Vaultwarden warnings
-
There's also this warning in the logs (and also in the admin UI):
2023-05-02T07:56:43.000Z Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`. 2023-05-02T07:56:43.000Z See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token 2023-05-02T07:56:43.000Z [2023-05-02 07:56:43.903][vaultwarden::api::notifications][INFO] Starting WebSockets server on 0.0.0.0:3012 2023-05-02T07:56:43.000Z [2023-05-02 07:56:43.905][start][INFO] Rocket has launched from http://127.0.0.1:3000 2023-05-02T07:56:43.000Z [INFO] Using saved config from `/app/data/config.json` for configuration. 2023-05-02T07:56:43.000Z [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.Important note:
- The admin UI in
/adminprovides a way to change the password. But this simply stores the password in plain text inconfig.json. So, the warning does not go away by changing the password in the Admin UI.
To fix this:
- Open a Web terminal and run
/app/code/vaultwarden hash
# /app/code/vaultwarden hash Generate an Argon2id PHC string using the 'bitwarden' preset: Password: Confirm Password: ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$RCpl3a+FItyn4KBJVAtZ+EyP9+fK0hoRqqo9jEdyRJE$d7UfKfZYsZJad6OIKpzPtO2o2ccLkrHjEi5jXdWWkO0' Generation of the Argon2id PHC string took: 471.497904ms-
Take that above token and put it in
config.jsonin the fieldadmin_token. Important: remove the single quote around the argon2id string above. JSON does not require it. -
Restart the app and verify if token actually changed.
- The admin UI in
-
B Bytepartner referenced this topic on
-
Added some of this info to the Cloudron docs (i.e. merge request).
Note (as I struggled to login): The token to enter in the admin login page is NOT the generated argon token but the password you used to generate the token. -
@necrevistonnezr thanks, its merged and public https://docs.cloudron.io/apps/vaultwarden/#admin
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on
-
It should be noted that inputting the data incorrectly (I did this on accident) will cause vaultwarden to completely delete the config.json contents in an error.
-
@girish Maybe it was an issue I caused, but what I did was:
- Login to my cloudron
- Go to Vaultwarden app
- Launch file explorer
- edit config.json to put in hash, but left out all quotes (double and single) for the admin_token variable
Like This:
{ ...... "admin_token": PretendIAmAHash, "disable_admin_token": false, ...... }- Restart the app
- config.json was then COMPLETELY blank (as if Vaultwarden removed all the config due to a bad admin-hash??)
I was able to recover from a previous backup, but others may not be so lucky.
-
@necrevistonnezr thanks, its merged and public https://docs.cloudron.io/apps/vaultwarden/#admin
@nebulon said in Vaultwarden warnings:
@necrevistonnezr thanks, its merged and public https://docs.cloudron.io/apps/vaultwarden/#admin
Thanks, but these instructions don't work for me
They say:
Therefore, open a web terminal and run
# app/code/vaultwarden hash Generate an Argon2id PHC string using the 'bitwarden' preset: Password: Confirm Password:But in my web terminal for my Vaultwarden I can't get to
app/code/vaultwardenand runninghashinapp/code/just results inhash: hash table emptyI also tried typing
app/code/vaultwarden hashbut that didn't work either, just resulted inbash: app/code/vaultwarden: No such file or directoryAnd after looking at https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token I also tried just typing
vaultwarden hashbut that just results inbash: vaultwarden: command not foundHelp!
-
@nebulon said in Vaultwarden warnings:
@necrevistonnezr thanks, its merged and public https://docs.cloudron.io/apps/vaultwarden/#admin
Thanks, but these instructions don't work for me
They say:
Therefore, open a web terminal and run
# app/code/vaultwarden hash Generate an Argon2id PHC string using the 'bitwarden' preset: Password: Confirm Password:But in my web terminal for my Vaultwarden I can't get to
app/code/vaultwardenand runninghashinapp/code/just results inhash: hash table emptyI also tried typing
app/code/vaultwarden hashbut that didn't work either, just resulted inbash: app/code/vaultwarden: No such file or directoryAnd after looking at https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token I also tried just typing
vaultwarden hashbut that just results inbash: vaultwarden: command not foundHelp!
@jdaviescoates Just to confirm, cause it's not in your post, you need to run
/app/code/vaultwardennotapp/code/vaultwarden; Linux is VERY particular about file paths lol make sure you have the prefixed/as it is needed to produce a "full path" to the vaultwarden binary.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@jdaviescoates Just to confirm, cause it's not in your post, you need to run
/app/code/vaultwardennotapp/code/vaultwarden; Linux is VERY particular about file paths lol make sure you have the prefixed/as it is needed to produce a "full path" to the vaultwarden binary.@murgero said in Vaultwarden warnings:
@jdaviescoates Just to confirm, cause it's not in your post, you need to run
/app/code/vaultwardennotapp/code/vaultwarden; Linux is VERY particular about file paths lol make sure you have the prefixed/as it is needed to produce a "full path" to the vaultwarden binary.That was it, thank you!
@staff that all important
/at the beginning is missing from the docs! -
@necrevistonnezr thanks! I would've submitted a PR myself but I had to dash out to collect my children from school
