Install Bitwarden on Raspberry Pi: The Ultimate Guide

I kept hearing about Bitwarden on Raspberry Pi, so I finally decided to try it myself. If you’re interested in using your own password manager (without handing everything over to a third party), this is a really cool project to try. I’ll show you exactly how I set it up.

Bitwarden can be installed on a Raspberry Pi by using a Docker container named Vaultwarden. This is a lighter and easier alternative to the official method. Using Bitwarden this way is safe if you use HTTPS, port redirection, or a VPN and create backups of the Raspberry Pi.

I’ll guide you from start to finish, making sure everything is working and safe. This project might be more challenging than usual (because of the Docker setup and security steps), so stay focused and follow all the steps.

If you’re new to Raspberry Pi or Linux, I’ve got something that can help you right away!
Download my free Linux commands cheat sheet – it’s a quick reference guide with all the essential commands you’ll need to get things done on your Raspberry Pi. Click here to get it for free!

Can Bitwarden Run on a Raspberry Pi?

Bitwarden can absolutely run on a Raspberry Pi. The application is not optimized for a small server like the Raspberry Pi, but Docker containers are available to help it run smoothly, even on this limited device.

Is Docker Required to Run Bitwarden on Raspberry Pi?

Using Docker is not the only way to host Bitwarden on a Raspberry Pi, but it’s the easiest and lightest way to do it. The installation is already complicated enough with Docker to avoid using the source code directly. It will also run faster with Docker than the original service.

As explained in my complete guide about Docker, I’m generally not a big fan of Docker for small projects, as I prefer to keep control of everything on my system. I find that Docker adds a level of complexity that is generally not needed for most projects.

But Bitwarden is one project where I really think using Docker is better. It lets you avoid most security issues, conflicts, and installation steps by using a Docker container on the Raspberry Pi. That’s why I’m choosing this solution for this tutorial, even if it’s not the only option.

What Do You Need to Run Bitwarden on Raspberry Pi?

I did this tutorial on a Raspberry Pi 4 (4 GB), running Raspberry Pi OS Lite (64-bit) on a small USB drive.

Basically, you don’t need anything special, as it looks like it’s not taking a lot of disk space and the app runs smoothly on a Raspberry Pi 4. Here’s what I recommend to get started:

• A Raspberry Pi 4 – If you can get one, you’ll stop wondering if your device is powerful enough for all projects. A Raspberry Pi 4 works fine for all of them. You can probably try this one with a Raspberry Pi 3B+ or a Pi Zero 2, but a Pi 4 is the best choice.
• This USB key – USB keys are easier to manage and often faster to flash / boot. I got a bunch of this model, and I use them all the time. 32 GB should be enough for this project. If you prefer an SD card, here is the fastest one according to my benchmarks.
• A decent cooling system – Bitwarden will be running 24/7. With a Raspberry Pi 4, it’s a good idea to have a passive cooling system like this case, which is my favorite currently (and it’s really cheap).

That’s it, nothing fancy as you can see, and I’ll also use the official Raspberry Pi system for this project. It should work even if you already have a few things installed on it.

Prepare Your Raspberry Pi to Host Bitwarden

Once the hardware is ready, here are the first steps to prepare your Raspberry Pi:

• Install Raspberry Pi OS (other Debian-like distros should work fine too).
• Update the system.
• Enable SSH and find your device’s IP address.
• Install Docker.

If this is overwhelming, don’t worry. I’ll explain each step in detail.

System Installation

As I mentioned, I tested this with Raspberry Pi OS Lite (64-bit). If you’ll only run Bitwarden on this device, it’s perfect. You don’t need a desktop environment, the system will be faster. The 64-bit version is not required, so read this to know the difference between 32 and 64 bits.

Feel free to install a desktop environment or use other alternatives if you want (Ubuntu, DietPi, etc). We’ll mainly use Docker, so it should work the same way on most distributions.

Here’s a quick rundown of how to prepare your system:

• Install Raspberry Pi OS using Raspberry Pi Imager.
  If you are not used to this procedure, you can read my complete guide on how to install Raspberry Pi OS here. It will explain each step in more detail.
• Boot your Raspberry Pi with your new system.
• Update your system:
  sudo apt update
sudo apt upgrade

System Configuration

On the first boot, you’ll need to create the first user and password. You’ll also get a wizard for the initial configuration (localization, keyboard layout, etc.), it should be straightforward.
Check the previous link if you need a more step-by-step guide to configure all of this.

Before going any further, I recommend enabling SSH (so you can do everything from your computer, like copying and pasting the commands that I’ll give you later), and taking note of the Raspberry Pi IP address, as you’ll need it later.

SSH is a network protocol that you can use to control your Raspberry Pi remotely (more about this here).
To enable SSH:

• Open a terminal or just log in if you use the Lite version.
• Start raspi-config with:
  sudo raspi-config
• Go to Interfaces > SSH and confirm to enable it.

That’s it.
You can now get your IP address with this command:
ip a
You should get something like:

It will be under “eth0” if you use a network cable, or “wlan0” for a Wi-Fi connection.
Find your IP address and remember it, you’ll need it in the following steps.

Tip: Command lines can be a pain to memorize. I put the essential Linux commands on a printable cheat sheet so you don't have to keep googling them. You can grab the PDF here if you want to save some time.

Docker Installation

The last requirement is to install Docker on your Raspberry Pi, as we’ll run Bitwarden in a Docker container. I have a complete guide explaining everything about Docker. I recommend reading it if you are not used to it.

But anyway, here are the commands you need to get Docker on your Raspberry Pi:

• Install the latest version of Docker using the official script:
  curl -sSL https://get.docker.com | sh
• Add your user to the docker group:
  sudo usermod -aG docker $USER
• Logout:
  logout

Once you log back in, make sure it’s working by running:
docker ps

It should show an empty table like this:

How to Host Bitwarden on Raspberry Pi

Now that your system is ready, we can start installing Bitwarden on your Raspberry Pi.

Here are the main steps to install Bitwarden on a Raspberry Pi:

• Download and run the Vaultwarden container.
• Test the HTTP interface.
• Enable HTTPS.
• Install apps or browser extensions to use Bitwarden on all your devices.

Let’s learn how to do this step-by-step.

Find the Best Docker Container

Several Docker containers are available to run Bitwarden on a Raspberry Pi, but most of them are no longer supported and recommend using the Vaultwarden server. Vaultwarden is an open-source version with many free features.

That’s the one I used and it works well, so you should probably use the same one.
Here’s their page on the Docker hub website if you want more detail about the project.

Install the Vaultwarden Container

Once the project is chosen, we can install it like any Docker container, with:
docker pull vaultwarden/server:latest

Next, you can start the container with:
docker run -d --name vaultwarden -v /vw-data/:/data/ -p 80:80 vaultwarden/server:latest

It will start with HTTP mode only, which is absolutely not a good idea for a password manager, but at least we can check that everything is working first before going further.

(For an easier way to use Docker on the CLI, check out our guide to Docker Compose.)
(Or, for a graphical way to manage containers, check out our guide to Portainer.)

The Basic Test of Bitwarden with HTTP

From a web browser on your PC, visit the Raspberry Pi address you noted earlier, probably something like:
http://192.168.1.X
Or in my case:
http://192.168.30.19

If it’s working correctly, you should get this page:

It’s loading properly, but as you can see, we still need to enable HTTPS before continuing.

Enabling HTTPS for Bitwarden on Raspberry Pi

With most home projects, I don’t go to the trouble of enabling HTTPS. This isn’t a best practice, but I often find it too complicated, especially on a small local network. And in most cases, it’s not a big deal to have low security for basic projects like media servers or things like that.

But a password manager server is an entirely different thing. If you store all your passwords on your Raspberry Pi, and somehow, someone is listening on your network and gets the Bitwarden master password, you are screwed. All your logins and passwords can be stolen.

Anyway, you don’t really have a choice here, as Vaultwarden doesn’t work in HTTP. Enabling HTTPS is a bit complicated, especially if it’s your first time, but I’ll explain everything in detail.

Possible Solutions for HTTPS

The best way to enable HTTPS is to get a domain name, redirect it to your server, and generate (or buy) an SSL certificate for this domain. Then, you add the SSL certificate to the web server configuration to secure the connections.

Another option could be to generate the SSL certificate yourself on the Raspberry Pi (by using openssl), associating it with your Raspberry Pi IP address or hostname, and then adding it to the trusted certificates on your computer.

This could be easier for many projects where you only use one device to access the web interface, but I don’t think it’s a good idea for a password manager. I’m guessing you’ll install Bitwarden on your PC, but also on your smartphone, tablet, and maybe other devices.

That’s why I decided to use a domain name for this project. Don’t worry, there are free options, and I’ll explain how to do it.

Redirect the Domain Name to Your IP Address

I don’t have a static public IP address, so I’m using No-IP services to redirect a custom domain name to my current IP address. Basically, they give you a subdomain (like yourname.hopto.org), and software that will regularly update your current IP on their DNS server.

I explain everything about No-IP in this article if you are interested (especially how to set up the software part on Raspberry Pi).

The alternative, if you have a static IP address, is to get a real domain name (like yourname.com) by using GoDaddy or a similar company to buy it. You can then configure the DNS zones to redirect the domain (or a subdomain) to your IP address.

Either way, it’s important to make sure you have a domain name redirecting to your current IP address before moving forward. You can’t generate a free SSL certificate without doing this first.

Port Forwarding

In most cases, redirecting the domain to your public IP address won’t automatically grant access to the Bitwarden login page from outside your network. So you’ll also need to configure your Internet router to redirect inbound requests to the Raspberry Pi local IP address (192.168.X.Y).

This will be a different procedure for each router, so I can’t explain exactly how to do it on your network, but if you look for “port forwarding” in your router documentation, you’ll easily find the instructions.

On my router, I have to go to the Advanced mode, and then find the NAT/PAT section, where I can redirect an external port (I chose 4443) to an internal port and IP address (443 and 192.168.222.15 in my case). You also need to redirect port 80 temporarily to generate the SSL certificate in the next step.

So, basically, my NAT configuration is:

Service	External Port	Internal IP	Internal Port
Bitwarden HTTPS	4443	192.168.222.15	443
Bitwarden HTTP	80	192.168.222.15	80

Do something similar on your router, and make sure it works from outside your network before moving forward. You can test it by disabling the Wi-Fi on your smartphone, and trying to access the HTTP login form with your domain name, for example:
http://yourname.hopto.org

Note: I prefer not to use the default port when I do port forwarding. I know many guys are scanning default ports like 80 and 443 to find breaches. I just hope to avoid their scripts when doing this. I know it’s not perfect, but it’s already that.

If you get the login form, everything is ready to generate the SSL certificate and switch to HTTPS.
If not, check the previous steps and linked articles to make sure you did everything correctly.

Generate a Certificate with Certbot

We are almost there! We’ll now use the free Let’s Encrypt service to create an SSL certificate that will be valid and recognized in any web browser.

First, stop the Vaultwarden container to avoid any conflict:
docker stop [ID]
You can find the ID at the end of the “start” command, or with:
docker ps

Then, install Certbot, it’s the app from Let’s Encrypt that we’ll use to generate the certificate:
sudo apt install certbot

Once done, use the following command to generate the certificate:
sudo certbot certonly -d yourdomain.com
Follow the wizard to create the certificate. Choose to spin up a temporary web server (as we don’t have any if you started this from scratch), and it should work. You’ll get the certificate and key locations on your screen, remember this.

Run Bitwarden with HTTPS

There are several ways to use Bitwarden with HTTPS. I first thought of using a proxy with Nginx to redirect port 443 to the container running in HTTP. But in fact, they give us a better and easier way on the Vaultwarden page: you can use “Rocket” directly once your certificate is generated.

So, I just copied my certificate files to a new folder:
sudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /ssl/keys/certs.pem
sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /ssl/keys/key.pem

And then started the container with a few more parameters, to use HTTPS instead of HTTP, and tell it where to find my certificate:
docker run -d -e ROCKET_TLS='{certs="/ssl/certs.pem",key="/ssl/key.pem"}' -v /ssl/keys/:/ssl/ -v /vw-data/:/data/ -p 443:80 vaultwarden/server:latest

Check that it loaded properly:

From there, Bitwarden is now accessible via HTTPS, with the domain name you chose and the port your defined on your router. In my case, it’s:
https://yourdomain.com:4443

Testing HTTPS

To make sure it’s working, you can use your phone again (make sure to be disconnected from your home Wi-Fi), and use the previous URL to access Bitwarden.

If everything is set up correctly, you should get the same login form, but this time with the HTTPS lock enabled on your browser:

Good job! You did the hard part, the server is ready to use. We just have to create an account and configure the other devices (clients) to use your self-hosted Bitwarden server from anywhere.

Getting Started with Bitwarden on Raspberry Pi

Using a self-hosted version of Bitwarden is then not very different from their cloud plans. There’s also nothing different with hosting it on a Raspberry Pi instead of any other kind of computer or server.

Self-hosting can be a great way to save money, so let’s take a moment anyway to explain the first steps to using your new Bitwarden server.

Create an Account on the Bitwarden Server

You have access to the login form via HTTPS, so you can now use this form to create a new account. This account will be created on the Raspberry Pi only, so even if you already have a Bitwarden account, you need to create one here.

That’s one of the benefits of using a self-hosted version of Bitwarden, everything stays on your server (your vault with all the usernames and passwords, but also the master account).

Once the account is created, make sure you can log in. You should get access to your vault, which is empty for now, it looks like that:

You can add and upload items manually, but the most convenient way to use Bitwarden is to install their apps or extensions on all your devices.

Install the Bitwarden App on Your Devices and Web Browsers

Bitwarden is available as a Desktop application for Windows, macOS, and Linux. There are also extensions available for almost all web browsers (Chrome, Firefox, Opera, Brave, etc.) and mobile apps for Android and iOS.

In fact, there are so many ways to use Bitwarden, that even on exotic systems you should be able to find a way to use it. You can even use it via the command line if you like. It’s a lesser-known Raspberry Pi project that almost anyone can build.

Download the corresponding app or extension here for all the devices you want to use Bitwarden with.
Once the app or extension is installed, it will ask you to log in. But as you use a self-hosted environment, there is one additional step, you need to specify your server URL in the settings:

By default, Bitwarden tries to connect to their cloud servers, so it won’t work. Once your custom URL is set up, you should be able to log in with the account you created earlier. From there, Bitwarden works like any password manager. Each time you log in to a new website, it will ask you if you want to save the password in your vault, with a message looking like this:

Click Save, and the password will be stored on your Raspberry Pi. Everything is safe and encrypted, as long as you are using HTTPS and nobody gets your master password.

That’s it, you are now using a password manager that you have full control over. Bitwarden is installed on your Raspberry Pi, and all your devices are connecting to it to save your password and fill out the login forms automatically.

Local Network Usage

One last quick tip before wrapping up, as your domain name probably won’t work when you are on the same network as your Raspberry Pi. When your computer asks for the IP address corresponding to the domain name, it returns your public IP address, and routers are generally not doing the port forwarding stuff for the local computers.

There are several ways to handle this.
The best way is probably to add the domain name to your local network DNS server (maybe it’s your router), to tell it to redirect to the local IP address (192.168.X.Y) instead of the public IP address.

But an easier way, if you only have one computer, might be to add this domain name to your “hosts” file.
On Linux, it is under /etc/hosts, and on Windows, it’s under C:\Windows\system32\drivers\etc\hosts.
Add this line at the end:
192.168.X.Y yourdomain.com
Replacing the IP address with the one from your Raspberry Pi, and the domain name you generated the SSL certificate for.
Something like:

After doing this, Bitwarden should work from your computer.
Repeat these steps on all computers if needed. But if you want to use Bitwarden on your phone, adding an entry on your DNS server is a better idea (or you’ll add to disconnect your phone from your Wi-Fi).

Once the initial setup is done, I highly recommend reading the official documentation before going further, to learn more about security and also on how to back up your Raspberry Pi.
If your Raspberry Pi is corrupted and won’t boot anymore, you’ll lose all your passwords.
In this case, I would try to do a complete backup of your SD card / USB key at least once a month (and test it to make sure it works).

Recommended: 11 Useful Raspberry Pi Projects With No Extra Hardware.

I liked testing this project for you, I hope this tutorial will be useful. Feel free to leave a comment in the community if you have any feedback or suggestion about this.

Not getting the same result?

Even when you follow every step, small differences in OS version, hardware or config can change the outcome. Instead of wasting time guessing, get help from people who have already fixed the same kind of issue.

Ask your question now →

🔒 No risk. Cancel anytime.

• Get help on your exact issue
• Access step-by-step videos for tricky setups
• Browse the website without ads