How to Self-Host Vaultwarden as a Free Bitwarden-Compatible Password Manager

A password manager you control, that costs nothing in licences and runs on a computer the size of a paperback, is well within reach. Vaultwarden is a lightweight reimplementation of the Bitwarden server written in Rust, and it speaks the same protocol as every official Bitwarden app and browser extension. The headline is how little it asks for: under 50 MB of RAM at idle, light enough to run on a Pi Zero 2W while still handling browser extensions, mobile apps, sharing, TOTP, and emergency access.

Quick Answer

Run Vaultwarden in a single Docker container on any machine you own, point a domain with HTTPS at it, and connect the standard Bitwarden apps to your own server URL. It uses under 50 MB of RAM where the official Bitwarden self-host wants 2 GB, and it keeps full compatibility with every Bitwarden client.

Why Vaultwarden Over the Official Server

The official Bitwarden self-hosted server is a heavyweight, splitting its work across multiple containers and asking for at least 2 GB of RAM. Vaultwarden does the same job in one Rust container using a fraction of the resources, which is why it has become the go-to for home labs and small teams.

Crucially, it is not a clone with missing features. Vaultwarden implements browser extensions, desktop and mobile clients, organisation sharing, time-based one-time passwords, and emergency access. The clients cannot tell the difference, because you simply point them at your own server address instead of Bitwarden's cloud. A low-power always-on box suits it perfectly, and the mini PC range at Evetech is full of machines that can run this quietly in a corner.

Setting It Up With Docker

1. Pick the host. Any always-on machine works, from a Raspberry Pi to a mini PC. Because Vaultwarden sips RAM, even modest hardware leaves plenty of headroom for other services.
2. Install Docker. Set up Docker on the host so you can run Vaultwarden as a single container. This keeps the install clean and easy to update later.
3. Run the container. Pull the Vaultwarden image and start it with a mapped data volume so your vault persists across restarts. Set an admin token as an environment variable so you can reach the admin page securely.
4. Add HTTPS. This step is non-negotiable. Bitwarden clients refuse to connect over plain HTTP, so put a reverse proxy in front of Vaultwarden to handle a TLS certificate, or terminate HTTPS another way. A domain name pointed at your server makes this straightforward.
5. Connect the apps. In any Bitwarden app or extension, change the server URL under self-hosted settings to your domain, then create your account and log in. Everything from autofill to sharing now runs on hardware you own.

Locking It Down

A self-hosted vault is only as safe as its setup. Keep the host updated, restrict the admin page behind your token and ideally your local network only, and back up the data volume regularly, because losing it means losing every stored password. Enable two-factor authentication on your own account as well, since the server holds the keys to everything.

Treat the backup as seriously as the install. Copy the data volume somewhere safe on a schedule, and test that you can restore it before you ever need to. For drives and the small parts to build a tidy always-on machine, the PC best sellers at Evetech are a practical starting point.

Frequently Asked Questions

Is Vaultwarden really compatible with the official Bitwarden apps?

Yes. It implements the Bitwarden protocol, so the official browser extensions, desktop apps, and mobile apps all work by simply pointing them at your own server URL. You do not need any special client.

How much RAM does it actually need?

Vaultwarden runs the full server in one container using under 50 MB of RAM at idle. That is light enough for a Pi Zero 2W with 512 MB, which is why it suits low-power home servers so well.

Why is HTTPS mandatory?

Bitwarden clients refuse to connect over plain HTTP for security reasons. You must serve Vaultwarden over HTTPS, usually with a domain name and a reverse proxy handling the certificate, before any app will talk to it.

Can a whole family or small team use one instance?

Yes. Vaultwarden supports organisation sharing, so multiple users and shared collections work on a single instance. A modest server handles a family vault comfortably given how light the software is.

What happens if my server fails?

If the data volume is lost, your vault is gone, so regular backups are essential. Copy the volume off the host on a schedule and confirm you can restore it. With backups in place, you can rebuild on new hardware quickly.