Submit a tool
Directory / privacy

Vaultwarden

privacysecurity

Unofficial Bitwarden-compatible server written in Rust. Run your own password manager backend that works with all official Bitwarden clients on a fraction of the hardware the official server needs

#passwords#bitwarden#self-hosted#security#vault
Alternative to 1PasswordLastPassBitwarden Cloud
Visit Website Source Code

Quick Start

docker run -d --name vaultwarden -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest

Overview

Vaultwarden is an unofficial reimplementation of the Bitwarden server API, written in Rust instead of the original .NET stack. The key implication: you run your own password manager backend that all official Bitwarden clients connect to as if it were the real service. The iOS app, Android app, browser extensions, and desktop clients work without modification. Your vault data lives on your server, not Bitwarden’s.

The resource difference from the official server is substantial. The official Bitwarden server is a .NET application that typically needs 1GB or more of RAM to run comfortably. Vaultwarden handles the same client traffic in roughly 10MB. That means it runs on a Raspberry Pi, on a VPS with 512MB RAM, or alongside other containers on shared hardware without noticeable overhead.

The feature coverage is complete for personal and small-team use. Organisations, collections, user groups, TOTP authentication, password sharing, and attachment storage all work. The only meaningful limitations are at the enterprise end: audit logging is basic and there is no official support contract.

The HTTPS requirement is worth stating clearly. Bitwarden clients will not connect to a Vaultwarden instance over plain HTTP. You need a valid certificate on the domain before the apps will work. A Traefik or Caddy reverse proxy with Let’s Encrypt handles this automatically and is the standard setup.

Vaultwarden is not officially endorsed by Bitwarden. The Bitwarden clients connect to it because it accurately implements the API, but a client update could theoretically change the API in a way that breaks compatibility. In practice, this has not been a recurring problem.

Vaultwarden: Pros & Cons

Pros (The Wins)Cons (The Friction)
Full client support:
Official Bitwarden apps on all
platforms work without changes.		Unofficial project:
Not endorsed by Bitwarden;
client updates could break it.
Tiny footprint:
10MB RAM versus 1GB+ for
the official .NET server.		HTTPS required:
Bitwarden clients refuse HTTP;
TLS setup needed before use.
Full feature set:
Orgs, collections, TOTP,
and sharing all work.		Basic audit logging:
No enterprise-grade access
logs or compliance reports.
61.4k stars:
Most popular self-hosted
password manager in homelabs.		Community support only:
No official security
disclosure or support channel.

Use Cases

Specific ways to use Vaultwarden for your workflow.

01
Host your own password manager so your vault never leaves infrastructure you control
02
Run a shared password vault for a small team or household with per-user access and organisation folders
03
Replace a 1Password or LastPass subscription with a self-hosted alternative that uses the Bitwarden app ecosystem
04
Store secrets, API keys, and credentials with the full Bitwarden client experience on minimal hardware

Deployment Strategy

Recommended ways to host Vaultwarden in your own environment.

docker
self-hosted