Skip to content

Vaultwarden

Vaultwarden/Bitwarden logo

Overview

Field Value
Purpose Host the organizational password vault
Business function Secure credential storage and sharing
Owner IT Operations
Criticality Critical
Image ghcr.io/dani-garcia/vaultwarden:latest-alpine

Architecture

Traefik provides HTTPS on aproxy. Vaultwarden reaches PostgreSQL and SMTP/SSO dependencies through backend and external networks.

Installation

Docker Compose at /root/vaultwarden/docker-compose.yml.

Configuration

  • Data: /root/vaultwarden/data:/data
  • Networks: aproxy, backend
  • Container port: 80
  • Restart policy: unless-stopped
  • Authentication: admin token plus configured SSO authority/client
  • Email: SMTP host, port, username, and password in .env

Operational Procedures

cd /root/vaultwarden
docker compose logs --tail=200 vaultwarden
docker compose restart vaultwarden
docker compose pull
docker compose up -d

Before upgrade, back up /root/vaultwarden/data, the PostgreSQL database, Compose, and .env. Test login, vault unlock, attachment access, email, and SSO after change.

Troubleshooting

  • Login failure: check application logs, database health, time synchronization, and SSO provider.
  • Email failure: test SMTP connectivity without logging credentials.
  • Attachment/icon failure: check data-directory ownership and capacity.