Skip to content

Configuration overview

Jump to bottom Edit New page
Jeremy Lin edited this page Aug 16, 2021 · 17 revisions

Configuration methods

In vaultwarden, you can perform configuration either via environment variables or an admin page (which writes settings to a config.json file under your data directory). It's important to note that each setting in config.json overrides the corresponding environment variable setting (if it exists). For example, if you set the environment variable DOMAIN=https://bitwarden.example.com, but your config.json includes "domain": "https://vw.example.com", then vaultwarden will generate various links based on what's in the config file (https://vw.example.com).

A common source of confusion is enabling the admin page (which creates the config.json file), changing some settings via the admin page (which sets the corresponding values in config.json), then later trying to change those settings via environment variable (which doesn't work because config.json overrides env vars). To avoid this confusion, it's highly recommended to stick to one configuration method or the other; that is, configure entirely via environment variables, or entirely via config.json (whether using the admin page or editing config.json directly).

Note that config settings under the Read-Only Config section of the admin page can only be set via environment variables, so you must restart vaultwarden to make changes to them. If you keep these environment variables in a file named .env, you can load them as follows:

  • With standalone vaultwarden, by putting .env in the current working directory. vaultwarden will attempt to load this file on startup.
  • With Docker, by using docker run --env-file <env-file> ... (to have Docker load the env file) or docker run -v /path/to/.env:/.env (to have vaultwarden load the .env file from inside the container). If you use --env-file, note that Docker does not unquote values, so make sure to use key=val rather than key="val" or key='val'.
  • With Docker Compose, by using the env_file directive.

Configuration options

You can find the list of environment variables you can set at

https://github.com/dani-garcia/vaultwarden/blob/master/.env.template

If you enable the admin page, that will also show the full list of config options.

In case there are any errors or omissions, the source of truth is

https://github.com/dani-garcia/vaultwarden/blob/master/src/config.rs (search for make_config! {)

Or you can use this direct link if your (Chromium-based) browser supports text fragments:

https://github.com/dani-garcia/vaultwarden/blob/master/src/config.rs#LC290:~:text=make_config!%20%7B,-folders

Setting the domain URL

Make sure to set the DOMAIN environment variable (or domain in the config file) to the URL you use to access your vaultwarden instance. If you don't, it's likely that various functionality will break mysteriously. Some examples:

  • https://bitwarden.example.com
  • https://bitwarden.example.com:8443 (non-default port)
  • https://host.example.com/bitwarden (subdir hosting -- avoid URL-rewriting tricks whenever possible)
Add a custom footer

FAQs

  1. FAQs
  2. Audits
  3. Supporting upstream development

Troubleshooting

  1. Logging
  2. Bitwarden Android troubleshooting

Container Image Usage

  1. Which container image to use
  2. Starting a container
  3. Using Docker Compose
  4. Using Podman
  5. Updating the vaultwarden image

Reverse Proxy

  1. Proxy examples
  2. Using an alternate base dir (subdir/subpath)

HTTPS

  1. Enabling HTTPS
  2. Running a private vaultwarden instance with Let's Encrypt certs

Configuration

  1. Overview
  2. Enabling admin page
  3. SMTP configuration
  4. Disable registration of new users
  5. Disable invitations
  6. Enabling WebSocket notifications
  7. Enabling Mobile Client push notification
  8. Enabling SSO support using OpenId Connect
  9. Other configuration

Database

  1. Using the MariaDB (MySQL) Backend
  2. Using the PostgreSQL Backend
  3. Running without WAL enabled
  4. Migrating from MariaDB (MySQL) to SQLite

Security

  1. Hardening Guide
  2. Password hint display
  3. Enabling U2F and FIDO2 WebAuthn authentication
  4. Enabling YubiKey OTP authentication
  5. Fail2Ban Setup
  6. Fail2Ban + ModSecurity + Traefik + Docker

Performance

  1. Changing the API request size limit
  2. Changing the number of workers

Customization

  1. Translating the email templates
  2. Translating admin page
  3. Customize Vaultwarden CSS
  4. Using custom website icons
  5. Disabling or overriding the Vault interface hosting

Backup

  1. General (not docker)
  2. Backing up your vault

Development

  1. Building binary
  2. Building your own docker image
  3. Git hooks
  4. Differences from the upstream API implementation

Alternative deployments

  1. Pre-built binaries
  2. Creating a systemd service
  3. Third-party packages
  4. Deployment examples
  5. Disable the admin token

Other Information

  1. Importing data from Keepass or KeepassX
  2. Changing persistent data location
  3. Syncing users from LDAP
  4. Caddy 2.x with Cloudflare DNS
  5. Logrotate example
Clone this wiki locally