What Vaultwarden Does
- Password Vault: Store and auto-fill passwords, credit cards, identities, and secure notes
- Cross-Device Sync: All changes sync across browser, desktop, and mobile via Bitwarden apps
- Organizations: Share passwords with family or team members with role-based access
- Send: Securely share text or files with anyone via encrypted, expiring links
- TOTP Generator: Built-in 2FA code generator (premium Bitwarden feature, free in Vaultwarden)
- Attachments: Attach files to vault items with encrypted storage
- Emergency Access: Grant trusted contacts access to your vault in emergencies
- Vault Health Reports: Identify weak, reused, and breached passwords
Why Vaultwarden Over Official Bitwarden?
Official Bitwarden Server:
- Written in C# (.NET) + multiple services
- Requires 2GB+ RAM, SQL Server or PostgreSQL
- Premium features need paid subscription
Vaultwarden:
- Written in Rust (single binary)
- Requires ~50MB RAM, SQLite included
- ALL premium features free
- Runs on Raspberry Pi, NAS, any VPSSelf-Hosting
Docker (Recommended)
docker run -d --name vaultwarden
-e SIGNUPS_ALLOWED=true
-e DOMAIN=https://vault.yourdomain.com
-v /vw-data/:/data/
-p 443:80
vaultwarden/server:latestDocker Compose with HTTPS
services:
vaultwarden:
image: vaultwarden/server:latest
environment:
DOMAIN: https://vault.yourdomain.com
SIGNUPS_ALLOWED: "false" # Disable after creating your account
ADMIN_TOKEN: your-admin-token
SMTP_HOST: smtp.gmail.com
SMTP_PORT: 587
SMTP_SECURITY: starttls
SMTP_USERNAME: your-email@gmail.com
SMTP_PASSWORD: your-app-password
SMTP_FROM: your-email@gmail.com
volumes:
- vw-data:/data
ports:
- "8080:80"
restart: unless-stopped
volumes:
vw-data:Security Best Practices
# 1. Disable signups after creating your accounts
SIGNUPS_ALLOWED=false
# 2. Set admin token for web admin panel
ADMIN_TOKEN=$(openssl rand -base64 48)
# 3. Always use HTTPS (via reverse proxy)
# 4. Enable 2FA on your account
# 5. Regular backups of /data directoryClient Apps
Use official Bitwarden clients — they're fully compatible:
| Platform | App |
|---|---|
| Chrome/Firefox/Safari | Bitwarden Browser Extension |
| Windows/macOS/Linux | Bitwarden Desktop |
| iOS | Bitwarden for iOS |
| Android | Bitwarden for Android |
| CLI | Bitwarden CLI |
Point each client to your Vaultwarden URL instead of the default Bitwarden servers.
Key Features
Organization Sharing
Family Vault
├── Shared Logins
│ ├── Netflix (Mom, Dad, Kids)
│ ├── Spotify Family (All)
│ └── WiFi Password (All)
├── Finance (Mom, Dad only)
│ ├── Bank Login
│ └── Tax Software
└── Kids Only
└── School PortalBitwarden Send
Share sensitive information securely:
- Text or file sharing with end-to-end encryption
- Set expiration date and max access count
- Optional password protection
- Auto-delete after expiration
Admin Panel
Access at /admin with your admin token:
- View and manage all users
- Invite new users via email
- View organization details
- Server diagnostics and configuration
Vaultwarden vs Alternatives
| Feature | Vaultwarden | Bitwarden (Official) | 1Password | KeePass |
|---|---|---|---|---|
| Open Source | Yes (AGPL-3.0) | Server: Yes | No | Yes |
| Self-hosted | Yes | Yes (heavy) | No | Local files |
| RAM Usage | ~50MB | ~2GB+ | N/A | ~30MB |
| Premium features | All free | $10/yr | $36/yr | Free |
| Browser ext. | Bitwarden | Bitwarden | 1Password | KeePassXC |
| Mobile app | Bitwarden | Bitwarden | 1Password | KeePassDX |
| Organizations | Free | $4/user/mo | $8/user/mo | No |
常见问题
Q: Vaultwarden 安全吗? A: 加密完全在客户端完成(AES-256),与 Bitwarden 使用相同的加密方案。服务器只存储加密后的数据。关键是确保 HTTPS 传输和服务器物理安全。
Q: 可以从 1Password/LastPass 迁移吗? A: 可以。从 1Password/LastPass 导出 CSV,然后通过 Bitwarden 客户端或 Web Vault 导入。支持 1Password 1pux、LastPass CSV、KeePass XML 等格式。
Q: 如何备份?
A: 备份 /data 目录即可,包含 SQLite 数据库、附件、RSA 密钥和配置。建议每天定时备份到异地存储。也可以使用 Bitwarden CLI 导出为加密 JSON。
来源与致谢
- GitHub: dani-garcia/vaultwarden — 58.2K+ ⭐ | AGPL-3.0
- Wiki: github.com/dani-garcia/vaultwarden/wiki