Vaultwarden is a lightweight, Bitwarden-compatible API server written in Rust. It provides a fully functional, self-hosted password vault that works seamlessly with official Bitwarden clients (browser extensions, mobile apps, and desktop applications). Vaultwarden is the go-to solution for smaller deployments seeking significantly lower resource usage compared to the full Bitwarden stack while maintaining full API compatibility.
Latest Stable Version:
1.35.4(February 2026) | Docker Image:ghcr.io/dani-garcia/vaultwarden:latestorghcr.io/dani-garcia/vaultwarden:1.35.4
| Scenario | Description |
|---|---|
| Personal Vault | Self-hosted password management for individuals and families |
| Small Team Collaboration | Secure credential sharing for development teams (β€50 users) |
| Enterprise Lite | Lightweight alternative to full Bitwarden for SMBs |
| Air-Gapped Environments | Internal vault without external cloud dependencies |
| Resource-Constrained Systems | Raspberry Pi, low-memory VPS, edge deployments |
| DevOps Credential Store | Service account passwords, API keys, deployment secrets |
| Component | Technology |
|---|---|
| Backend | Rust (Actix-web framework) |
| Database | SQLite (default), PostgreSQL, MySQL/MariaDB |
| Container | Docker, Podman, Kubernetes-ready |
| Authentication | Email/Password, TOTP, FIDO2/WebAuthn, YubiKey OTP, SSO (OIDC) |
| Encryption | AES-256-CBC, PBKDF2-SHA256, Argon2id (client-side encryption) |
| Reverse Proxy | Nginx, Apache, Caddy, Traefik |
| Release Track | Version | Description |
|---|---|---|
| Stable (Latest) | 1.35.4 |
Current production-ready release with security fixes |
| Stable (Previous) | 1.35.3 |
Previous stable (Feb 2026) |
| Development | main branch |
Bleeding-edge builds (not recommended for production) |
π‘ Hint: For production deployments, always use the latest stable release (
1.35.4or newer). Starting with v1.35.0, Vaultwarden uses immutable releases with release attestation for enhanced security verification. Check the GitHub Releases page before deploying.
For a minimal Docker Compose setup:
services:
vaultwarden:
image: ghcr.io/dani-garcia/vaultwarden:1.35.4
container_name: vaultwarden
restart: unless-stopped
volumes:
- ./vw-data:/data
ports:
- "127.0.0.1:8000:80"
environment:
- DOMAIN=https://vault.example.com
- SIGNUPS_ALLOWED=false
- ADMIN_TOKEN=<your-secure-token>
β οΈ Security Notice: This is a minimal example. For production deployments, always use HTTPS, restrict network access, configure SMTP for notifications, and follow the Security Hardening Guide.
Any questions?
Feel free to contact us. Find all contact information on our contact page.