Home / Server / Vaultwarden / What Is Vaultwarden? The Self-Hosted Bitwarden Alternative

What Is Vaultwarden? The Self-Hosted Bitwarden Alternative

Password managers are one of the few pieces of software where trusting a third party with everything you own access to is baked into the whole idea — which is exactly why a growing number of people who already self-host their photos, files, and media want to self-host their passwords too. Vaultwarden is how they do it. This guide explains what it is, how it relates to Bitwarden, and what is involved in running it yourself.

What Is Vaultwarden?

Vaultwarden is a free, open-source, lightweight server implementation of the Bitwarden password manager. It is not made by Bitwarden itself — it is a community-built, unofficial alternative server, written to be fully compatible with the official Bitwarden apps and browser extensions, so you get exactly the same interface and experience as using Bitwarden’s own cloud service, except the server is running on your own hardware.

It was originally created under the name “bitwarden_rs” before being renamed to Vaultwarden, specifically because Bitwarden’s own official server software is heavier, harder to self-host comfortably, and designed more for enterprise deployments. Vaultwarden strips this down into something that runs comfortably on a Raspberry Pi or a small container, while remaining fully compatible with every official Bitwarden client.

Vaultwarden vs Bitwarden’s Own Cloud Service

  • Where your data lives: With Bitwarden’s cloud service, your encrypted vault sits on Bitwarden’s servers. With Vaultwarden, it sits entirely on your own server, under your own control.
  • Cost: Bitwarden’s cloud service has a generous free tier and modest paid tiers for premium features. Vaultwarden is entirely free and unlocks premium-only features (such as TOTP authenticator storage and file attachments) without any subscription.
  • Client apps: Identical — Vaultwarden works with the same official Bitwarden apps on desktop, mobile, and as a browser extension, simply pointed at your own server’s address instead of Bitwarden’s.
  • Responsibility: With the cloud service, Bitwarden handles backups, uptime, and security patching. With Vaultwarden, that responsibility is entirely yours.

The vault itself is still end-to-end encrypted using the same encryption Bitwarden uses — Vaultwarden never has access to your unencrypted passwords, regardless of who runs the server, since the encryption and decryption happen on your own device using your master password.

Why People Choose to Self-Host Their Password Manager

  • Full control over where the (already encrypted) vault data physically sits
  • No monthly subscription for features that are free with Bitwarden’s official server but paid on the hosted cloud service
  • No dependency on a third party’s uptime or business decisions for something as critical as password access
  • Fits naturally alongside other self-hosted infrastructure people already run — Nextcloud for files, Immich for photos, and Vaultwarden for passwords, all under one roof

What You Need to Run Vaultwarden

  • A server to run it on — a Docker container, a VM or LXC container on Proxmox, or a Raspberry Pi are all common, lightweight choices
  • HTTPS is strongly recommended (arguably essential) since this is handling your master password and vault — a reverse proxy with a valid SSL certificate, or a service like Cloudflare Tunnel, is the standard way to achieve this
  • A reliable backup strategy for the vault database, since losing it without a backup means losing every stored password

Is Self-Hosting a Password Manager Risky?

The encryption model means your passwords are never stored or transmitted in plain text, even by the server itself — the real risks with self-hosting Vaultwarden are operational rather than cryptographic: keeping the server patched, ensuring reliable backups exist, and making sure it is only ever accessed over HTTPS. For most people comfortable running other self-hosted services, these are manageable with the same discipline already applied to a NAS or home server, but it is a genuinely higher-responsibility choice than using a managed cloud service, and worth being honest with yourself about before switching.

Frequently Asked Questions

Is Vaultwarden officially supported by Bitwarden?

No, Vaultwarden is an independent, community-built project. It aims for full compatibility with official Bitwarden clients, but is not developed or officially endorsed by Bitwarden itself.

Can I use the normal Bitwarden apps with Vaultwarden?

Yes — this is the entire point of Vaultwarden. You use the exact same official Bitwarden apps and browser extensions, simply pointing them at your own server’s URL in the settings instead of Bitwarden’s default cloud address.

What happens if my Vaultwarden server goes down?

Bitwarden’s apps cache your vault locally on each device, so you can still view and use existing passwords while offline, but you will not be able to sync new changes or add entries until the server is reachable again — which is why a reliable, monitored server (Uptime Kuma is a natural pairing here) matters more for a password manager than for less critical self-hosted services.

Does Vaultwarden support two-factor authentication?

Yes, including TOTP authenticator codes, WebAuthn security keys, and Duo — several of which are locked behind Bitwarden’s paid Premium tier on the official cloud service, but are free and unlocked by default on a self-hosted Vaultwarden instance.