# Vaultwarden — Lightweight Self-Hosted Bitwarden Server > Vaultwarden is an unofficial Bitwarden-compatible server written in Rust. Full Bitwarden features with minimal resources — perfect for self-hosted password management. ## Install Save as a script file and run: ## Quick Use ```bash docker run -d --name vaultwarden -p 80:80 -v vw-data:/data vaultwarden/server:latest ``` Open `http://localhost` — register your account, then use official Bitwarden apps on all devices. ## Intro **Vaultwarden** is an unofficial, lightweight Bitwarden-compatible server written in Rust. It implements the Bitwarden API, allowing you to use all official Bitwarden client apps (browser extension, desktop, mobile) while self-hosting your encrypted vault on minimal hardware — even a Raspberry Pi. With 58.2K+ GitHub stars and AGPL-3.0 license, Vaultwarden is the most popular self-hosted password manager solution, providing enterprise-grade Bitwarden features (Organizations, Attachments, Vault API, TOTP) for free. ## What Vaultwarden Does - **Password Vault**: Store and auto-fill passwords, credit cards, identities, and secure notes - **Cross-Device Sync**: All changes sync across browser, desktop, and mobile via Bitwarden apps - **Organizations**: Share passwords with family or team members with role-based access - **Send**: Securely share text or files with anyone via encrypted, expiring links - **TOTP Generator**: Built-in 2FA code generator (premium Bitwarden feature, free in Vaultwarden) - **Attachments**: Attach files to vault items with encrypted storage - **Emergency Access**: Grant trusted contacts access to your vault in emergencies - **Vault Health Reports**: Identify weak, reused, and breached passwords ## Why Vaultwarden Over Official Bitwarden? ``` Official Bitwarden Server: - Written in C# (.NET) + multiple services - Requires 2GB+ RAM, SQL Server or PostgreSQL - Premium features need paid subscription Vaultwarden: - Written in Rust (single binary) - Requires ~50MB RAM, SQLite included - ALL premium features free - Runs on Raspberry Pi, NAS, any VPS ``` ## Self-Hosting ### Docker (Recommended) ```bash docker run -d --name vaultwarden -e SIGNUPS_ALLOWED=true -e DOMAIN=https://vault.yourdomain.com -v /vw-data/:/data/ -p 443:80 vaultwarden/server:latest ``` ### Docker Compose with HTTPS ```yaml services: vaultwarden: image: vaultwarden/server:latest environment: DOMAIN: https://vault.yourdomain.com SIGNUPS_ALLOWED: "false" # Disable after creating your account ADMIN_TOKEN: your-admin-token SMTP_HOST: smtp.gmail.com SMTP_PORT: 587 SMTP_SECURITY: starttls SMTP_USERNAME: your-email@gmail.com SMTP_PASSWORD: your-app-password SMTP_FROM: your-email@gmail.com volumes: - vw-data:/data ports: - "8080:80" restart: unless-stopped volumes: vw-data: ``` ### Security Best Practices ```bash # 1. Disable signups after creating your accounts SIGNUPS_ALLOWED=false # 2. Set admin token for web admin panel ADMIN_TOKEN=$(openssl rand -base64 48) # 3. Always use HTTPS (via reverse proxy) # 4. Enable 2FA on your account # 5. Regular backups of /data directory ``` ## Client Apps Use official Bitwarden clients — they're fully compatible: | Platform | App | |----------|-----| | Chrome/Firefox/Safari | Bitwarden Browser Extension | | Windows/macOS/Linux | Bitwarden Desktop | | iOS | Bitwarden for iOS | | Android | Bitwarden for Android | | CLI | Bitwarden CLI | Point each client to your Vaultwarden URL instead of the default Bitwarden servers. ## Key Features ### Organization Sharing ``` Family Vault ├── Shared Logins │ ├── Netflix (Mom, Dad, Kids) │ ├── Spotify Family (All) │ └── WiFi Password (All) ├── Finance (Mom, Dad only) │ ├── Bank Login │ └── Tax Software └── Kids Only └── School Portal ``` ### Bitwarden Send Share sensitive information securely: - Text or file sharing with end-to-end encryption - Set expiration date and max access count - Optional password protection - Auto-delete after expiration ### Admin Panel Access at `/admin` with your admin token: - View and manage all users - Invite new users via email - View organization details - Server diagnostics and configuration ## Vaultwarden vs Alternatives | Feature | Vaultwarden | Bitwarden (Official) | 1Password | KeePass | |---------|-------------|---------------------|-----------|---------| | Open Source | Yes (AGPL-3.0) | Server: Yes | No | Yes | | Self-hosted | Yes | Yes (heavy) | No | Local files | | RAM Usage | ~50MB | ~2GB+ | N/A | ~30MB | | Premium features | All free | $10/yr | $36/yr | Free | | Browser ext. | Bitwarden | Bitwarden | 1Password | KeePassXC | | Mobile app | Bitwarden | Bitwarden | 1Password | KeePassDX | | Organizations | Free | $4/user/mo | $8/user/mo | No | ## 常见问题 **Q: Vaultwarden 安全吗?** A: 加密完全在客户端完成(AES-256),与 Bitwarden 使用相同的加密方案。服务器只存储加密后的数据。关键是确保 HTTPS 传输和服务器物理安全。 **Q: 可以从 1Password/LastPass 迁移吗?** A: 可以。从 1Password/LastPass 导出 CSV,然后通过 Bitwarden 客户端或 Web Vault 导入。支持 1Password 1pux、LastPass CSV、KeePass XML 等格式。 **Q: 如何备份?** A: 备份 `/data` 目录即可,包含 SQLite 数据库、附件、RSA 密钥和配置。建议每天定时备份到异地存储。也可以使用 Bitwarden CLI 导出为加密 JSON。 ## 来源与致谢 - GitHub: [dani-garcia/vaultwarden](https://github.com/dani-garcia/vaultwarden) — 58.2K+ ⭐ | AGPL-3.0 - Wiki: [github.com/dani-garcia/vaultwarden/wiki](https://github.com/dani-garcia/vaultwarden/wiki) --- Source: https://tokrepo.com/en/workflows/e8706cbd-34a9-11f1-9bc6-00163e2b0d79 Author: Script Depot