3 min to read

Understanding and Installing Vaultwarden - A Self-Hosted Password Manager

A comprehensive guide to Vaultwarden deployment on Kubernetes

Featured image

Image Reference link


Overview

Today, we’ll explore Vaultwarden, a lightweight alternative to the official Bitwarden server. We’ll cover its features and implement it using Helm on Kubernetes.


🔐 What is Vaultwarden?

Vaultwarden is an open-source, self-hosted alternative to the official Bitwarden server. Built with Rust instead of .NET, it offers:

  • Lightweight and efficient password management
  • Compatibility with official Bitwarden clients
  • Perfect solution for individuals and small teams
  • Private data management without relying on Bitwarden cloud services


Key Features

1. Lightweight & Efficient
  • Minimal resource requirements
  • Ideal for Raspberry Pi or small virtual servers
  • Optimized performance

2. Compatibility
  • Works with official Bitwarden clients
  • Supports mobile apps and browser extensions
  • Seamless integration with existing tools

3. Customization
  • Configurable user registration
  • OAuth support
  • Two-factor authentication
  • Organization sharing capabilities


Differences from Bitwarden

1. Community Support
  • No official Bitwarden support
  • Community-driven development

2. Feature Limitations
  • Core features supported
  • Some enterprise features unavailable

3. Identity Management
  • Custom OAuth configuration required


Installation Guide

1. Prepare Helm Repository

# Clone charts repository
git clone https://github.com/gissilabs/charts.git

# Add Helm repository
helm repo add gissilabs https://gissilabs.github.io/charts/

# Prepare values file
cd ~/charts/vaultwarden
mkdir values
cp values.yaml values/mgmt.yaml

2. Configure Backup Templates

Create templates/backup-cronjob.yaml

Create templates/backup-persistentvolumeclaim.yaml

3. Configure Values File

Example mgmt.yaml

database:
  type: sqlite
  wal: true

vaultwarden:
  verifySignup: false
  admin:
    enabled: true
    disableAdminToken: false
    token: "Somaz!123"
  
  emergency:
    enabled: true

service:
  type: ClusterIP
  httpPort: 80

ingress:
  enabled: true
  className: "nginx"
  host: "vaultwarden.somaz.link"
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

persistence:
  enabled: true
  size: 25Gi
  storageClass: "default"

4. Deploy Vaultwarden

# Verify configuration
helm lint --values ./values/mgmt.yaml

# Test installation
helm install vaultwarden . -n vaultwarden \
  -f ./values/mgmt.yaml --create-namespace --dry-run

# Install
helm install vaultwarden . -n vaultwarden \
  -f ./values/mgmt.yaml --create-namespace


SMTP Configuration (Optional)

Add to your values file:

smtp:
  enabled: true
  host: "smtp.office365.com"
  from: "noreply@somaz.link"
  fromName: "Somaz, Inc."
  security: starttls
  port: 587
  timeout: 15
  user: ""
  password: ""


Upgrade Process

To upgrade your installation:

helm upgrade vaultwarden . -n vaultwarden -f ./values/mgmt.yaml

vaultwarden-console


References