Bitwarden (Vaultwarden) - Nick the Sick's blog. Writings, projects and ideas.

# Bitwarden (Vaultwarden) Created: [[2024_01_06]] 15:01 Tags: #selfhost #Docker #Software [Bitwarden](https://bitwarden.com/) is a self-hostable password management system. It does all that you'd expect from a password manager like Lastpass and 1Password, but allows you to run it on infrastructure you trust. Self-hosting Bitwarden can be a bit of a pain with how they set up their services (requiring multiple containers to run the service for high availability), so instead of using their containers I run vaultwarden which is a clone of Bitwarden that is rewritten in Rust and completely compatible with Bitwarden's APIs. This is great because it lets me use the official Bitwarden web extensions, mobile and desktop applications just by pointing the URL to my self-hosted server. ## Technical Details Since I'm using [[Docker Compose]] to set up all of my local services, I wanted to share how I've set up my vaultwarden instance. The gist of it is that I run vaultwarden writing to a local sqlite file (I don't have many users to warrant an entire DB for it). That sqlite file simultaneously being mounted to backup both to my server locally and sent to S3 compatible remote (BackBlaze). This lets me have constant backups to allow me to restore to a point in time. ![[vaultwarden_setup.excalidraw.svg]] ```yaml version: "3" services: vaultwarden: container_name: vaultwarden image: ghcr.io/dani-garcia/vaultwarden:1.30.1 restart: unless-stopped volumes: - data:/data environment: SIGNUPS_ALLOWED: "false" YUBICO_CLIENT_ID: "${YUBICO_CLIENT_ID}" YUBICO_SECRET_KEY: '${YUBICO_SECRET_KEY}' DATABASE_URL: '/data/db.sqlite3' SMTP_FROM: '${SMTP_FROM}' SMTP_HOST: '${SMTP_HOST}' SMTP_USERNAME: '${SMTP_USERNAME}' SMTP_PASSWORD: '${SMTP_PASSWORD}' DOMAIN: '${DOMAIN}' ADMIN_TOKEN: '${ADMIN_TOKEN}' WEBSOCKET_ENABLED: 'true' local_backup: container_name: vaultwarden_local_backup image: ttionya/vaultwarden-backup:1.19.6 restart: always environment: RCLONE_REMOTE_NAME: '${RCLONE_LOCAL}' RCLONE_REMOTE_DIR: '${RCLONE_LOCAL_DIR}' CRON: '0 3 * * *' ZIP_ENABLE: 'TRUE' ZIP_PASSWORD: '${ZIP_PASSWORD}' ZIP_TYPE: 'zip' BACKUP_KEEP_DAYS: 720 MAIL_SMTP_ENABLE: 'FALSE' volumes: - data:/bitwarden/data - local_rclone:/config/rclone external_backup: container_name: vaultwarden_external_backup image: ttionya/vaultwarden-backup:1.19.6 restart: always environment: RCLONE_REMOTE_NAME: '${RCLONE_REMOTE}' RCLONE_REMOTE_DIR: '${RCLONE_REMOTE_DIR}' CRON: '10 3 * * *' ZIP_ENABLE: 'TRUE' ZIP_PASSWORD: '${ZIP_PASSWORD}' ZIP_TYPE: 'zip' BACKUP_KEEP_DAYS: 720 MAIL_SMTP_ENABLE: 'TRUE' MAIL_SMTP_VARIABLES: '-S smtp-use-starttls -S smtp=smtp://${SMTP_HOST}:587 -S smtp-auth=login -S smtp-auth-user=${SMTP_USERNAME} -S smtp-auth-password=${SMTP_PASSWORD} -S from=${SMTP_FROM}' MAIL_TO: '${SMTP_FROM}' MAIL_WHEN_SUCCESS: 'FALSE' MAIL_WHEN_FAILURE: 'TRUE' volumes: - data:/bitwarden/data - external_rclone:/config/rclone volumes: data: external_rclone: local_rclone: ```