Bitwarden is one of the best password managers on the market. Not only does it include features that make it perfectly at home with teams and organizations, but you can also deploy your own instance of the tool, so you never have to worry about your company’s most sensitive data ever being synced, shared, or saved on a third-party server. This is a great option for businesses that work with highly sensitive account details, notes, and identities.
And, thanks to Docker, the process of deploying Bitwarden in-house is actually pretty easy. I’m going to walk you through the steps, so you can use this password manager service within your LAN. You can deploy it to a single machine in your data center or even a VM hosted on a third-party cloud-based service.
What You’ll Need
Here’s what you’ll need to make this work:
- A running instance of an operating system that supports Docker (I’ll demonstrate this on Ubuntu Server 22.04).
- A user with sudo privileges.
- An SMTP server (I’ll demonstrate using the Gmail SMTP service).
That’s it. Let’s get to work.
How to Install Docker CE
On the off-chance you haven’t installed Docker, here are the steps for doing so.
First, add the official Docker GPG key with the command:
curl –fsSL https://download.docker.com/linux/ubuntu/gpg &&
| sudo gpg —dearmor –o /usr/share/keyrings/docker–archive–keyring.gpg
Next, add the Docker repository:
echo “deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg]&&
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable” | &&
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Before you can install Docker, you must install a few dependencies with the command:
sudo apt–get install apt–transport–https ca–certificates curl gnupg lsb–release –y
Update apt with:
Finally, we can install the latest version of the Docker CE runtime engine:
sudo apt–get install docker–ce docker–ce–cli containerd.io –y
Add your user to the docker group with:
sudo usermod –aG docker $USER
Log out and log back in for the changes to take effect.
Deploy Bitwarden with Docker
We’re now ready to deploy Bitwarden. First, download the handy script the company created for this process with the command:
curl –Lso bitwarden.sh “https://func.bitwarden.com/api/dl/?app=self-host&platform=linux” &&
chmod 700 bitwarden.sh
Once that downloads, run the install command with:
During the installation, you’ll be asked the following questions:
- Enter the domain name for your Bitwarden instance — if you don’t have a domain, you can use the IP address of your hosting server.
- Do you want to use Let’s Encrypt to generate a free SSL certificate? (y/n) — if you don’t have a domain associated with this server, you must select n.
- Enter your installation id — this is accessed by visiting https://bitwarden.com/host
- Enter your installation key — this key will be presented on the same page as the installation id.
- Do you have an SSL certificate to use? (y/n) — if you have an SSL certificate, type y, otherwise type n.
- Do you want to generate a self-signed SSL certificate? (y/n) — if you don’t have an SSL certificate, answer y.
It is absolutely crucial that you use an SSL certificate, otherwise, you will not be able to create an account or use a number of the Bitwarden features.
Once the installation completes, you’ll need to configure the environment variables for the SMTP server. If you use the Gmail SMTP servers and you have 2FA enabled for your account, you’ll need to create an app password, which can be done here.
Configure the SMTP Server
To configure the SMTP server, open the global env file with the command:
In that file, look for the following lines:
If you’re using the Gmail SMTP servers, change everything marked REPLACE to:
- Replace replyTo_email with your email address.
- Replace smtp__host with smtp.gmail.com.
- Replace smtp__username with your Gmail address.
- Replace smtp__password with the app password you generated.
If you’re using a different SMTP server, make sure to configure it as necessary.
Save and close the file.
Restart the Bitwarden instance with:
Once the Bitwarden service has restarted, open a web browser and point it to https://SERVER (where SERVER is the IP address or domain of your hosting server). You will be greeted by the Bitwarden login screen (Figure 1).
Click Create Account and, in the resulting window (Figure 2), fill out the necessary information for the new account and click Create Account.
You will then be kicked back to the login screen, where you can log in with your new account. In the resulting window (Figure 3), click Send Email in the Verify Email box. You’ll be sent an email where you can then verify the new account.
And that’s all there is to deploy an on-premises instance of the Bitwarden password manager server. Enjoy that added level of privacy for your most important secrets.