Vaultwarden

Self-hosted Bitwarden-compatible password manager. Vaultwarden is a lightweight, Rust-based implementation of the Bitwarden server API, compatible with all official Bitwarden clients.

Key Features

• Bitwarden compatible — Works with all official Bitwarden apps and browser extensions
• Lightweight — Minimal resource footprint compared to the official Bitwarden server
• Database backends — SQLite, PostgreSQL, or MySQL
• Admin panel — Optional web-based administration interface
• Ingress support — Configurable with ingressClassName and TLS
• Security hardening — Network policies, non-root containers, pod security
• Persistent storage — Data and attachment persistence

Installation

HTTPS repository:

helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm install my-vault helmforge/vaultwarden

OCI registry:

helm install my-vault oci://ghcr.io/helmforgedev/helm/vaultwarden

Basic Example

# values.yaml
domain: "https://vault.example.com"

admin:
  enabled: true
  token: "my-admin-token"

ingress:
  enabled: true
  ingressClassName: traefik
  hosts:
    - host: vault.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: vaultwarden-tls
      hosts:
        - vault.example.com

persistence:
  enabled: true
  size: 10Gi

External Database Example

domain: "https://vault.example.com"

database:
  type: postgresql
  host: postgresql.database.svc
  port: 5432
  name: vaultwarden
  username: vaultwarden
  password: "db-password"

persistence:
  enabled: true
  size: 5Gi

ingress:
  enabled: true
  ingressClassName: traefik
  hosts:
    - host: vault.example.com
      paths:
        - path: /
          pathType: Prefix

Key Values

More Information

See the source code and full values reference on GitHub.