$linuxjunkies
>

vaultwarden(8)

Vaultwarden is a lightweight, self-hosted password manager server compatible with Bitwarden clients.

UbuntuDebianFedoraArch

Synopsis

vaultwarden [OPTIONS]

Description

Vaultwarden is an unofficial Bitwarden-compatible server written in Rust. It provides secure password vault functionality that can be self-hosted on your own infrastructure, allowing teams and individuals to store and manage passwords, notes, and sensitive data with end-to-end encryption.

The server communicates with official Bitwarden client applications (web, mobile, desktop, CLI) and manages user accounts, vault items, organizations, and sharing permissions. Configuration is primarily done through environment variables in a .env file or at runtime.

Common options

FlagWhat it does
--helpDisplay help information and exit
ROCKET_PORTSet the listening port (default: 80)
ROCKET_ADDRESSSet the binding address (default: 0.0.0.0)
DATABASE_URLDatabase connection string (sqlite:///data/db.sqlite3 or postgresql://...)
DOMAINThe fully qualified domain name (e.g., https://vault.example.com)
ADMIN_TOKENToken for accessing the admin panel dashboard
SHOW_PASSWORD_HINTShow password hints on login page (true/false)
SIGNUPS_ALLOWEDAllow new user registrations (true/false)
INVITATIONS_ORG_ALLOW_SIGNUPAllow users to sign up via organization invite (true/false)
LOG_LEVELSet logging verbosity (trace, debug, info, warn, error)
LOG_FILEPath to log file for persistent logging
EXTENDED_LOGGINGEnable detailed request/response logging (true/false)

Examples

Start Vaultwarden server with settings from .env file in current directory

vaultwarden

Start server on port 8000 with custom domain override

ROCKET_PORT=8000 DOMAIN=https://vault.example.com vaultwarden

Start with PostgreSQL database and bind only to localhost

DATABASE_URL=postgresql://user:pass@localhost/vw ROCKET_ADDRESS=127.0.0.1 vaultwarden

Start with randomly generated admin token for secure access

ADMIN_TOKEN=$(openssl rand -base64 48) vaultwarden

Start with debug logging enabled and output to log file

LOG_LEVEL=debug LOG_FILE=/var/log/vaultwarden.log vaultwarden

Disable open registrations but allow signup via organization invites

SIGNUPS_ALLOWED=false INVITATIONS_ORG_ALLOW_SIGNUP=true vaultwarden

Run Vaultwarden in Docker container with persistent data volume

docker run -e ROCKET_PORT=8000 -e DOMAIN=https://vault.example.com -v /data:/data vaultwarden/server

Related commands

dockeropensslpsqlsqlite3
← All commands