Location>code7788 >text

Password saving system that can be deployed with lightweight docker: Vaultwarden

Popularity:538 ℃/2025-04-25 15:18:58

1. Introduction

Vaultwarden is a branch of the well-known Bitwarden project, a community-driven project written in the Rust language. It is a lightweight self-hosted alternative to Bitwarden, fully compatible with the Bitwarden client protocol, supports rapid deployment through Docker or Podman, and can be launched in just a few minutes. It is extremely convenient, especially suitable for users with limited server resources and pursuing lightweight.

2. Main features

  1. Self-hosting: You can host it on your own server or infrastructure, with complete control over data and reduce dependence on third-party services and cloud providers.
  2. End-to-end encryption: Powerful end-to-end encryption is used to protect passwords and other sensitive information, all data is encrypted on the device before being sent to the server, and only users can access the decrypted data.
  3. Open Source and Transparency: is an open source project where source code is open for review. This transparency promotes trust and allows security experts to review code, enhancing the overall security of the platform.
  4. Cross-platform compatibility: The server can be used with the official Bitwarden client and is suitable for a variety of platforms including Windows, macOS, Linux, iOS and Android, allowing easy access to passwords from any device.
  5. Browser Integration: Using Bitwarden's browser extension, you can seamlessly integrate a self-hosted Vaultwarden server with all major web browsers, automatically populate login credentials and directly access passwords when browsing web pages.
  6. Active Community Support: Benefit from an active and engaged community of developers and users, contributing to their ongoing development and support.
  7. Cost-effective: Self-hosted Vaultwarden is a cost-effective option compared to subscribing to a cloud-based password management service, especially for individuals or organizations with specific hosting resources.
  8. Low resource usage: Compared with official servers, memory usage is significantly reduced, requiring only about 10MB of memory.
  9. Complete function support: Supports core functions such as password storage, secure notes, credit card information, and identity information.

III. Deployment Requirements

  1. Docker Engine: for containerized deployment and management.
  2. Docker Compose: Supports configs version for orchestration of multi-container applications.
  3. Recommended server configuration: CPU is 2 cores, memory is 2GB RAM, storage is 20GB+ free space.
  4. Network environment: It requires support for https access and needs to be equipped with a TLS certificate. If it is a self-signed certificate, it requires browser trust.

4. Deployment steps (taking Docker Compose as an example)

  1. Install Docker and Docker Compose:
    • If Docker has not been installed, you can refer to relevant guidelines, such as the installation method on Ubuntu 22.04, Debian 12 (Bullseye), AlmaLinux/Rocky Linux, Fedora, Linux Mint 21, Raspberry Pi and other systems.
    • To install Docker Compose, you can use the following command:
1sudo curl -L "/docker/compose/releases/latest/download/docker-compose-linux-$(uname -m)" -o /usr/local/bin/docker-compose
2sudo chmod +x /usr/local/bin/docker-compose
  1. Create a deployment directory and edit the deployment file:
    • Create a deployment directory:
1mkdir -p /data/vaultwarden &&  cd /data/vaultwarden
- In the deployment directory, create a file, the example content is as follows:
1version: '3'
2services:
3  vaultwarden:
4    container_name: vaultwarden
5    image: vaultwarden/server:latest
6    restart: unless-stopped
7    volumes:
8      - ./data/:/data/
9    ports:
10      - 8080:80
11    environment:
12      - DOMAIN=https:// # This is the domain name you want to associate with your Vaultwarden instance.13      - LOGIN_RATELIMIT_MAX_BURST=10 # Maximum number of requests allowed in a one-minute login/two-step verification attempt.14      - LOGIN_RATELIMIT_SECONDS=60 # This is the average number of seconds between login requests from the same IP, before Vaultwarden limits the number of logins.15      - ADMIN_RATELIMIT_MAX_BURST=10 # This is the same as LOGIN_RATELIMIT_MAX_BURST, and it is only for the admin panel.16      - ADMIN_RATELIMIT_SECONDS=60 # This is the same as LOGIN_RATELIMIT_SECONDS17      - ADMIN_SESSION_LIFETIME=20 # Session duration18      - ADMIN_TOKEN=YourReallyStrongAdminTokenHere # This value is the token (a password) of the Vaultwarden administrator panel.  For safety reasons, this should be a long random string.  If this value is not set, the administrator panel will be disabled.  It is recommended to openssl rand -base64 48 generate ADMIN_TOKEN to ensure safety19      - SENDS_ALLOWED=true  # This setting determines whether to allow users to create Bitwarden sends - a form of credential sharing.20      - EMERGENCY_ACCESS_ALLOWED=true # This setting controls whether users can enable emergency access to their accounts.  For example, doing so can allow the spouse to access the password library to obtain account credentials after the user dies.  Possible values: true / false.21      - WEB_VAULT_ENABLED=true # This setting determines whether the network vault is accessible.  Once you have configured your account and client, stop your container, then switch this value to false and restart Vaultwarden, which can be used to prevent unauthorized access.  Possible values: true/false.22      - SIGNUPS_ALLOWED=true # This setting controls whether new users can register an account without invitation.  Possible values: true / false.
- Note: `DOMAIN` is changed to the domain name form you want to use at the end. `ADMIN_TOKEN` can be generated by `openssl rand -base64 48` in ssh.

3. Create a Vaultwarden container:

1docker-compose up -d
  1. Configuring reverse proxy (optional): In order to facilitate long-term maintenance and provision of HTTPS services, it is recommended to use anti-proxy services such as Nginx or Caddy. For example, using Caddy as a reverse proxy, it can automatically issue Let’s Encrypt SSL certificates.

5. Visit Vaultwarden Services

After installation, it can be passedip:8080Visit the Vaultwarden Password Management Panel. If reverse proxy and HTTPS are configured, secure access can be made through the domain name.

<Previous Next>