Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[support] Vaultwarden (formerly Bitwarden_rs)

Featured Replies

Have any of you ever gotten a FIDO key to run in vaultwarden? When I try to register my Nitrokey 3C NFC as a WebAuthn passkey and I click on “Read key”, all I get is “There was a problem reading the security key. Try again.”.

  • Replies 734
  • Views 278.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I added the following to my reverse proxy for the admin panel   location /admin { return 404; } I only access the panel locally using the direct ip.

  • New repository is: vaultwarden/server:latest Change it in docker settings: Stop the container Rename repository to vaultwarden/server Hit Apply and start the container

  • log showing [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure. Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`. See: https://github.com/dani-gar

Posted Images

@Mark Augustin
I have 5 Keys registered in my Vaultwarden, 3 Yubikey 5C NFC, 1 Token2 Dual and 1 Token2 mini. Everything works like a charm.

Are there any infos in the container logs?

  • 2 weeks later...

When I click on "Read key", this pops up in my container log:

Bildschirmfoto_20250407_180045.png

Still, the webpage only shows me "There was a problem reading the security key. Try again.".

Bildschirmfoto_20250407_175943.png

Edited by Mark Augustin

  • 3 weeks later...

Been using this container for a while.

Since the last update, i keep getting a bad gateway when trying to connect to webui (both through nginx as direct).

Other dockers can be accessed through nginx properly, no issues in the logs visible.

 

Any help would be appreciated.

 

-----

 

So, appearantly i have to acces it via https.

But the container template doesn't show any mapping for that.

By default it has a 4743 routing to 80.

Should i add a 443 routing to 443? if so, how? i can't seem to set a target in the template.

 

---

it works again, changed nothing...

 

Edited by Caennanu

  • 1 month later...

it looks like im facing a similar problem like Caennanu

when i try to access Vaultwarden localy i get a infinite loading screen and nothing else. when i connect via proxy manager i get the same loading screen aswell.

any idea what i could do to fix this issue? i already restarted the docker several times.

in the logs i cant see anything strange.

Any help or hint would be appriciated.

image.png

I have the same problem. I cannot access it anymore. My bitwarden apps cannot sync with it, and when I try to open web ui from docker tab in unraid, i get the infinite loading screen as well.

Logs do not show any issues (only warning about admin token in plain text.

/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.34.1                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   https://github.com/dani-garcia/vaultwarden/discussions or        |
|   https://vaultwarden.discourse.group/                             |
| Report suspected bugs/issues in the software itself at:            |
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
\--------------------------------------------------------------------/

[INFO] Using saved config from `data/config.json` for configuration.

[WARNING] The following environment variables are being overridden by the config.json file.
[WARNING] Please use the admin panel to make changes to them:
[WARNING] SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, ADMIN_TOKEN

[NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.
Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`.
See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token

I need some help gang. I have Bitwarden installed and configured to connect to it outside my network via Cloudflare to my Nginx-Proxy-Manager-Official
container with SSL certs and on to the Bitwarden container. The connection stopped working around May 1 after it's been running for a year or so - and I can't seem to figure out what happend. I made no changes to my network that I think could impact it. To anyone that has this set up like this, where should I begin to troubleshoot?

Trying to hit it from outside, I get a cloudflare " Bad gateway Error code 502" page

On my network, I can get to the BW admin page w/ my token...but I can't to the normal BW front end. I don't get an error, just a spinner

Related: I had Overseer configured as well to access from the same way externally and it too is not working (Note: I can access it internally on my network)

I am very puzzled.

@Visuals There was a change were you can now only access it through a reverse proxy. This means it cannot just be accessed locally unless you have setup a reverse proxy for internal use.

@Nexus I'm not sure, I'd suggest you just review all your steps; ie, rewatch the video or follow a guide for the way you setup your vaultwarden and ensure everything is good/up-to-date. Did you IP change, is it not updating? Check all of that.


For those using a regular text password, just use this Password hasher which you can use to further encrypt and secure your Vaultwarden's admin password.



image.png

https://www.virustotal.com/gui/file/0bbc8ab95226488b938f666c7b145e0ee4b47c69e4c18e0140d9a9481f5df9f3/behavior

Argon2Encrytion.7z

Edited by JustOverride

Thanks. Something has gone terrible sideways with my routing and I can stumped.

@JustOverride is there more info on that change that only lets us access it via reverse proxy now?

I have reverse proxy infront of my instance and it had been working great but all of a sudden I cannot access it. I am getting timeout errors from cloudflare when trying to sync my vault.

NEVERMIND: my external IP had changed after so many years now. For some reason ddclient did not update it. Its working now.

Edited by neupsh

  • 1 month later...

Not sure if it is just me but I can't delete items anymore in the desktop app and browser extension. According to GitHub this seems to happen only to people who selfhost via third-party software like vaultwarden. Can somebody confirm this? I am using Bitwarden 2025.6.1

On 7/13/2025 at 5:31 PM, Amr0d said:

Not sure if it is just me but I can't delete items anymore in the desktop app and browser extension. According to GitHub this seems to happen only to people who selfhost via third-party software like vaultwarden. Can somebody confirm this? I am using Bitwarden 2025.6.1

I can confirm this. There are no Delete options/buttons/links in the plugin or desktop app.

I don't see how this can be a bug in Vaultwarden. Especially since it hasn't been updated since May. It's either a HUGE oversight in the client apps or something they did on purpose. Seems strange to screw with people self-hosting, but I also can't imagine how anyone would create such a bug.

I can't find any discussion of this on Reddit, nor have I been able to find the report on Github.

The only other cases of not being able to delete started a few months ago and only applied to users who were part of an organization. The issue was caused by a change to the database schema which wiped out user permissions to their own vaults ("can manage")

I did additional testing and this issue isn't affecting the iOS client (which is def. up to date)

Edited by Espressomatic

All I can do is confirm the issue. In Vaultwarden server app I still have the delete option, but not in the Bitwarden browser apps for Chrome or Firefox. I have not investigated any further due to lack of time.

Edit: Deleting still works on the Bitwaeden Android app.

Edited by linuxdevil

I'd love to find where on Github this is discussed, as was previously mentioned

Thanks for the links.

If you want a solution right now, you can edit the repository field in the Vaultwarden container and add ":testing" after "server" and re-pull.

After restarting the desktop app, the trash can will reappear. For the Firefox browser plugin, I had to delete the plugin and reinstall it.

Thanks for that; I will just wait it out, as I can delete things in the Vaultwarden app if I have to. It is not often that I have to delete something in Bitwarden.

Hey all!

I am trying to get Vaultwarden configured to use Authentik for SSO. However, after setting all the below docker container variables and restarting the docker, I still do not get the option to login with SSO from the Vaultwarden login screen. It still displays the normal login page.

SSO_ENABLED: "true"

SSO_OVERRIDE_PASSWORD_LOGIN: "false"

SSO_TYPE: "openidconnect"

SSO_OIDC_AUTO_DISCOVER_URL: "https://authentik.domain.com/application/o/vaultwarden/.well-known/openid-configuration"

SSO_OIDC_CLIENT_ID: "MY_CLIENT_ID_FROM_AUTHENTIK"

SSO_OIDC_CLIENT_SECRET: "MY_CLIENT_SECRET_FROM_AUTHENTIK"

SSO_OIDC_REDIRECT_URL: "https://vaultwarden.domain.com/sso/oidc-signin"

SSO_OIDC_SCOPES: "openid profile email"

SSO_ROLES_ENABLED: "false"

========

My Vaultwarden is behind Swag / NGINX reverse-proxy, I don't believe this impacts anything with SSO.

Can someone help me fix this?

Edited by gurulee

19 hours ago, gurulee said:

Hey all!

I am trying to get Vaultwarden configured to use Authentik for SSO. However, after setting all the below docker container variables and restarting the docker, I still do not get the option to login with SSO from the Vaultwarden login screen. It still displays the normal login page.

SSO_ENABLED: "true"

SSO_OVERRIDE_PASSWORD_LOGIN: "false"

SSO_TYPE: "openidconnect"

SSO_OIDC_AUTO_DISCOVER_URL: "https://authentik.domain.com/application/o/vaultwarden/.well-known/openid-configuration"

SSO_OIDC_CLIENT_ID: "MY_CLIENT_ID_FROM_AUTHENTIK"

SSO_OIDC_CLIENT_SECRET: "MY_CLIENT_SECRET_FROM_AUTHENTIK"

SSO_OIDC_REDIRECT_URL: "https://vaultwarden.domain.com/sso/oidc-signin"

SSO_OIDC_SCOPES: "openid profile email"

SSO_ROLES_ENABLED: "false"

========

My Vaultwarden is behind Swag / NGINX reverse-proxy, I don't believe this impacts anything with SSO.

Can someone help me fix this?

Learned that this version does not support OIDC and that I have to use this fork instead: https://github.com/Timshel/vaultwarden

Edited by gurulee

3 hours ago, gurulee said:

Learned that this version does not support OIDC and that I have to use this fork instead: https://github.com/Timshel/vaultwarden

Why not a PR or Contribution for the Fork Base than can OIDC for all?

15 hours ago, Revan335 said:

Why not a PR or Contribution for the Fork Base than can OIDC for all?

Agreed, that would make the most sense 😎. Existing PR: https://github.com/dani-garcia/vaultwarden/pull/3899

I'm now using fork: https://github.com/Timshel/vaultwarden , which does not have an issues or discussion section on the GitHub page...so I'm posting here if that's okay;

These are my Vaultwarden docker container variable settings:

SSO_AUTHORITY=https://authentik.mydomain.comapplication/o/vaultwarden/

SSO_CLIENT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

SSO_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

SSO_ENABLED=true

SSO_SCOPES=email profile offline_access

My Authentik redirect_uri is regex: ^https://vaultwarden\.mydomain\.com/sso-connector\.html$

️(I verified the request_uri via browser dev tools looking at header)

However, when I attempt to login with SSO, I get familiar error from Authentik:

"The request fails due to a missing, invalid, or mismatching redirection URI (redirect_uri)."

**********UPDATE********************************

Looking at the Vaultwarden debug logs, I see what appears to be the culprit:

[2025-07-26 14:05:54.038][request][INFO] GET /identity/connect/authorize?client_id=web&redirect_uri=htt

Which is the redirect_uri is getting truncated. But with the Timshel fork of Vaultwarden, there is not documented variable for the redirect_uri that I can see on Github in the https://github.com/Timshel/vaultwarden/blob/sso-support/SSO.md file....

I've even tried variables 'OIDC_REDIRECT_URI' AND 'SSO_REDIRECT_URI' in the container, but the environment variable is still not being correctly passed to or picked up by the running oidcwarden (Timshel fork of vaultwarden) container.

From docker console:
# printenv SSO_REDIRECT_URI

https://vaultwarden.mydomain.com/sso-connector.html

#


ANOTHER UPDATE WITH RESOLUTION:

Update:

Found the issue! The redirect URI in the request is http://localhost/identity/connect/oidc-signin, but this doesn't match my actual Vaultwarden domain.

The Problem, Vaultwarden is sending redirect_uri=http%3A%2F%2Flocalhost%2Fidentity%2Fconnect%2Foidc-signin (URL decoded: http://localhost/identity/connect/oidc-signin) but Authentik expects the actual domain where Vaultwarden is hosted.

Solution:

I need to configure the correct domain in Vaultwarden settings. Add this environment variable:

bashDOMAIN=https://your-actual-vaultwarden-domain.com

------------

After adding the 'DOMAIN' variable to the docker, I got past the Authentik 'Redirect URI Error'.

Now I'm just weighing the master password policy for the extra vault unlock master password prompt after successfully authenticating to Authentik...

Edited by gurulee

IMO, wait until SSO is supported fully in the main fork.

The better idea is to use VPN back to your server. I can't really find evidence of anyone using third-party SSO successfully long term with VW - as I'm sure you also must have realized while searching.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.