-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Configuration overview
In vaultwarden, you can perform configuration either via environment variables or an admin page (which writes settings to a config.json file under your data directory). It's important to note that each setting in config.json overrides the corresponding environment variable setting (if it exists). For example, if you set the environment variable DOMAIN=https://bitwarden.example.com, but your config.json includes "domain": "https://vw.example.com", then vaultwarden will generate various links based on what's in the config file (https://vw.example.com).
A common source of confusion is enabling the admin page (which creates the config.json file), changing some settings via the admin page (which sets the corresponding values in config.json), then later trying to change those settings via environment variable (which doesn't work because config.json overrides env vars). To avoid this confusion, it's highly recommended to stick to one configuration method or the other; that is, configure entirely via environment variables, or entirely via config.json (whether using the admin page or editing config.json directly).
Note that config settings under the Read-Only Config section of the admin page can only be set via environment variables, so you must restart vaultwarden to make changes to them. If you keep these environment variables in a file named .env, you can load them as follows:
- With standalone vaultwarden, by putting
.envin the current working directory. vaultwarden will attempt to load this file on startup. - With Docker, by using
docker run --env-file <env-file> ...(to have Docker load the env file) ordocker run -v /path/to/.env:/.env(to have vaultwarden load the.envfile from inside the container). If you use--env-file, note that Docker does not unquote values, so make sure to usekey=valrather thankey="val"orkey='val'. - With Docker Compose, by using the
env_filedirective.
You can find the list of environment variables you can set at
https://github.com/dani-garcia/vaultwarden/blob/master/.env.template
If you enable the admin page, that will also show the full list of config options.
In case there are any errors or omissions, the source of truth is
https://github.com/dani-garcia/vaultwarden/blob/master/src/config.rs (search for make_config! {)
Or you can use this direct link if your (Chromium-based) browser supports text fragments:
Make sure to set the DOMAIN environment variable (or domain in the config file) to the URL you use to access your vaultwarden instance. If you don't, it's likely that various functionality will break mysteriously. Some examples:
https://bitwarden.example.com-
https://bitwarden.example.com:8443(non-default port) -
https://host.example.com/bitwarden(subdir hosting -- avoid URL-rewriting tricks whenever possible)
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration