Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Bitwarden - Self-hosted password manager

  • @will just a note, I don't believe fbartels version supports a using a dump for backing up the database. This means that if the backup is taken while the db is in a transaction, it could be corrupted.

    Bitwarden_rs now supports an admin API for making sqlite backups, but does not have any cron embedded. Similar to the way the LDAP sync tool works, an additional script could be added to periodically make dumps of the sqlite database so that it can be properly backed up.

    Instead, the version I have is using MySQL, which leverages the native Cloudron backup and restore functionality.

    That and the LDAP invite service are the real differences between the two forks. If you do not wish to use automated LDAP invites on my fork, you can select to opt out when installing. This is covered in the readme.

  • @iamthefij I just havent been able to get yours going using the steps I posted above

  • @will Which thing is failing? Building still works for me, even if I clear my cache. Make sure you do a git pull though. It looks like your build command is using the single build Dockerfile rather than the multi-phase one.

  • @iamthefij How do I use the multi stage dockerfile?

  • Staff

    It seems people are struggling to build. @iamthefij if you have your docker image public, you can just put it here. People can then install it as:

    cloudron install --image <image> # run this in the repo directory

    No need to build!

  • @girish good idea. Here's my build:

    @will The multi-stage build should be default if you've pulled the latest. Dockerfile should be a symblink to the multi-stage one.

  • Staff

    thanks @iamthefij

    For those looking to install this:

    $ git clone ssh://
    $ cd bitwardenrs-app
    $ cloudron install --image iamthefij/cloudron-app-bitwarden:0.3.0

    Aaaannd it's running:


    After installing, both my users got an invite to join bitwarden. Very cool.

  • @girish any reason not to have this in the app store as unstable? I'm assuming the only thing keeping for being officially released are tests need to be written etc?

  • @girish said in Bitwarden - Self-hosted password manager:

    After installing, both my users got an invite to join bitwarden

    Like, automatically?

  • Staff

    @jdaviescoates Yes, tests plus making sure we can actually maintain it in the long run (for example, if everything is pinned properly in the docker file, things like that). Usually, @nebulon and also do a round of manual testing and put some basic docs before putting it in unstable.

    @yusf yes, both users got the invite automatically.

  • @girish said in Bitwarden - Self-hosted password manager:

    @yusf yes, both users got the invite automatically.

    I'm guessing perhaps @yusf was asking because what if you don't want to invite all users automatically?

  • @jdaviescoates Namesake reads my mind.

  • @yusf 🙂 heh, I only just realised Yusf is obviously Yussef which of course is the same as Josef 😊

  • When installing, uncheck SSO.

  • @iamthefij I haven't followed the thread continously but is there a specific reason for emailing all users who are granted access to the app through the SSO?

  • @yusf Yea, the Readme describe the reasoning.

    There is no way to actually do true SSO without breaking the model for Bitwarden. The only thing that we can do is automatically invite users to sign up.

    The Bitwarden_rs project doesn't have a way to invite without sending an email as when an SMTP server is configured, it will generate unique invite links for each user.

    If you disable SSO, you only disable the auto-invite feature. You will then need to invite yourself via the Admin panel (admin token is echoed in the logs and in /app/data/admin_token). You can then invite anyone else you wish manually.

  • Is there a reliable way to move from Bitwarden SQLite (fbartels build) to Bitwarden MySQL (iamthefij build) including all attachments?

  • This post is deleted!

  • @iamthefij I can't login to the admin page. It keeps saying "invalid token"
    I did a fresh boot of the container, copied everything between access token= and HTTP/1.1"
    access_token= copied this giberish HTTP/1.1"


  • Staff

    Just to inform everyone here, today I've created a new gitlab project for this app package repo wise, based on @iamthefij version, however without relying on external dockerimages being mounted during app image building. The repo is at

    One thing I wanted to ask here is, how to deal with ldap sync. Generally this works currently by a cron job running every now and then, checking availalbe users on ldap and then will invite all users, which are not yet invited to the app instance. This has the current annoying thing, where if an admin wants to first try bitwarden on the Cloudron and does not restrict access during installation, the app will send out invites to all users. Since this is the default flow, I don't want to publish the app package like that. On the other hand I do see value in those invites being sent out at the point where the admin decides this app is good to be used.
    To not delay any package release further, we could avoid this topic by packaging it first without ldap, but I wanted to collect some feedback on this here in the thread first. It would be great if you all could share your ideal flow regarding this and maybe explain the use-cases briefly.

    Thanks! And even more thanks to @iamthefij for all the work done on the package already! 😄

Log in to reply