Skip to content

Running without WAL enabled

Jump to bottom Edit New page
docgalaxyblock edited this page Mar 10, 2024 · 11 revisions

Important

WAL is an SQLite-specific setting. It is not applicable to MySQL or PostgreSQL; if you are using one of these backends, the ENABLE_DB_WAL config option has no effect.

By default during the startup vaultwarden will try to enable WAL for the DB. Adding this improves performance and in the past helped preventing failed requests under some circumstances.

Reasons to turn WAL off

Generally speaking, unless you're absolutely sure that you need to turn WAL off, you should leave it enabled. However, there might be some valid cases to turn it off. For example:

  • Some filesystems don't support WAL - this is especially true for network filesystems. If you're using such filesystem, the service will fail to start with Failed to turn on WAL error message.
  • The database requires sqlite version 3.7.0 or newer, so if you for any reason (for example backups) require to access the DB directly with some other tool that cannot be updated, you might need to disable WAL.
  • One of the disadvantages described here affects you

How to turn WAL off

0. Make backup

These changes are generally safe and can be done without data loss, however backing up your data prior to any changes is strongly advised.

1. Disable WAL on old DB

If you have old DB, that was used with WAL enabled, you need to disable it using sqlite:

  1. Stop vaultwarden
  2. Locate your data folder. Normally there will be db.sqlite3 file there unless you specified some other name to use.
  3. Open the file using sqlite:
sqlite3 db.sqlite3
  1. Disable WAL by typing PRAGMA journal_mode=delete; and pressing enter:
sqlite> PRAGMA journal_mode=delete;
delete
  1. Quit sqlite utility by typing .quit and pressing enter. (notice the dot at the beginning)

2. Disable WAL in vaultwarden

To turn WAL off, you need to start vaultwarden with ENABLE_DB_WAL variable set to false:

docker run -d --name vaultwarden \
  -e ENABLE_DB_WAL=false \
  -v /vw-data/:/data/ \
  -p 80:80 \
  vaultwarden/server:latest

Make sure to always start with this variable present as starting even once without it will enable WAL again. (if that happens start at the first step to disable it again)

How to turn WAL on

Generally speaking you just start vaultwarden without ENABLE_DB_WAL set to false and server will automatically enable WAL for you. You can verify this by running:

sqlite3 db.sqlite3 'PRAGMA journal_mode'

Where db.sqlite3 is the DB file used by vaultwarden. It should return back the mode that is currently used, so in our case it's wal. Disabled WAL will typically report back delete as this is the default.

Add a custom footer

FAQs

  1. FAQs
  2. Audits
  3. Supporting upstream development

Troubleshooting

  1. Logging
  2. Bitwarden Android troubleshooting

Container Image Usage

  1. Which container image to use
  2. Starting a container
  3. Using Docker Compose
  4. Using Podman
  5. Updating the vaultwarden image

Reverse Proxy

  1. Proxy examples
  2. Using an alternate base dir (subdir/subpath)

HTTPS

  1. Enabling HTTPS
  2. Running a private vaultwarden instance with Let's Encrypt certs

Configuration

  1. Overview
  2. Enabling admin page
  3. SMTP configuration
  4. Disable registration of new users
  5. Disable invitations
  6. Enabling WebSocket notifications
  7. Enabling Mobile Client push notification
  8. Enabling SSO support using OpenId Connect
  9. Other configuration

Database

  1. Using the MariaDB (MySQL) Backend
  2. Using the PostgreSQL Backend
  3. Running without WAL enabled
  4. Migrating from MariaDB (MySQL) to SQLite

Security

  1. Hardening Guide
  2. Password hint display
  3. Enabling U2F and FIDO2 WebAuthn authentication
  4. Enabling YubiKey OTP authentication
  5. Fail2Ban Setup
  6. Fail2Ban + ModSecurity + Traefik + Docker

Performance

  1. Changing the API request size limit
  2. Changing the number of workers

Customization

  1. Translating the email templates
  2. Translating admin page
  3. Customize Vaultwarden CSS
  4. Using custom website icons
  5. Disabling or overriding the Vault interface hosting

Backup

  1. General (not docker)
  2. Backing up your vault

Development

  1. Building binary
  2. Building your own docker image
  3. Git hooks
  4. Differences from the upstream API implementation

Alternative deployments

  1. Pre-built binaries
  2. Creating a systemd service
  3. Third-party packages
  4. Deployment examples
  5. Disable the admin token

Other Information

  1. Importing data from Keepass or KeepassX
  2. Changing persistent data location
  3. Syncing users from LDAP
  4. Caddy 2.x with Cloudflare DNS
  5. Logrotate example
Clone this wiki locally