transmitted unencrypted!

Initial Configuration

1. Access the Admin Panel

Navigate to https://your-vault/admin and enter your admin token.

2. Create Your Account

Go to the main URL and create your first account. After creating accounts for your family, disable signups:

environment:
  - SIGNUPS_ALLOWED=false

3. Configure Email (Optional but Recommended)

environment:
  - SMTP_HOST=smtp.gmail.com
  - SMTP_PORT=587
  - SMTP_SECURITY=starttls
  - [email protected]
  - SMTP_PASSWORD=your_app_password
  - [email protected]

Connecting Clients

Bitwarden clients need to be configured to use your self-hosted server:

Browser Extensions:

  • Click the gear icon on the login screen
  • Enter your Vaultwarden URL in "Self-hosted environment"
  • Log in with your credentials

Mobile Apps:

  • Tap the gear icon before logging in
  • Select "Self-hosted"
  • Enter your server URL

Premium Features You Get Free

  • TOTP Authentication: Built-in 2FA code generator
  • File Attachments: Store secure documents with passwords
  • Emergency Access: Grant trusted contacts access
  • Vault Health Reports: Identify weak or reused passwords
  • Organizations: Share passwords with family members

Backup Strategy

Your password vault is critical data. Implement proper backups:

# Simple backup script
#!/bin/bash
DATE=$(date +%Y%m%d)
BACKUP_DIR=/backups/vaultwarden

# Stop container for consistent backup
docker stop vaultwarden

# Backup the data directory
tar -czf $BACKUP_DIR/vaultwarden-$DATE.tar.gz ./data

# Restart container
docker start vaultwarden

# Keep only last 30 days
find $BACKUP_DIR -type f -mtime +30 -delete

Also export your vault periodically through the web interface as an additional backup.

Security Hardening

  • Disable admin panel after initial setup: ADMIN_TOKEN=
  • Enable Fail2ban to prevent brute-force attacks
  • Use strong master passwords (30+ characters)
  • Enable 2FA for all accounts
  • Keep Vaultwarden updated regularly

Password Security, Your Way

With Vaultwarden, you get world-class password management without trusting a third party with your most sensitive data. Your encrypted vault stays on your server, accessible from anywhere but controlled only by you.

Continue Reading