Bitwarden is widely considered the best password manager for most users, but its cloud service means your encrypted vault sits on someone else’s servers. Vaultwarden is an unofficial open-source Bitwarden server implementation that you can run on any hardware you control. Here’s how to set it up.
**What You’ll Need**
– A server or VPS (a $6/month DigitalOcean Droplet works fine)
– A domain name
– Basic comfort with a Linux terminal
– About 45 minutes
**Step 1: Install Docker**
Vaultwarden runs as a Docker container. Install Docker with the official convenience script:
“`bash
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
“`
**Step 2: Set Up the Vaultwarden Container**
Create a directory for Vaultwarden data and a docker-compose.yml file:
“`yaml
version: ‘3’
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
volumes:
– ./vw-data:/data
environment:
– DOMAIN=https://vault.yourdomain.com
– SIGNUPS_ALLOWED=false
– ADMIN_TOKEN=your-random-secret-token
ports:
– 8080:80
“`
Run with `docker compose up -d`.
**Step 3: Configure a Reverse Proxy with SSL**
Install nginx and certbot, then create a reverse proxy configuration pointing to port 8080. Issue a Let’s Encrypt certificate for your domain.
Bitwarden clients require HTTPS — self-signed certificates won’t work with the official apps.
**Step 4: Create Your Account**
Before disabling signups, visit your Vaultwarden URL and create your account. Then set `SIGNUPS_ALLOWED=false` in your docker-compose.yml and restart the container.
**Step 5: Connect Bitwarden Clients**
In the official Bitwarden app (iOS, Android, Windows, macOS, browser extension), tap the server URL field and enter your Vaultwarden domain. Log in with your credentials.
Everything works identically to Bitwarden’s cloud service, including organization sharing and TOTP authentication.
**Backup Strategy**
Back up the `./vw-data` directory regularly. A simple cron job that tars and uploads to S3 or Backblaze B2 is sufficient. Vaultwarden’s data directory is small — typically under 50MB even with hundreds of entries.