install bitwaden on raspberry pi

Install Bitwarden on Raspberry Pi: The ultimate guide

Bitwarden is an open-source password manager. Like other alternatives, you can use it for free by hosting your passwords on their servers, but you can also self-host it on your own server, like a Raspberry Pi running at home. That’s the project I’ll try with you today throughout this article.

Bitwarden can be installed on a Raspberry Pi by using a docker container named Vaultwarden. This is a lighter and easier alternative to the official method. Using Bitwarden this way is safe if you use HTTPS, port redirection, or a VPN and create backups of the Raspberry Pi.

I’ll guide you from the beginning to the end, making sure everything is working and safe. It’s a medium to long project, so stay focus and follow all the steps.

If you’re looking to quickly progress on Raspberry Pi, you can check out my e-book here. It’s a 30-day challenge where you learn one new thing every day until you become a Raspberry Pi expert. The first third of the book teaches you the basics, but the following chapters include projects you can try on your own.

Can Bitwarden run on a Raspberry Pi?

Bitwarden can absolutely run on a Raspberry Pi. The application is not optimized for a small server like the Raspberry Pi, but Docker containers are available to help it run smoothly, even on this limited device.

Is it mandatory to use Docker to run Bitwarden on Raspberry Pi?

Using Docker is not the only way to host Bitwarden on a Raspberry Pi, but it’s the easiest and lightest way to do it. The installation is already complicated enough with Docker to avoid using the source code directly. It will also run faster with Docker than the original service.

As explained in my complete guide about Docker, I’m generally not a big fan of Docker for small projects, as I prefer to keep control of everything on my system. Docker is often the default option nowadays, but I find it adds a level of complexity that is generally not needed for most projects.

But Bitwarden is one project where I really think using Docker is better. We will avoid most security issues, conflicts and installation steps by using a Docker container created on the Raspberry Pi. That’s why I’m choosing this solution for this tutorial, even if it’s not the only option.

What do you need to run Bitwarden on Raspberry Pi?

I did this tutorial on a Raspberry Pi 4 (4 GB), running Raspberry Pi OS Lite (64-bits) with a small USB drive.

Basically, you don’t need anything special, as it looks like it’s not taking a lot of disk space and the app runs smoothly on a Raspberry Pi 4. Here is what I recommend getting started:

  • A Raspberry Pi 4: If you can get one, you’ll stop wondering if your device is powerful enough for all projects. A Raspberry Pi 4 works fine for all of them. You can probably try this one with a Raspberry Pi 3B+ or a Pi Zero 2, but a Pi 4 is the best choice.
  • This USB key: As stated several times on this website, I’m no longer using SD cards. USB keys are easier to manage and often faster to flash / boot. I got a bunch of this model, and I use them all the time. 32 GB should be enough for this project. If you prefer an SD card, here is the fastest one according to my benchmarks.
  • A decent cooling system: Bitwarden will run 24/24. With a Raspberry Pi 4, it’s a good idea to have a passive cooling system like this case, which is my favorite currently (and it’s really cheap).

That’s it, nothing fancy as you can see, and I’ll also use the official Raspberry Pi system for this project. It should work even if you already have a few things installed on it.

Prepare your Raspberry Pi to host Bitwarden

Once the hardware is ready, here are the first steps to prepare your Raspberry Pi system:

  • Install Raspberry Pi OS (other Debian-like systems should work fine too).
  • Complete any system updates.
  • Enable SSH and find your device’s IP address.
  • Install Docker.

If this is overwhelming, don’t worry. I’ll explain each step in detail.

System installation

As I told you, I tested this with Raspberry Pi OS Lite (64-bit). If you’ll only run Bitwarden on this device, it’s perfect. You don’t need a desktop environment, the system will be faster.

If you intend to run other projects, choose the system version accordingly. The 64-bit version is not mandatory, so if you’ll install other things, the 32-bit version is probably a safer choice, as not everything is available yet for the 64-bit system (read this to know the differences between 32 and 64 bits).

Feel free to install a desktop environment or use other alternatives if you want (Ubuntu, DietPi, etc). We’ll mainly use Docker, so it should work the same way on most distributions.

raspberry pi imager manual
  • Plug your SD card or USB drive to your computer.
  • Install Raspberry Pi Imager if you don’t have it yet, and start the application.
    If you don’t have a computer, you can now use the network boot to do everything on the Raspberry Pi directly.
  • Choose the distribution by clicking on “Choose OS”.
  • Select your media by clicking on “Choose SD card”.
  • Then, click on “Write” to start the installation.

Once done, plug your SD card or USB key to the Raspberry Pi and start it.
Follow the next steps to prepare your system to use Bitwarden on it.

If you are not used to this procedure, you can read my complete guide on how to install Raspberry Pi OS here. It will explain each step in more detail.

Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

System configuration

On the first boot, you’ll need to create the first user and password. You’ll also get a wizard for the initial configuration (localization, keyboard layout, etc.), it should be straightforward.
Check the previous link if you need a more step-by-step guide to configure all of this.

Before going any further, I recommend enabling SSH (so you can do everything from your computer, like copying and pasting the commands that I’ll give you later), and taking note of the Raspberry Pi IP address, as you’ll need it later.

SSH is a network protocol that you can use to control your Raspberry Pi remotely (more about this here).
To enable SSH:

  • Open a terminal or just log in if you use the Lite version.
  • Start raspi-config with:
    sudo raspi-config
  • Go to Interfaces > SSH and confirm to enable it.

That’s it.
You can now get your IP address with this command:
ip a
You should get something like:

It will be under “eth0” if you use a network cable, or “wlan0” for a Wi-Fi connection.
Find your IP address and remember it, you’ll need it in the following steps.

Are you a bit lost in the Linux command line? Check this article first for the most important commands to remember and a free downloadable cheat sheet so you can have the commands at your fingertips.

System updates

If you just installed your system, the welcome wizard probably did it for you, but it’s always good practice to do the system updates before starting a project.
So, just to make sure, run these commands:
sudo apt update
sudo apt upgrade

If updates are available, install them before going further. Even if you lose a few minutes there, it will avoid any potential issues in the next steps.

Docker installation

The last requirement is to install Docker on your Raspberry Pi, as we’ll run Bitwarden in a Docker container. I have a complete guide explaining everything about Docker. I recommend reading it if you are not used to it.

But anyway, here are the commands you need to get Docker on your Raspberry Pi:
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER

Once installed, make sure it’s working by running:
docker ps

It should show an empty table like this:

If you get an error, fix it before going further.

How to host Bitwarden on Raspberry Pi?

Once the system is ready, we can now start installing Bitwarden on the Raspberry Pi.

Here are the main steps to install Bitwarden on a Raspberry Pi:

  • Download and run the Vaultwarden Docker container.
  • Test the HTTP interface.
  • Enable HTTPS.
  • Install apps or browser extensions to use Bitwarden on all your devices.

Let’s learn how to do this step-by-step.

Find the best Docker container

Several Docker containers are available to run Bitwarden on a Raspberry Pi, but most of them are no longer supported and recommend using the Vaultwarden server. That’s the one I used and it works well, so you should probably use the same one:

Here is their page on the Docker hub website if you want more detail about the project.

Install the Vaultwarden container

Once the project is chosen, we can install it like any Docker container, with:
docker pull vaultwarden/server:latest

Then, you can start the container with:
docker run -d --name vaultwarden -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest

It will start with HTTP only, which is absolutely not a good idea for hosting a password manager, but at least we can check that everything works.

The basic test of Bitwarden with HTTP

From your computer, type the Raspberry Pi address you noted earlier in your web browser, probably something like:
http://192.168.1.X
Or in my case:
http://192.168.222.15

If it’s working correctly, you should get this login form:

Don’t do anything there for now, as we first need to enable HTTPS (It won’t work with HTTP anyway).
If you don’t get this page, you know that you made a mistake somewhere, and have to double-check the previous steps to make sure you didn’t miss anything.

Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

Bitwarden on Raspberry Pi: Enable HTTPS

With most home projects, I won’t enable HTTPS. This is not a good practice, but I often find it too complicated, especially on a small local network. And in most cases, it’s not a big deal if you have low security for basic projects like home automation, media servers, or things like that.

But a password manager server is an entirely different thing. If you store all your passwords on your Raspberry Pi, and somehow, someone is listening on your network and gets the Bitwarden master password, you are screwed. All your logins and passwords can be stolen.

Anyway, I don’t think you have a choice, if I remember well Bitwarden doesn’t work in HTTP, which is a good thing. Enabling HTTPS is a bit complicated, especially if it’s your first time, but it’s mandatory and I’ll explain everything in detail.

Two solutions: Use a domain name or generate your own certificates

The best way to enable HTTPS is to get a domain name, redirect it to your server, and generate (or buy) an SSL certificate for this domain. Then, you add the SSL certificate to the web server configuration to secure the connections.

Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

Another option could be to generate the SSL certificate yourself on the Raspberry Pi (by using openssl), associating it with your Raspberry Pi IP address or hostname, and then adding it to the trusted certificates on your computer.

This could be easier for many projects where you only use one computer to access the web interface, but I don’t think it’s a good idea for a password manager. I’m guessing you’ll install Bitwarden on your computer, but also on your smartphone, tablet, and maybe other devices.

That’s why I decided to use a domain name for this project. Don’t worry, there are free options, and I’ll explain how to do it.

Redirect the domain name to your IP address

I don’t have a static public IP address, so I’m using No-IP services to redirect a custom domain name to my current IP address. Basically, they give you a subdomain (like yourname.hoto.org), and software that will regularly update your current IP on their DNS server.

I explain everything about No-IP in this article if you are interested (especially how to set up the software part on Raspberry Pi).

The alternative, if you have a static IP address, is to get a real domain name (like yourname.com) by using GoDaddy or a similar company to buy it. You can then configure the DNS zones to redirect the domain (or a subdomain) to your IP address.

Either way, it’s important to make sure you have a domain name redirecting to your current IP address before moving forward. You can’t generate a free SSL certificate without doing this first.

Port forwarding

In most cases, re-directing the domain or subdomain to your IP address to get access to the Bitwarden login page from outside your network. You’ll need to configure your Internet router to redirect inbound requests to the Raspberry Pi local IP address (192.168.X.Y).

This will be a different procedure for each router, so I can’t explain exactly how to do it on your network, but if you look for “port forwarding” in your router documentation, you’ll easily find the instructions.

On my router, I have to go to the Advanced mode, and then find the NAT/PAT section, where I can redirect an external port (I chose 4443) to an internal port and IP address (443 and 192.168.222.15 in my case). You also need to redirect port 80 temporarily to generate the SSL certificate in the next step.

So, basically, my NAT configuration is:

ServiceExternal PortInternal IPInternal Port
Bitwarden HTTPS4443192.168.222.15443
Bitwarden HTTP80192.168.222.1580

Do something similar on your router, and make sure it works from outside your network before moving forward. You can test it by disabling the Wi-Fi on your smartphone, and trying to access the HTTP login form with your domain name, for example:
http://yourname.hopto.org

Note: I prefer not to use the default port when I do port forwarding. I know many guys are scanning default ports like 80 and 443 to find breaches. I just hope to avoid their scripts when doing this. I know it’s not perfect, but it’s already that.

If you get the login form, everything is ready to generate the SSL certificate and switch to HTTPS.
If not, check the previous steps and linked articles to make sure you did everything correctly.

Generate a certificate with Certbot

We are almost there! We’ll now use the free Let’s Encrypt service to create an SSL certificate that will be valid and recognized in any web browser.

First, stop the Vaultwarden container to avoid any conflict:
docker stop [ID]
You can find the ID at the end of the “start” command, or with:
docker ps

Then, install Certbot, it’s the app from Let’s Encrypt that we’ll use to generate the certificate:
sudo apt install certbot

Once done, use the following command to generate the certificate:
sudo certbot certonly -d yourdomain.com
Follow the wizard to create the certificate. Choose to spin up a temporary web server (as we don’t have any if you started this from scratch), and it should work. You’ll get the certificate and key locations on your screen, remember this.

Use Rocket to run Bitwarden with HTTPS

There are several ways to use Bitwarden with HTTPS. I first thought of using a proxy with Nginx to redirect port 443 to the container running in HTTP. But in fact, they give us a better and easier way on the Vaultwarden page: you can use “Rocket” directly once your certificate is generated.

So, I just copied my certificate files to a new folder:
sudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /ssl/keys/certs.pem
sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /ssl/keys/key.pem

And then started the container with a few more parameters, to use HTTPS instead of HTTP, and tell it where to find my certificate:
docker run -d -e ROCKET_TLS='{certs="/ssl/certs.pem",key="/ssl/key.pem"}' -v /ssl/keys/:/ssl/ -v /vw-data/:/data/ -p 443:80 vaultwarden/server:latest

From there, Bitwarden is now accessible via HTTPS, with the domain name you chose and the port your defined on your router. In my case, it’s:
https://yourdomain.com:4443

Testing HTTPS

To make sure it’s working, you can use your phone again (make sure to be disconnected from your house Wi-Fi), and use the previous URL to access Bitwarden.

If everything is set up correctly, you should get the same login form, but this time with the HTTPS lock enabled on your browser:

Good job! You did the hard part, the server is ready to use. We just have to create an account and configure the other devices (clients) to use your self-hosted Bitwarden server from anywhere.

Download Your Essential Linux Commands Guide!
It's a free PDF guide containing every Raspberry Pi Linux command you should know!
Download now

🛠 This tutorial doesn't work anymore? Report the issue here, so that I can update it!

Reminder: Remember that all the members of my community get access to this website without ads, exclusive courses and much more. You can become part of this community for as little as $5 per month & get all the benefits immediately.

Use self-hosted Bitwarden on Raspberry Pi

Using a self-hosted version of Bitwarden is then not very different from their cloud plans. And there is also nothing different with hosting it on a Raspberry Pi instead of any other kind of computer or server.
But let’s take a moment anyway to explain the first steps to using your new Bitwarden server.

Create an account on the Bitwarden server

You have access to the login form via HTTPS, so you can now use this form to create a new account. This account will be created on the Raspberry Pi only, so even if you already have a Bitwarden account, you need to create one there.

That’s one of the benefits of using a self-hosted version of Bitwarden, everything stays on your server (your vault with all the usernames and passwords, but also the master account).

Once the account is created, make sure you can log in. You should get access to your vault, which is empty for now, it looks like that:

You can add and upload items manually, but the most convenient way to use Bitwarden is to install their apps or extensions on all your devices.

Install the Bitwarden apps on your devices and web browsers

Bitwarden is available as a Desktop application for Windows, macOS, and Linux. There are also extensions available for almost all web browsers (Chrome, Firefox, Opera, Brave, etc.) and mobile apps for Android and iOS.

In fact, there are so many ways to use Bitwarden, that even on exotic systems you should be able to find a way to use it. You can even use it via the command line if you like.

Download the corresponding app or extension here for all the devices you want to use Bitwarden with.
Once the app or extension is installed, it will ask you to log in. But as you use a self-hosted environment, there is one additional step, you need to specify your server URL in the settings:

By default, Bitwarden tries to connect to their cloud servers, so it won’t work. Once your custom URL is set up, you should be able to log in with the account you created earlier. From there, Bitwarden works like any password manager. Each time you log in to a new website, it will ask you if you want to save the password in your vault, with a message looking like this:

Click Save, and the password will be stored on your Raspberry Pi. Everything is safe and encrypted, as long as you are using HTTPS and nobody gets your master password.

That’s it, you are now using a password manager that you have full control over. Bitwarden is installed on your Raspberry Pi, and all your devices are connecting to it to save your password and fill out the login forms automatically.

💰 Make Money Sharing Your Raspberry Pi Expertise!
Help others navigate the world of Raspberry Pi with your insights.
Become a RaspberryTips Contributor!

Local network usage

One last quick tip before wrapping up, as your domain name probably won’t work when you are on the same network as your Raspberry Pi. When your computer asks for the IP address corresponding to the domain name, it returns your public IP address, and routers are generally not doing the port forwarding stuff for the local computers.

There are several ways to handle this.
The best way is probably to add the domain name to your local network DNS server (maybe it’s your router), to tell it to redirect to the local IP address (192.168.X.Y) instead of the public IP address.

But an easier way, if you only have one computer, might be to add this domain name to your “hosts” file.
On Linux, it is under /etc/hosts, and on Windows, it’s under C:\Windows\system32\drivers\etc\hosts.
Add this line at the end:
192.168.X.Y yourdomain.com
Replacing the IP address with the one from your Raspberry Pi, and the domain name you generated the SSL certificate for.
Something like:

After doing this, Bitwarden should work from your computer.
Repeat these steps on all computers if needed. But if you want to use Bitwarden on your phone, adding an entry on your DNS server is a better idea (or you’ll add to disconnect your phone from your Wi-Fi).

Once the initial setup is done, I highly recommend reading the official documentation before going further, to learn more about security and also on how to back up your Raspberry Pi.
If your Raspberry Pi is corrupted and won’t boot anymore, you’ll lose all your passwords.
In this case, I would try to do a complete backup of your SD card / USB key at least once a month (and test it to make sure it works).

I liked testing this project for you, I hope this tutorial will be useful. Feel free to leave a comment in the community if you have any feedback or suggestion about this.

Whenever you’re ready, here are other ways I can help you:

The RaspberryTips Community: If you want to hang out with me and other Raspberry Pi fans, you can join the community. I share exclusive tutorials and behind-the-scenes content there. Premium members can also visit the website without ads.

Master your Raspberry Pi in 30 days: If you are looking for the best tips to become an expert on Raspberry Pi, this book is for you. Learn useful Linux skills and practice multiple projects with step-by-step guides.

The Raspberry Pi Bootcamp: Understand everything about the Raspberry Pi, stop searching for help all the time, and finally enjoy completing your projects.

Master Python on Raspberry Pi: Create, understand, and improve any Python script for your Raspberry Pi. Learn the essentials step-by-step without losing time understanding useless concepts.

You can also find all my recommendations for tools and hardware on this page.

Similar Posts

One Comment

  1. Hi there, thanks for the guide. I got it working on my pi, but it took me quite a while.

    There seems to be a bug with the docker container vaultwarden/server:latest

    For everyone else having a problem starting it, try this one:

    vaultwarden/server:alpine

Comments are closed.