# Vaultwarden — Lightweight Self-Hosted Bitwarden Server > Vaultwarden is an unofficial Bitwarden-compatible server written in Rust. Full Bitwarden features with minimal resources — perfect for self-hosted password management. ## Install Save the content below to `.claude/skills/` or append to your `CLAUDE.md`: ## Quick Use ```bash docker run -d --name vaultwarden -p 80:80 -v vw-data:/data vaultwarden/server:latest ``` Open `http://localhost` — register your account, then use official Bitwarden apps on all devices. ## Intro **Vaultwarden** is an unofficial, lightweight Bitwarden-compatible server written in Rust. It implements the Bitwarden API, allowing you to use all official Bitwarden client apps (browser extension, desktop, mobile) while self-hosting your encrypted vault on minimal hardware — even a Raspberry Pi. With 58.2K+ GitHub stars and AGPL-3.0 license, Vaultwarden is the most popular self-hosted password manager solution, providing enterprise-grade Bitwarden features (Organizations, Attachments, Vault API, TOTP) for free. ## What Vaultwarden Does - **Password Vault**: Store and auto-fill passwords, credit cards, identities, and secure notes - **Cross-Device Sync**: All changes sync across browser, desktop, and mobile via Bitwarden apps - **Organizations**: Share passwords with family or team members with role-based access - **Send**: Securely share text or files with anyone via encrypted, expiring links - **TOTP Generator**: Built-in 2FA code generator (premium Bitwarden feature, free in Vaultwarden) - **Attachments**: Attach files to vault items with encrypted storage - **Emergency Access**: Grant trusted contacts access to your vault in emergencies - **Vault Health Reports**: Identify weak, reused, and breached passwords ## Why Vaultwarden Over Official Bitwarden? ``` Official Bitwarden Server: - Written in C# (.NET) + multiple services - Requires 2GB+ RAM, SQL Server or PostgreSQL - Premium features need paid subscription Vaultwarden: - Written in Rust (single binary) - Requires ~50MB RAM, SQLite included - ALL premium features free - Runs on Raspberry Pi, NAS, any VPS ``` ## Self-Hosting ### Docker (Recommended) ```bash docker run -d --name vaultwarden -e SIGNUPS_ALLOWED=true -e DOMAIN=https://vault.yourdomain.com -v /vw-data/:/data/ -p 443:80 vaultwarden/server:latest ``` ### Docker Compose with HTTPS ```yaml services: vaultwarden: image: vaultwarden/server:latest environment: DOMAIN: https://vault.yourdomain.com SIGNUPS_ALLOWED: "false" # Disable after creating your account ADMIN_TOKEN: your-admin-token SMTP_HOST: smtp.gmail.com SMTP_PORT: 587 SMTP_SECURITY: starttls SMTP_USERNAME: your-email@gmail.com SMTP_PASSWORD: your-app-password SMTP_FROM: your-email@gmail.com volumes: - vw-data:/data ports: - "8080:80" restart: unless-stopped volumes: vw-data: ``` ### Security Best Practices ```bash # 1. Disable signups after creating your accounts SIGNUPS_ALLOWED=false # 2. Set admin token for web admin panel ADMIN_TOKEN=$(openssl rand -base64 48) # 3. Always use HTTPS (via reverse proxy) # 4. Enable 2FA on your account # 5. Regular backups of /data directory ``` ## Client Apps Use official Bitwarden clients — they're fully compatible: | Platform | App | |----------|-----| | Chrome/Firefox/Safari | Bitwarden Browser Extension | | Windows/macOS/Linux | Bitwarden Desktop | | iOS | Bitwarden for iOS | | Android | Bitwarden for Android | | CLI | Bitwarden CLI | Point each client to your Vaultwarden URL instead of the default Bitwarden servers. ## Key Features ### Organization Sharing ``` Family Vault ├── Shared Logins │ ├── Netflix (Mom, Dad, Kids) │ ├── Spotify Family (All) │ └── WiFi Password (All) ├── Finance (Mom, Dad only) │ ├── Bank Login │ └── Tax Software └── Kids Only └── School Portal ``` ### Bitwarden Send Share sensitive information securely: - Text or file sharing with end-to-end encryption - Set expiration date and max access count - Optional password protection - Auto-delete after expiration ### Admin Panel Access at `/admin` with your admin token: - View and manage all users - Invite new users via email - View organization details - Server diagnostics and configuration ## Vaultwarden vs Alternatives | Feature | Vaultwarden | Bitwarden (Official) | 1Password | KeePass | |---------|-------------|---------------------|-----------|---------| | Open Source | Yes (AGPL-3.0) | Server: Yes | No | Yes | | Self-hosted | Yes | Yes (heavy) | No | Local files | | RAM Usage | ~50MB | ~2GB+ | N/A | ~30MB | | Premium features | All free | $10/yr | $36/yr | Free | | Browser ext. | Bitwarden | Bitwarden | 1Password | KeePassXC | | Mobile app | Bitwarden | Bitwarden | 1Password | KeePassDX | | Organizations | Free | $4/user/mo | $8/user/mo | No | ## FAQ **Q: Is Vaultwarden secure?** A: Encryption happens entirely on the client (AES-256), using the same scheme as Bitwarden. The server only stores encrypted data. The key is ensuring HTTPS in transit and physical server security. **Q: Can I migrate from 1Password/LastPass?** A: Yes. Export a CSV from 1Password/LastPass and import via the Bitwarden client or Web Vault. Supported formats include 1Password 1pux, LastPass CSV, and KeePass XML. **Q: How do I back up?** A: Back up the `/data` directory, which includes the SQLite database, attachments, RSA keys, and configuration. Schedule daily backups to off-site storage. You can also use the Bitwarden CLI to export an encrypted JSON. ## Source & Thanks - GitHub: [dani-garcia/vaultwarden](https://github.com/dani-garcia/vaultwarden) — 58.2K+ ⭐ | AGPL-3.0 - Wiki: [github.com/dani-garcia/vaultwarden/wiki](https://github.com/dani-garcia/vaultwarden/wiki) --- Source: https://tokrepo.com/en/workflows/vaultwarden-lightweight-self-hosted-bitwarden-server-e8706cbd Author: Script Depot