Docs

⌘K
  2. Home
  4. Docs
  6. Private: One Click Apps
  8. Vaultwarden (Bitwarden-compatible password Manager)

Vaultwarden (Bitwarden-compatible password Manager)

This document explains how Vaultwarden is deployed, accessed, and managed when installed as a One‑Click App on FlyWP.

What is Vaultwarden

Vaultwarden is a lightweight, open‑source, Bitwarden‑compatible password manager server. It supports all official Bitwarden clients while consuming significantly fewer resources than the official server.

FlyWP provides Vaultwarden as a one‑click deployment, handling installation, web server configuration, SSL, and environment variables automatically.

Deployment Overview

When you deploy Vaultwarden from Create Site → Deploy One Click App → Vaultwarden, FlyWP automatically:

  • Provisions Vaultwarden on the selected server
  • Assigns a temporary FlyWP subdomain
  • Configures NGINX and SSL
  • Generates a secure admin token
  • Exposes required environment variables

No manual Docker or system setup is required.

Default Access URLs

After deployment, two interfaces are available:

  • Vaultwarden User Interface
    https://<your-domain>/
  • Vaultwarden Admin Panel
    https://<your-domain>/admin

The admin panel is protected by an admin token.

Environment Variables

FlyWP configures Vaultwarden primarily through environment variables. These can be viewed and updated from:

Site → Environment

Default Variables

DOMAIN=https://your-domain
ADMIN_TOKEN=<generated-token>
SIGNUPS_ALLOWED=true

Variable Explanation

  • DOMAIN
    Public base URL of your Vaultwarden instance. Must match the site domain and protocol.
  • ADMIN_TOKEN
    Token required to access /admin. This is generated automatically during deployment.
  • SIGNUPS_ALLOWED
    Controls whether new users can self‑register.
    • true → anyone can sign up
    • false → only invited users can register

After changing environment variables, always click Update Environment.

Accessing the Admin Panel

  1. Visit:https://<your-domain>/admin
  2. Enter the ADMIN_TOKEN from the Environment page
  3. Click Enter

If the token is correct, you will be logged into the Vaultwarden Admin UI.

Admin Configuration Behavior

Important Note

Vaultwarden supports configuration via:

  • Environment variables (preferred)
  • Admin UI settings

Admin UI settings override environment variables once saved.

In the admin UI:

  • Overridden values are highlighted with a yellow background
  • Read‑only values can only be set via environment variables

Recommendation

  • Use environment variables for infrastructure‑level configuration
  • Avoid mixing the same settings between UI and environment variables

Common Admin Settings

From the Admin Panel you can configure:

  • User and organization management
  • Email / SMTP settings
  • 2FA policies
  • YubiKey and Duo integration
  • OpenID Connect (SSO)
  • Database backup
  • Diagnostic information

These settings are applied immediately after saving.

SSL & Security

  • SSL is enabled automatically via FlyWP
  • Admin panel is protected by token authentication
  • HTTPS is enforced if the domain supports SSL

Security Recommendations

  • Rotate the ADMIN_TOKEN after initial setup
  • Disable public signups once users are created
  • Use a custom domain instead of the default FlyWP subdomain
  • Enable SMTP and email verification

Managing the Vaultwarden Service

From the FlyWP dashboard:

  • Manage → Restart, stop, or redeploy the service
  • Logs → View application and error logs
  • NGINX Config → Advanced routing or headers (use cautiously)

Backup & Data Safety

Vaultwarden stores data in an internal database.

Available options:

  • Manual backup from Admin Panel → Backup Database
  • Server‑level backups via FlyWP (recommended)

Always test restores before relying on backups.

Troubleshooting

Cannot Access /admin

  • Ensure /admin is appended to the domain
  • Verify ADMIN_TOKEN is correct
  • Confirm the DOMAIN variable matches the URL

Changes Not Applying

  • Check if the setting is overridden in Admin UI
  • Restart the service after major config changes

Signup Not Working

  • Confirm SIGNUPS_ALLOWED=true
  • Check email/SMTP configuration

When to Use Vaultwarden on FlyWP

Vaultwarden One‑Click App is ideal for:

  • Personal password management
  • Small teams and startups
  • Self‑hosted security‑focused setups
  • Low‑resource servers

Not recommended for very large enterprises without custom scaling.

Summary

FlyWP’s Vaultwarden One‑Click App provides:

  • Fast deployment
  • Secure defaults
  • Minimal maintenance
  • Full Bitwarden client compatibility

Configuration should be done primarily through environment variables, with the admin UI used for operational control only.