2 minute read  

Vaultwarden

Vaultwarden is a password manager with end-to-end encryption and multi-device synchronization. Written as a free (as freedom) alternative backend server for Bitwarden clients.

Why you need to use password manager?

Information security experts recommend using complex passwords and creating a unique one for each account. Even three or four passwords are difficult to remember, so people often use the same password or similar ones. A password manager solves this problem: it generates complex passwords and stores them in a convenient form. It can also be used with automatic password filling via a browser extension.

Why Vaultwarden server and Bitwarden clients?

There is a popular password manager called Bitwarden. The Bitwarden team develops the server and clients. Bitwarden’s server code is not free software; its source is available. What the difference?. Moreover, many useful features such as item sharing with more than two users, advanced two-factor authentication options, and organization management are only available on the paid tiers.

That’s why we use an alternative server implementation called Vaultwarden. You can use Bitwarden clients with Vaultwarden server without any issues.

Vaultwarden                          Bitwarden
    ||                                   ||
    \/                                   \/
  Server (SelfPrivacy instance) <--> Clients (Mobile app, Desktop)

• Bitwarden clients documentation

• Bitwarden clients source code (Github)

• Vaultwarden server documentation

• Vaultwarden server source code (Github)

Recommended clients

• WEB-interface: available after setting up the SelfPrivacy server, at https://password.YOUR.DOMAIN
• Official Bitwarden clients (GNU/Linux, Windows, macOS, Android, iOS)

Setting an admin token manually

First, we have to generate an admin token. Run the following:

nix-shell -p openssl --run 'openssl rand -base64 48'

It will output a string like this:

47pFSgYBbS0G0vCG63nX1yyblzgNaqZ40bNuJnwq2hvOy8ABfe+iHRfBeXlfrRdJ

This will be a password to your admin account. Copy it and paste it somewhere safe. To set it, we will run the following, replacing PASSWORD with the password you just generated:

jq '.bitwarden.adminToken = "PASSWORD"' /etc/selfprivacy/secrets.json > /etc/selfprivacy/secrets.json.new && mv /etc/selfprivacy/secrets.json.new /etc/selfprivacy/secrets.json

Now, we have to apply the changes. To do this, press “Upgrade server” in your app. After the upgrade is complete, restart Bitwarden using the app.

Now, your admin interface is available on https://password.YOUR.DOMAIN/admin.