Vaultwarden
Overview
| Field | Value |
|---|---|
| Purpose | Host the organizational password vault |
| Business function | Secure credential storage and sharing |
| Owner | IT Operations |
| Criticality | Critical |
| Image | ghcr.io/dani-garcia/vaultwarden:latest-alpine |
Architecture
Traefik provides HTTPS on aproxy. Vaultwarden reaches PostgreSQL and SMTP/SSO dependencies through backend and external networks.
Installation
Docker Compose at /root/vaultwarden/docker-compose.yml.
Configuration
- Data:
/root/vaultwarden/data:/data - Networks:
aproxy,backend - Container port:
80 - Restart policy:
unless-stopped - Authentication: admin token plus configured SSO authority/client
- Email: SMTP host, port, username, and password in
.env
Operational Procedures
cd /root/vaultwarden
docker compose logs --tail=200 vaultwarden
docker compose restart vaultwarden
docker compose pull
docker compose up -d
Before upgrade, back up /root/vaultwarden/data, the PostgreSQL database, Compose, and .env. Test login, vault unlock, attachment access, email, and SSO after change.
Troubleshooting
- Login failure: check application logs, database health, time synchronization, and SSO provider.
- Email failure: test SMTP connectivity without logging credentials.
- Attachment/icon failure: check data-directory ownership and capacity.