How to setup Vaultwarden on Podman

Running Vaultwarden in a Podmand container, creating a systemd config and running it using systemctl.

Why Vaultwarden?

Vaultwarden is an alternative implementation of Bitwarden server, written in Rust. It works with the official Bitwarden clients and works great self hosted. It’s super lightweight compared to the Bitwarden version.

Why Podman?

Podman is an open-source, daemon-less, Linux-native tool to run containers. It works perfectly with systemd. Because of its daemon-less nature, it allows running containers under an arbitrary user.

Install Podman

See below for Ubuntu 20.10 and newer, for other distros take a look here.

sudo apt-get update
sudo apt-get -y install podman

Setup Vaultwarden

I was migrating from a Docker container for this install, so my ADMIN_TOKEN was already set and available in the config.json file in the prexisting root data directory.

If you are doing this for the first time, you can use the snippet below to generate one.

echo -n "MySecretPassword" | argon2 "$(openssl rand -base64 48)" -e -id -k 19456 -t 2 -p 1
# Create data directory
sudo mkdir /vaultwarden-data

# Create the image
sudo podman pull docker.io/vaultwarden/server:latest

# Run the pod 🚀
sudo podman run -d --name vaultwarden.pod -e ADMIN_TOKEN=<token-goes-here> -v /vaultwarden-data/:/data/ -p 8000:80 docker.io/vaultwarden/server:latest

Create a Systemd service

Keep things tidy by adding .pod suffix.

# Create service file 
sudo touch /etc/systemd/system/vaultwarden.pod.service

Populate it with the following:

[Unit]
Description=Vaultwarden/Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/vaultwarden
Wants=syslog.service

[Service]
Environment="SIGNUPS_ALLOWED=true" # false if migrating  
Restart=on-failure
ExecStart=/usr/bin/podman start -a vaultwarden.pod
ExecStop=/usr/bin/podman stop vaultwarden.pod

[Install]
WantedBy=multi-user.target

Reload the daemon: console sudo systemctl daemon-reload

Now check the status:

sudo systemctl status vaultwarden.pod

● vaultwarden.pod.service - Vaultwarden/Bitwarden Server (Rust Edition)
     Loaded: loaded (/etc/systemd/system/vaultwarden.pod.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-12-05 20:10:19 UTC; 20h ago
       Docs: https://github.com/dani-garcia/vaultwarden
   Main PID: 2079 (podman)
      Tasks: 12 (limit: 18836)
     Memory: 14.5M
        CPU: 4min 52.215s
     CGroup: /system.slice/vaultwarden.pod.service

Don’t forget to enable to service (otherwise it won’t start on boot).

sudo systemctl enable vaultwarden.pod

# start and stop like so
sudo systemctl stop vaultwarden.pod
sudo systemctl start vaultwarden.pod

And you are done!

Dec 5, 2023