Vaultwarden
Vaultwarden
Get Started with Apps!
Get Started with Apps!
App Version: 1.33.2
(Changelog)
Keywords: password, manager
Train: Community
Home Page: https://github.com/dani-garcia/vaultwarden
Keywords: password, manager
Train: Community
Home Page: https://github.com/dani-garcia/vaultwarden
Vaultwarden Details
Added: 2024-09-19
Last Updated: 2025-04-23
Added: 2024-09-19
Last Updated: 2025-04-23
Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients.
Run as Context- Vaultwarden runs as any non-root user.
Group: 568 / vaultwarden
User: 568 / vaultwarden - Postgres runs as non-root user.
Group: 999 / postgres
User: 999 / postgres
Screenshots
×
![Full Screenshot]()
App Metadata (Raw File)
{
"1.2.17": {
"healthy": true,
"supported": true,
"healthy_error": null,
"location": "/__w/apps/apps/trains/community/vaultwarden/1.2.17",
"last_update": "2025-04-23 17:40:39",
"required_features": [],
"human_version": "1.33.2_1.2.17",
"version": "1.2.17",
"app_metadata": {
"app_version": "1.33.2",
"capabilities": [],
"categories": [
"security"
],
"changelog_url": "https://github.com/dani-garcia/vaultwarden/releases",
"date_added": "2024-09-19",
"description": "Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients.",
"home": "https://github.com/dani-garcia/vaultwarden",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/vaultwarden/icons/icon.png",
"keywords": [
"password",
"manager"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "vaultwarden",
"run_as_context": [
{
"description": "Vaultwarden runs as any non-root user.",
"gid": 568,
"group_name": "vaultwarden",
"uid": 568,
"user_name": "vaultwarden"
},
{
"description": "Postgres runs as non-root user.",
"gid": 999,
"group_name": "postgres",
"uid": 999,
"user_name": "postgres"
}
],
"screenshots": [
"https://media.sys.truenas.net/apps/vaultwarden/screenshots/screenshot1.png"
],
"sources": [
"https://github.com/dani-garcia/vaultwarden"
],
"title": "Vaultwarden",
"train": "community",
"version": "1.2.17"
},
"schema": {
"groups": [
{
"name": "Vaultwarden Configuration",
"description": "Configure Vaultwarden"
},
{
"name": "User and Group Configuration",
"description": "Configure User and Group for Vaultwarden"
},
{
"name": "Network Configuration",
"description": "Configure Network for Vaultwarden"
},
{
"name": "Storage Configuration",
"description": "Configure Storage for Vaultwarden"
},
{
"name": "Labels Configuration",
"description": "Configure Labels for Vaultwarden"
},
{
"name": "Resources Configuration",
"description": "Configure Resources for Vaultwarden"
}
],
"questions": [
{
"variable": "TZ",
"group": "Vaultwarden Configuration",
"label": "Timezone",
"schema": {
"type": "string",
"default": "Etc/UTC",
"required": true,
"$ref": [
"definitions/timezone"
]
}
},
{
"variable": "vaultwarden",
"label": "",
"group": "Vaultwarden Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "postgres_image_selector",
"label": "Postgres Image (CAUTION)",
"description": "If you are changing this after the postgres directory has been initialized,</br>\nSTOP! and make sure you have a backup of your data.</br>\nChanging this will trigger an one way database upgrade.</br>\nYou can only select newer versions of postgres.</br>\nSelecting an older version will refuse to start.</br>\nIf something goes wrong, you will have to restore from backup.\n",
"schema": {
"type": "string",
"default": "postgres_15_image",
"required": true,
"enum": [
{
"value": "postgres_15_image",
"description": "Postgres 15"
},
{
"value": "postgres_17_image",
"description": "Postgres 17"
}
]
}
},
{
"variable": "db_password",
"label": "Database Password",
"description": "The password for Vaultwarden.",
"schema": {
"type": "string",
"default": "",
"required": true,
"private": true
}
},
{
"variable": "admin_token",
"label": "Admin Token",
"description": "Setting this, will enable the admin portal",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "additional_envs",
"label": "Additional Environment Variables",
"description": "Configure additional environment variables for Vaultwarden.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "env",
"label": "Environment Variable",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "name",
"label": "Name",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "run_as",
"label": "",
"group": "User and Group Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "user",
"label": "User ID",
"description": "The user id that Vaultwarden files will be owned by.",
"schema": {
"type": "int",
"min": 568,
"default": 568,
"required": true
}
},
{
"variable": "group",
"label": "Group ID",
"description": "The group id that Vaultwarden files will be owned by.",
"schema": {
"type": "int",
"min": 568,
"default": 568,
"required": true
}
}
]
}
},
{
"variable": "network",
"label": "",
"group": "Network Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "web_port",
"label": "WebUI Port",
"description": "The port for Vaultwarden WebUI",
"schema": {
"type": "int",
"default": 30032,
"required": true,
"$ref": [
"definitions/port"
]
}
},
{
"variable": "ws_enabled",
"label": "Enable Websocket",
"description": "Enable Websocket for Vaultwarden.",
"schema": {
"type": "boolean",
"default": true
}
},
{
"variable": "ws_port",
"label": "Websocket Port",
"description": "The port for Vaultwarden Websocket",
"schema": {
"type": "int",
"default": 30033,
"show_if": [
[
"ws_enabled",
"=",
true
]
],
"required": true,
"$ref": [
"definitions/port"
]
}
},
{
"variable": "certificate_id",
"label": "Certificate ID",
"description": "The certificate to use for Vaultwarden </br>\nUsing the Rocket method for TLS setup is NOT recommended </br>\nPrefer a reverse proxy with a valid certificate\n",
"schema": {
"type": "int",
"null": true,
"$ref": [
"definitions/certificate"
]
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for Vaultwarden </br>\nFormat is: https://sub.domain.tld:port\n",
"schema": {
"type": "uri",
"default": ""
}
}
]
}
},
{
"variable": "storage",
"label": "",
"group": "Storage Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "data",
"label": "Vaultwarden Data Storage",
"description": "The path to store Vaultwarden Data.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\n",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "data"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
}
]
}
},
{
"variable": "postgres_data",
"label": "Vaultwarden Postgres Data Storage",
"description": "The path to store Vaultwarden Postgres Data.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\n",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "postgres_data"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
},
{
"variable": "auto_permissions",
"label": "Automatic Permissions",
"description": "Automatically set permissions for the host path.\nEnabling this, will check the top level directory,</br>\nIf it finds incorrect permissions, it will `chown` the\nhost path to the user and group required for the\npostgres container.\n",
"schema": {
"type": "boolean",
"default": false,
"show_if": [
[
"acl_enable",
"=",
false
]
]
}
}
]
}
}
]
}
},
{
"variable": "additional_storage",
"label": "Additional Storage",
"description": "Additional storage for Vaultwarden.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "storageEntry",
"label": "Storage Entry",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.</br>\nSMB Share: Is a SMB share that is mounted to as a volume.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"immutable": true,
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "cifs",
"description": "SMB/CIFS Share (Mounts a volume to a SMB share)"
}
]
}
},
{
"variable": "read_only",
"label": "Read Only",
"description": "Mount the volume as read only.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "mount_path",
"label": "Mount Path",
"description": "The path inside the container to mount the storage.",
"schema": {
"type": "path",
"required": true
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "storage_entry"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
}
]
}
},
{
"variable": "cifs_config",
"label": "SMB Configuration",
"description": "The configuration for the SMB dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"cifs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "username",
"label": "Username",
"description": "The username to use for the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "password",
"label": "Password",
"description": "The password to use for the SMB share.",
"schema": {
"type": "string",
"required": true,
"private": true
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for the SMB share.",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "labels",
"label": "",
"group": "Labels Configuration",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "label",
"label": "Label",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "key",
"label": "Key",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "containers",
"label": "Containers",
"description": "Containers where the label should be applied",
"schema": {
"type": "list",
"items": [
{
"variable": "container",
"label": "Container",
"schema": {
"type": "string",
"required": true,
"enum": [
{
"value": "vaultwarden",
"description": "vaultwarden"
},
{
"value": "postgres",
"description": "postgres"
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "resources",
"label": "",
"group": "Resources Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "limits",
"label": "Limits",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "cpus",
"label": "CPUs",
"description": "CPUs limit for Vaultwarden.",
"schema": {
"type": "int",
"default": 2,
"required": true
}
},
{
"variable": "memory",
"label": "Memory (in MB)",
"description": "Memory limit for Vaultwarden.",
"schema": {
"type": "int",
"default": 4096,
"required": true
}
}
]
}
}
]
}
}
]
},
"readme": "<h1>Vaultwarden</h1> <p><a href=\"https://github.com/dani-garcia/vaultwarden\">Vaultwarden</a> Alternative implementation of the <code>Bitwarden</code> server API written in Rust and compatible with upstream Bitwarden clients</p> <p>While the option to use <code>Rocket</code> for TLS is there, it is not <a href=\"https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket\">recommended</a>. Instead, use a reverse proxy to handle TLS termination.</p> <p>Using <code>HTTPS</code> is <strong>required</strong> for the most of the features to work (correctly).</p>",
"changelog": null,
"chart_metadata": {
"app_version": "1.33.2",
"capabilities": [],
"categories": [
"security"
],
"changelog_url": "https://github.com/dani-garcia/vaultwarden/releases",
"date_added": "2024-09-19",
"description": "Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients.",
"home": "https://github.com/dani-garcia/vaultwarden",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/vaultwarden/icons/icon.png",
"keywords": [
"password",
"manager"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "vaultwarden",
"run_as_context": [
{
"description": "Vaultwarden runs as any non-root user.",
"gid": 568,
"group_name": "vaultwarden",
"uid": 568,
"user_name": "vaultwarden"
},
{
"description": "Postgres runs as non-root user.",
"gid": 999,
"group_name": "postgres",
"uid": 999,
"user_name": "postgres"
}
],
"screenshots": [
"https://media.sys.truenas.net/apps/vaultwarden/screenshots/screenshot1.png"
],
"sources": [
"https://github.com/dani-garcia/vaultwarden"
],
"title": "Vaultwarden",
"train": "community",
"version": "1.2.17"
}
}
}Support, maintenance, and documentation for applications within the Community catalog is handled by the TrueNAS community. The TrueNAS Applications Portal hosts but does not validate or maintain any linked resources associated with this app.
There currently aren’t any resources available for this application!
Please help the TrueNAS community create content or discuss this application in the TrueNAS Community forum.