How to setup Vaultwarden on Podman
Running Vaultwarden in a Podmand container, creating a systemd config and running it using systemctl.
Why Vaultwarden?
Vaultwarden is an alternative implementation of Bitwarden server, written in Rust. It works with the official Bitwarden clients and works great self hosted. It’s super lightweight compared to the Bitwarden version.
Why Podman?
Podman is an open-source, daemon-less, Linux-native tool to run containers. It works perfectly with systemd. Because of its daemon-less nature, it allows running containers under an arbitrary user.
Install Podman
See below for Ubuntu 20.10 and newer, for other distros take a look here.
sudo apt-get update
sudo apt-get -y install podman
Setup Vaultwarden
I was migrating from a Docker container for this install, so my ADMIN_TOKEN was already set and available in the config.json file in the prexisting root data directory.
If you are doing this for the first time, you can use the snippet below to generate one.
echo -n "MySecretPassword" | argon2 "$(openssl rand -base64 48)" -e -id -k 19456 -t 2 -p 1
# Create data directory
sudo mkdir /vaultwarden-data
# Create the image
sudo podman pull docker.io/vaultwarden/server:latest
# Run the pod 🚀
sudo podman run -d --name vaultwarden.pod -e ADMIN_TOKEN=<token-goes-here> -v /vaultwarden-data/:/data/ -p 8000:80 docker.io/vaultwarden/server:latest
Create a Systemd service
Keep things tidy by adding .pod
suffix.
# Create service file
sudo touch /etc/systemd/system/vaultwarden.pod.service
Populate it with the following:
[Unit]
Description=Vaultwarden/Bitwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/vaultwarden
Wants=syslog.service
[Service]
Environment="SIGNUPS_ALLOWED=true" # false if migrating
Restart=on-failure
ExecStart=/usr/bin/podman start -a vaultwarden.pod
ExecStop=/usr/bin/podman stop vaultwarden.pod
[Install]
WantedBy=multi-user.target
Reload the daemon:
console
sudo systemctl daemon-reload
Now check the status:
sudo systemctl status vaultwarden.pod
● vaultwarden.pod.service - Vaultwarden/Bitwarden Server (Rust Edition)
Loaded: loaded (/etc/systemd/system/vaultwarden.pod.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-12-05 20:10:19 UTC; 20h ago
Docs: https://github.com/dani-garcia/vaultwarden
Main PID: 2079 (podman)
Tasks: 12 (limit: 18836)
Memory: 14.5M
CPU: 4min 52.215s
CGroup: /system.slice/vaultwarden.pod.service
Don’t forget to enable to service (otherwise it won’t start on boot).
sudo systemctl enable vaultwarden.pod
# start and stop like so
sudo systemctl stop vaultwarden.pod
sudo systemctl start vaultwarden.pod
And you are done!
DEC 5, 2023
Page 3 of 4