Cette page est affichée en anglais. Une traduction française est en cours.
ScriptsApr 10, 2026·3 min de lecture

Vaultwarden — Lightweight Self-Hosted Bitwarden Server

Vaultwarden is an unofficial Bitwarden-compatible server written in Rust. Full Bitwarden features with minimal resources — perfect for self-hosted password management.

Script Depot
Script Depot · Community
Introduction

Vaultwarden is an unofficial, lightweight Bitwarden-compatible server written in Rust. It implements the Bitwarden API, allowing you to use all official Bitwarden client apps (browser extension, desktop, mobile) while self-hosting your encrypted vault on minimal hardware — even a Raspberry Pi.

With 58.2K+ GitHub stars and AGPL-3.0 license, Vaultwarden is the most popular self-hosted password manager solution, providing enterprise-grade Bitwarden features (Organizations, Attachments, Vault API, TOTP) for free.

What Vaultwarden Does

  • Password Vault: Store and auto-fill passwords, credit cards, identities, and secure notes
  • Cross-Device Sync: All changes sync across browser, desktop, and mobile via Bitwarden apps
  • Organizations: Share passwords with family or team members with role-based access
  • Send: Securely share text or files with anyone via encrypted, expiring links
  • TOTP Generator: Built-in 2FA code generator (premium Bitwarden feature, free in Vaultwarden)
  • Attachments: Attach files to vault items with encrypted storage
  • Emergency Access: Grant trusted contacts access to your vault in emergencies
  • Vault Health Reports: Identify weak, reused, and breached passwords

Why Vaultwarden Over Official Bitwarden?

Official Bitwarden Server:
- Written in C# (.NET) + multiple services
- Requires 2GB+ RAM, SQL Server or PostgreSQL
- Premium features need paid subscription

Vaultwarden:
- Written in Rust (single binary)
- Requires ~50MB RAM, SQLite included
- ALL premium features free
- Runs on Raspberry Pi, NAS, any VPS

Self-Hosting

Docker (Recommended)

docker run -d --name vaultwarden 
  -e SIGNUPS_ALLOWED=true 
  -e DOMAIN=https://vault.yourdomain.com 
  -v /vw-data/:/data/ 
  -p 443:80 
  vaultwarden/server:latest

Docker Compose with HTTPS

services:
  vaultwarden:
    image: vaultwarden/server:latest
    environment:
      DOMAIN: https://vault.yourdomain.com
      SIGNUPS_ALLOWED: "false"  # Disable after creating your account
      ADMIN_TOKEN: your-admin-token
      SMTP_HOST: smtp.gmail.com
      SMTP_PORT: 587
      SMTP_SECURITY: starttls
      SMTP_USERNAME: your-email@gmail.com
      SMTP_PASSWORD: your-app-password
      SMTP_FROM: your-email@gmail.com
    volumes:
      - vw-data:/data
    ports:
      - "8080:80"
    restart: unless-stopped

volumes:
  vw-data:

Security Best Practices

# 1. Disable signups after creating your accounts
SIGNUPS_ALLOWED=false

# 2. Set admin token for web admin panel
ADMIN_TOKEN=$(openssl rand -base64 48)

# 3. Always use HTTPS (via reverse proxy)
# 4. Enable 2FA on your account
# 5. Regular backups of /data directory

Client Apps

Use official Bitwarden clients — they're fully compatible:

Platform App
Chrome/Firefox/Safari Bitwarden Browser Extension
Windows/macOS/Linux Bitwarden Desktop
iOS Bitwarden for iOS
Android Bitwarden for Android
CLI Bitwarden CLI

Point each client to your Vaultwarden URL instead of the default Bitwarden servers.

Key Features

Organization Sharing

Family Vault
├── Shared Logins
│   ├── Netflix (Mom, Dad, Kids)
│   ├── Spotify Family (All)
│   └── WiFi Password (All)
├── Finance (Mom, Dad only)
│   ├── Bank Login
│   └── Tax Software
└── Kids Only
    └── School Portal

Bitwarden Send

Share sensitive information securely:

  • Text or file sharing with end-to-end encryption
  • Set expiration date and max access count
  • Optional password protection
  • Auto-delete after expiration

Admin Panel

Access at /admin with your admin token:

  • View and manage all users
  • Invite new users via email
  • View organization details
  • Server diagnostics and configuration

Vaultwarden vs Alternatives

Feature Vaultwarden Bitwarden (Official) 1Password KeePass
Open Source Yes (AGPL-3.0) Server: Yes No Yes
Self-hosted Yes Yes (heavy) No Local files
RAM Usage ~50MB ~2GB+ N/A ~30MB
Premium features All free $10/yr $36/yr Free
Browser ext. Bitwarden Bitwarden 1Password KeePassXC
Mobile app Bitwarden Bitwarden 1Password KeePassDX
Organizations Free $4/user/mo $8/user/mo No

FAQ

Q: Is Vaultwarden secure? A: Encryption happens entirely on the client (AES-256), using the same scheme as Bitwarden. The server only stores encrypted data. The key is ensuring HTTPS in transit and physical server security.

Q: Can I migrate from 1Password/LastPass? A: Yes. Export a CSV from 1Password/LastPass and import via the Bitwarden client or Web Vault. Supported formats include 1Password 1pux, LastPass CSV, and KeePass XML.

Q: How do I back up? A: Back up the /data directory, which includes the SQLite database, attachments, RSA keys, and configuration. Schedule daily backups to off-site storage. You can also use the Bitwarden CLI to export an encrypted JSON.

🙏

Source et remerciements

Discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

Unkey — Open-Source API Key Management Platform

Unkey is an open-source API key management platform that lets developers create, validate, and rate-limit API keys with sub-millisecond verification and usage-based billing support.

Script Depot

Flagsmith — Open-Source Feature Flags and Remote Config

Flagsmith is a self-hosted feature flag and remote configuration service with a web dashboard and SDKs for 18+ languages, enabling teams to manage feature rollouts and A/B tests without redeploying.

Script Depot

OpenStatus — Open-Source Monitoring and Status Page Platform

OpenStatus is an open-source uptime monitoring and status page platform that checks endpoints from multiple regions, tracks latency and availability, and serves beautiful public status pages for your services.

Script Depot
Accueil🔍Rechercher👤Moi