Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. App Wishlist
  3. Bitwarden - Self-hosted password manager

Bitwarden - Self-hosted password manager

Scheduled Pinned Locked Moved Solved App Wishlist
218 Posts 20 Posters 121.0k Views 29 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • girishG girish

      thanks @iamthefij

      For those looking to install this:

      $ git clone ssh://git@git.cloudron.io:6000/iamthefij/bitwardenrs-app.git
      $ cd bitwardenrs-app
      $ cloudron install --image iamthefij/cloudron-app-bitwarden:0.3.0
      

      Aaaannd it's running:

      testing.png

      After installing, both my users got an invite to join bitwarden. Very cool.

      yusfY Offline
      yusfY Offline
      yusf
      wrote on last edited by
      #201

      @girish said in Bitwarden - Self-hosted password manager:

      After installing, both my users got an invite to join bitwarden

      Like, automatically?

      1 Reply Last reply
      1
      • girishG Do not disturb
        girishG Do not disturb
        girish
        Staff
        wrote on last edited by
        #202

        @jdaviescoates Yes, tests plus making sure we can actually maintain it in the long run (for example, if everything is pinned properly in the docker file, things like that). Usually, @nebulon and also do a round of manual testing and put some basic docs before putting it in unstable.

        @yusf yes, both users got the invite automatically.

        jdaviescoatesJ 1 Reply Last reply
        1
        • girishG girish

          @jdaviescoates Yes, tests plus making sure we can actually maintain it in the long run (for example, if everything is pinned properly in the docker file, things like that). Usually, @nebulon and also do a round of manual testing and put some basic docs before putting it in unstable.

          @yusf yes, both users got the invite automatically.

          jdaviescoatesJ Offline
          jdaviescoatesJ Offline
          jdaviescoates
          wrote on last edited by
          #203

          @girish said in Bitwarden - Self-hosted password manager:

          @yusf yes, both users got the invite automatically.

          I'm guessing perhaps @yusf was asking because what if you don't want to invite all users automatically?

          I use Cloudron with Gandi & Hetzner

          yusfY 1 Reply Last reply
          1
          • jdaviescoatesJ jdaviescoates

            @girish said in Bitwarden - Self-hosted password manager:

            @yusf yes, both users got the invite automatically.

            I'm guessing perhaps @yusf was asking because what if you don't want to invite all users automatically?

            yusfY Offline
            yusfY Offline
            yusf
            wrote on last edited by
            #204

            @jdaviescoates Namesake reads my mind.

            jdaviescoatesJ 1 Reply Last reply
            1
            • yusfY yusf

              @jdaviescoates Namesake reads my mind.

              jdaviescoatesJ Offline
              jdaviescoatesJ Offline
              jdaviescoates
              wrote on last edited by
              #205

              @yusf 🙂 heh, I only just realised Yusf is obviously Yussef which of course is the same as Josef 😊

              I use Cloudron with Gandi & Hetzner

              1 Reply Last reply
              1
              • iamthefijI Offline
                iamthefijI Offline
                iamthefij
                App Dev
                wrote on last edited by
                #206

                When installing, uncheck SSO.

                yusfY 1 Reply Last reply
                0
                • iamthefijI iamthefij

                  When installing, uncheck SSO.

                  yusfY Offline
                  yusfY Offline
                  yusf
                  wrote on last edited by
                  #207

                  @iamthefij I haven't followed the thread continously but is there a specific reason for emailing all users who are granted access to the app through the SSO?

                  iamthefijI 1 Reply Last reply
                  1
                  • yusfY yusf

                    @iamthefij I haven't followed the thread continously but is there a specific reason for emailing all users who are granted access to the app through the SSO?

                    iamthefijI Offline
                    iamthefijI Offline
                    iamthefij
                    App Dev
                    wrote on last edited by
                    #208

                    @yusf Yea, the Readme describe the reasoning.

                    There is no way to actually do true SSO without breaking the model for Bitwarden. The only thing that we can do is automatically invite users to sign up.

                    The Bitwarden_rs project doesn't have a way to invite without sending an email as when an SMTP server is configured, it will generate unique invite links for each user.

                    If you disable SSO, you only disable the auto-invite feature. You will then need to invite yourself via the Admin panel (admin token is echoed in the logs and in /app/data/admin_token). You can then invite anyone else you wish manually.

                    W 1 Reply Last reply
                    3
                    • necrevistonnezrN Offline
                      necrevistonnezrN Offline
                      necrevistonnezr
                      wrote on last edited by
                      #209

                      Is there a reliable way to move from Bitwarden SQLite (fbartels build) to Bitwarden MySQL (iamthefij build) including all attachments?

                      1 Reply Last reply
                      0
                      • girishG girish

                        thanks @iamthefij

                        For those looking to install this:

                        $ git clone ssh://git@git.cloudron.io:6000/iamthefij/bitwardenrs-app.git
                        $ cd bitwardenrs-app
                        $ cloudron install --image iamthefij/cloudron-app-bitwarden:0.3.0
                        

                        Aaaannd it's running:

                        testing.png

                        After installing, both my users got an invite to join bitwarden. Very cool.

                        W Offline
                        W Offline
                        will
                        wrote on last edited by will
                        #210
                        This post is deleted!
                        1 Reply Last reply
                        0
                        • iamthefijI iamthefij

                          @yusf Yea, the Readme describe the reasoning.

                          There is no way to actually do true SSO without breaking the model for Bitwarden. The only thing that we can do is automatically invite users to sign up.

                          The Bitwarden_rs project doesn't have a way to invite without sending an email as when an SMTP server is configured, it will generate unique invite links for each user.

                          If you disable SSO, you only disable the auto-invite feature. You will then need to invite yourself via the Admin panel (admin token is echoed in the logs and in /app/data/admin_token). You can then invite anyone else you wish manually.

                          W Offline
                          W Offline
                          will
                          wrote on last edited by
                          #211

                          @iamthefij I can't login to the admin page. It keeps saying "invalid token"
                          I did a fresh boot of the container, copied everything between access token= and HTTP/1.1"
                          access_token= copied this giberish HTTP/1.1"

                          Thoughts?

                          1 Reply Last reply
                          0
                          • nebulonN Offline
                            nebulonN Offline
                            nebulon
                            Staff
                            wrote on last edited by
                            #212

                            Just to inform everyone here, today I've created a new gitlab project for this app package repo wise, based on @iamthefij version, however without relying on external dockerimages being mounted during app image building. The repo is at https://git.cloudron.io/cloudron/bitwardenrs

                            One thing I wanted to ask here is, how to deal with ldap sync. Generally this works currently by a cron job running every now and then, checking availalbe users on ldap and then will invite all users, which are not yet invited to the app instance. This has the current annoying thing, where if an admin wants to first try bitwarden on the Cloudron and does not restrict access during installation, the app will send out invites to all users. Since this is the default flow, I don't want to publish the app package like that. On the other hand I do see value in those invites being sent out at the point where the admin decides this app is good to be used.
                            To not delay any package release further, we could avoid this topic by packaging it first without ldap, but I wanted to collect some feedback on this here in the thread first. It would be great if you all could share your ideal flow regarding this and maybe explain the use-cases briefly.

                            Thanks! And even more thanks to @iamthefij for all the work done on the package already! 😄

                            W iamthefijI d19dotcaD 3 Replies Last reply
                            5
                            • nebulonN nebulon

                              Just to inform everyone here, today I've created a new gitlab project for this app package repo wise, based on @iamthefij version, however without relying on external dockerimages being mounted during app image building. The repo is at https://git.cloudron.io/cloudron/bitwardenrs

                              One thing I wanted to ask here is, how to deal with ldap sync. Generally this works currently by a cron job running every now and then, checking availalbe users on ldap and then will invite all users, which are not yet invited to the app instance. This has the current annoying thing, where if an admin wants to first try bitwarden on the Cloudron and does not restrict access during installation, the app will send out invites to all users. Since this is the default flow, I don't want to publish the app package like that. On the other hand I do see value in those invites being sent out at the point where the admin decides this app is good to be used.
                              To not delay any package release further, we could avoid this topic by packaging it first without ldap, but I wanted to collect some feedback on this here in the thread first. It would be great if you all could share your ideal flow regarding this and maybe explain the use-cases briefly.

                              Thanks! And even more thanks to @iamthefij for all the work done on the package already! 😄

                              W Offline
                              W Offline
                              will
                              wrote on last edited by
                              #213

                              @nebulon My view is if it does not have "full" ldap, ldap should be taken out and left up to the admin to manage by hand, such as it is with other apps, like Ghost, or Monica.

                              1 Reply Last reply
                              4
                              • nebulonN nebulon

                                Just to inform everyone here, today I've created a new gitlab project for this app package repo wise, based on @iamthefij version, however without relying on external dockerimages being mounted during app image building. The repo is at https://git.cloudron.io/cloudron/bitwardenrs

                                One thing I wanted to ask here is, how to deal with ldap sync. Generally this works currently by a cron job running every now and then, checking availalbe users on ldap and then will invite all users, which are not yet invited to the app instance. This has the current annoying thing, where if an admin wants to first try bitwarden on the Cloudron and does not restrict access during installation, the app will send out invites to all users. Since this is the default flow, I don't want to publish the app package like that. On the other hand I do see value in those invites being sent out at the point where the admin decides this app is good to be used.
                                To not delay any package release further, we could avoid this topic by packaging it first without ldap, but I wanted to collect some feedback on this here in the thread first. It would be great if you all could share your ideal flow regarding this and maybe explain the use-cases briefly.

                                Thanks! And even more thanks to @iamthefij for all the work done on the package already! 😄

                                iamthefijI Offline
                                iamthefijI Offline
                                iamthefij
                                App Dev
                                wrote on last edited by
                                #214

                                @nebulon yea, the best for Cloudron would be a way to silently invite so only ldap users could sign up. Maybe I’ll make that suggestion over at the main project.

                                I feel that would make a much better experience for users and admins here.

                                What I did was install it scoped to only my user and then expanded the users to a group later.

                                1 Reply Last reply
                                2
                                • nebulonN nebulon

                                  Just to inform everyone here, today I've created a new gitlab project for this app package repo wise, based on @iamthefij version, however without relying on external dockerimages being mounted during app image building. The repo is at https://git.cloudron.io/cloudron/bitwardenrs

                                  One thing I wanted to ask here is, how to deal with ldap sync. Generally this works currently by a cron job running every now and then, checking availalbe users on ldap and then will invite all users, which are not yet invited to the app instance. This has the current annoying thing, where if an admin wants to first try bitwarden on the Cloudron and does not restrict access during installation, the app will send out invites to all users. Since this is the default flow, I don't want to publish the app package like that. On the other hand I do see value in those invites being sent out at the point where the admin decides this app is good to be used.
                                  To not delay any package release further, we could avoid this topic by packaging it first without ldap, but I wanted to collect some feedback on this here in the thread first. It would be great if you all could share your ideal flow regarding this and maybe explain the use-cases briefly.

                                  Thanks! And even more thanks to @iamthefij for all the work done on the package already! 😄

                                  d19dotcaD Online
                                  d19dotcaD Online
                                  d19dotca
                                  wrote on last edited by
                                  #215

                                  @nebulon I'm not certain why this app would be unique in that when it's setup it just immediately sends out invites to everyone possible. Seems very strange to have it work that way.

                                  Not sure if it's possible, but I think my ideal vision of it is that when we select an LDAP group for authentication, it will allow those users access / send an invite once they attempt the first login from an allowed group, but otherwise it would not auto-invite anybody.

                                  And if that can't be done then I'd prefer it just be a manual invite or even "app managed" instead like Invoice Ninja or something where you don't need to have LDAP be the authenticator for the app and can manage it fully inside the app itself instead.

                                  Hopefully I didn't misunderstand the situation and question. 👼 haha

                                  --
                                  Dustin Dauncey
                                  www.d19.ca

                                  1 Reply Last reply
                                  0
                                  • nebulonN Offline
                                    nebulonN Offline
                                    nebulon
                                    Staff
                                    wrote on last edited by
                                    #216

                                    @d19dotca yes that would be nice to only send invites upon user login attempt, or even better to not send invites but just allow users in that LDAP group to signup normally. However currently this is not possible with the upstream app. So my suggestion is to polish the app package now without any LDAP, since it is confusing currently and just get it pulished. We can always add LDAP once the flow is more obvious and straightforwards.

                                    d19dotcaD 1 Reply Last reply
                                    5
                                    • nebulonN nebulon

                                      @d19dotca yes that would be nice to only send invites upon user login attempt, or even better to not send invites but just allow users in that LDAP group to signup normally. However currently this is not possible with the upstream app. So my suggestion is to polish the app package now without any LDAP, since it is confusing currently and just get it pulished. We can always add LDAP once the flow is more obvious and straightforwards.

                                      d19dotcaD Online
                                      d19dotcaD Online
                                      d19dotca
                                      wrote on last edited by
                                      #217

                                      @nebulon Ah okay, didn’t realize it was an app limitation rather than a packaging limitation. In that case then I would definitely prefer it be pushed without LDAP support (so app-managed) and we can add LDAP support at a later time when the app will allow a better workflow.

                                      --
                                      Dustin Dauncey
                                      www.d19.ca

                                      1 Reply Last reply
                                      0
                                      • nebulonN Offline
                                        nebulonN Offline
                                        nebulon
                                        Staff
                                        wrote on last edited by
                                        #218

                                        I will lock this thread as we have published the initial app package now: https://forum.cloudron.io/topic/2372/bitwarden_rs

                                        1 Reply Last reply
                                        3
                                        • girishG girish locked this topic on
                                        Reply
                                        • Reply as topic
                                        Log in to reply
                                        • Oldest to Newest
                                        • Newest to Oldest
                                        • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Bookmarks
                                          • Search