Hardware-backed security
Protect your master key with a YubiKey, TPM, or hardware security module. Even if someone gets your server, they can't decrypt passwords without the hardware key.
Password manager for your team—works with Bitwarden apps.
Vaultwarden
Vaultwarden is a self-hosted password manager that works with all Bitwarden apps. Your passwords stay on your server, you control who has access, and it's way cheaper than Bitwarden's team plans.
Vaultwarden is an open-source project. We make it easier to deploy and manage, but all credit goes to the original developers. Learn more about the Vaultwarden project →
Store master keys on hardware security keys or TPM
Automatic backups that verify themselves
Enforce password policies and 2FA for your team
What you get
All the features you'd expect, plus the control and privacy of self-hosting.
See what's happening without seeing passwords
Admins can see who logged in and when, enforce 2FA and password rules, but never see actual passwords. Privacy for users, visibility for admins.
Updates without downtime
Apply updates from the portal with zero downtime. Rolling restarts keep your service online, and automatic rollback kicks in if health checks fail.
What's included
Built-in safety features
Login integration, automatic backups, and monitoring come included. Everything runs on your server; we handle the setup and give you clear guides for when things go wrong.
Unified authentication
Single sign-on across all apps using Auth0. Sign in with GitHub, email, or passkeys. One account, all your apps—no need to create separate passwords.
Backups that verify themselves
Nightly encrypted backups with signatures to prove they haven't been tampered with. Test restores weekly so you know backups work.
What to do if something goes wrong
Guides for handling credential leaks, suspicious activity, or emergency password resets. Written by people who've handled real incidents.
Resource requirements
Plan your deployment with these hardware requirements. All tiers include overhead for Docker and supporting services.
Light Resource Usage
Minimum Configuration
Good for testing and small-scale use
- CPU
- 1 core
- RAM
- 512MB
- Storage
- 5GB
- Capacity
- 1-10 users
Recommended
Production Configuration
Best performance and user experience
- CPU
- 2 cores
- RAM
- 1GB
- Storage
- 10GB
- Capacity
- 10-50 users
Important notes
- Extremely lightweight compared to official Bitwarden server
- Uses SQLite instead of MSSQL for efficient resource usage
- Actual memory usage typically around 30MB in operation
- Docker deployments require slightly more resources than bare metal
How it works
Here's how everything fits together. All the setup files are in the docs if you want to customize things.
How it's accessed
Automatic SSL certificates, secure connections through your private tunnel. Security headers protect against common attacks.
The application
Runs in a secure container with minimal permissions. Even if someone breaks in, they can't do much damage.
Where passwords are stored
PostgreSQL database with automatic backups. Can replicate to multiple servers if you need redundancy.
Get started in three steps
Use the portal to deploy your app, set it up, and start using it—all through your web browser.
01
Choose Vaultwarden
Navigate to the application catalog and select Vaultwarden. The portal guides you through initial configuration including database setup and encryption options.
02
Set up security
Configure master key protection through the portal's security settings. Options include hardware security modules, YubiKey, or TPM-backed storage.
03
Enable policies
Activate password health policies and MFA requirements from the policy management interface. Your vault is ready at {yourname}.unboundbytes.com/vaultwarden.
Common questions
Still have questions? Join our community chat or check out the support page for more help.
Is Bitwarden sync supported?
Yes. Vaultwarden remains protocol compatible with Bitwarden clients across desktop, web, and mobile.
How do emergency access and rotations work?
Define trusted contacts, rotation cadences, and automated notifications. Our runbooks guide you through emergency release.
Can we export audit logs?
All admin actions, logins, and policy events stream to your SIEM with structured JSON for long-term retention.
Learn more
Check out the docs, upstream projects, and support channels.