Vaultwarden
$9.00 / month with a 7-day free trial and a $1.00 sign-up fee
Self-hosted, Bitwarden-compatible password manager — runs the official Bitwarden mobile, browser, and desktop clients against your own subdomain instead of bitwarden.com.
A managed instance of Vaultwarden on ElfHosted — the unofficial-but-mature Rust rewrite of the Bitwarden server, fully compatible with every official Bitwarden client (iOS, Android, browser extensions for Firefox/Chrome/Safari/Edge, macOS/Windows/Linux desktop, CLI). Same client experience; your vault lives on your subdomain instead of Bitwarden’s cloud. AGPL-3.0.
The point of self-hosting a password manager isn't avoiding Bitwarden's pricing — it's avoiding the question "what happens when this company gets bought, breached, or pivots". Vaultwarden answers it permanently.
What is Vaultwarden?
Vaultwarden is an unofficial Bitwarden server written in Rust. It implements the Bitwarden API exactly, which means every official Bitwarden client app — the iOS app, Android app, browser extensions, desktop apps, CLI — connects to a Vaultwarden server with no patches and no compromises. From the client's perspective it is Bitwarden; from your server's perspective, it's a single Rust binary with a SQLite or Postgres backend, dramatically lighter than Bitwarden's official server (which needs MS SQL, Identity Server, several .NET microservices, etc.).
The Bitwarden code-base is open-source and Bitwarden the company offers self-hosting; Vaultwarden exists because the official path is operationally heavy for a small instance (3-50 users). Vaultwarden trades some enterprise-grade features for a deployment that fits in a single small VM. For the household / small-team / "just me" cases that's exactly the right trade.
Features
- 🔐 Full Bitwarden client compatibility — official iOS, Android, browser-extension (Firefox / Chrome / Edge / Safari / Brave / Vivaldi), macOS / Windows / Linux desktop apps, CLI. No "alternative client" shenanigans.
- 📲 Autofill on mobile and desktop — works the same as Bitwarden's: tap to autofill, biometric unlock, password generator, secure notes.
- 👥 Organizations & collections — share specific credential subsets with family / housemates / partners; per-user permissions.
- 🔑 2FA / MFA — TOTP authenticator built into Vaultwarden (so the password and the second factor live in different vaults if you want), plus FIDO2 / WebAuthn / Yubikey for unlocking the vault itself.
- 📥 Import from anywhere — direct imports from Bitwarden, 1Password, LastPass, Dashlane, KeePass, Chrome / Firefox / Safari built-ins, plus generic CSV.
- 📤 Encrypted vault export — your data is yours; bulk-export at any time as encrypted JSON.
- 🔄 Migrates to/from Bitwarden cloud — Bitwarden's own export imports cleanly into Vaultwarden, and Vaultwarden's export imports cleanly into Bitwarden cloud. No lock-in either direction.
- 🔓 Send — Bitwarden's secure-text-and-file-share feature is fully implemented.
- 👁️🗨️ Emergency Access — designate trusted contacts who can request vault access after a delay (the "if I'm hit by a bus" feature).
- 🔓 FOSS & AGPL-3.0 — no vendor account required, no paid tier (Bitwarden's "premium" features that require a sub on bitwarden.com are free in Vaultwarden).
Vaultwarden vs Other Password Managers
- vs. Bitwarden cloud (bitwarden.com) — same clients, same data formats, same UX. Bitwarden cloud is run by Bitwarden, Inc.; Vaultwarden is run by you on your subdomain. The Premium features ($10/year on bitwarden.com — TOTP authenticator, file attachments, advanced 2FA, Emergency Access) are all included in Vaultwarden by default.
- vs. official Bitwarden self-hosting — same clients again, but the official self-host stack is heavyweight (MS SQL, Identity Server, several .NET microservices). Right for 100+ user organisations; massive overkill for households or small teams. Vaultwarden gives you the Bitwarden experience at small-deployment-friendly weight.
- vs. 1Password — 1Password is excellent and commercial. The trade is Apple-style polish + cloud-only sync vs. Vaultwarden's "your subdomain, your data, no recurring fee". Many users keep both: 1Password for shared family vault, Vaultwarden for personal/work isolation.
- vs. KeePass / KeePassXC — KeePass is a local file format that you sync with Dropbox / Syncthing / git. Vaultwarden adds a real server, real autofill, real cross-device sync over the wire — which most users want once they tried KeePass for a month.
- vs. LastPass — LastPass had repeated severe breaches in 2022-2023, including a master-password vault leak. Many users moved to Vaultwarden specifically as a "I don't trust password managers as a service category any more" response.
Why Run Vaultwarden on ElfHosted?
Self-hosting a password manager is a category where "good enough" isn't acceptable — your master vault is the single most sensitive file in your digital life. Operational mistakes (no backups, expired TLS, unpatched server, lost storage) hurt disproportionately. ElfHosted handles the high-stakes parts:
- HTTPS with auto-renewing TLS on your own ElfHosted subdomain — required for the Bitwarden mobile apps to connect, required for security in any case.
- Persistent storage with automated backups — your vault has a recovery point if anything goes wrong.
- Updates handled across versions; Vaultwarden ships releases regularly with security fixes (the upstream maintainer is responsive on security issues).
- Server-side encryption at rest (on top of Vaultwarden's own client-side encryption — a defence-in-depth layer).
- SSO via your ElfHosted account for the admin panel; user authentication still goes through Bitwarden's own auth flow.
- Single subscription: $9/month — vs. Bitwarden Premium's $10/year, the trade is "always-on managed infrastructure" vs "hosted on Bitwarden's servers".
Technical Specifications
- 🛠️ Software: Vaultwarden (FOSS, AGPL-3.0)
- ⚙️ Stack: Rust binary + SQLite or PostgreSQL
- 📱 Mobile clients: official Bitwarden iOS & Android apps (App Store, Play Store, F-Droid) — free
- 🌐 Browser extensions: Bitwarden official extensions for Firefox, Chrome, Edge, Safari, Brave, Vivaldi, Opera
- 💻 Desktop apps: Bitwarden official for macOS, Windows, Linux (plus AppImage / Snap / Flatpak)
- ⌨️ CLI: official `bw` CLI works against Vaultwarden out of the box
- 🔐 Encryption: client-side AES-256 + PBKDF2/Argon2 (your vault is encrypted before it leaves the client; the server stores ciphertext)
- 🔑 Auth methods: master password, FIDO2/WebAuthn, Yubikey, TOTP, biometric unlock on mobile/desktop
- 📥 Imports: Bitwarden, 1Password, LastPass, Dashlane, KeePass, Chrome/Firefox/Safari built-ins, generic CSV
- 👥 Multi-user: yes — organizations + collections with per-user role-based access
- 🔑 Subscription: $9/month — Vaultwarden itself is fully free; "Premium" features that require a sub on bitwarden.com are unlocked for free
- 🌐 Access: HTTPS on your own ElfHosted subdomain (required for Bitwarden mobile apps)
- 🔄 Updates: handled by ElfHosted; security releases tracked closely
Frequently Asked Questions
How do I run Vaultwarden without self-hosting it?
Add it to your ElfHosted subscription — this product is a managed Vaultwarden instance with HTTPS, persistent storage, automated backups, security-tracked updates, and SSO via your ElfHosted account for the admin panel.
Can I really use the official Bitwarden mobile / browser apps?
Yes — that's the whole point of Vaultwarden. The Bitwarden client apps don't know whether they're talking to bitwarden.com or your Vaultwarden instance; same UX, same features. Configure the server URL in the client (one-time) to point at your ElfHosted subdomain.
How do I migrate from LastPass / 1Password / Bitwarden cloud?
Export from your current manager (every commercial password manager has an export-to-CSV / encrypted-JSON option, often buried in account settings). Import into Vaultwarden via the web vault. Bitwarden cloud is the cleanest migration since the formats match exactly.
What if I want to leave Vaultwarden later?
Vaultwarden's encrypted-JSON export imports directly into Bitwarden cloud, KeePass, 1Password, and most other managers. No lock-in.
Is the TOTP authenticator built in?
Yes. On bitwarden.com that's a Premium feature ($10/year); on Vaultwarden it's free.
Can my family / partner share an instance?
Yes — Vaultwarden supports organizations and collections. Set up a family organization, share the "household credentials" collection, keep individual personal vaults separate. One subscription covers the household.
What about Emergency Access ("if I'm hit by a bus")?
Implemented. Designate trusted contacts who can request vault access; you set a wait period before access is granted (so if a request is unauthorised you have time to deny it).
Is Vaultwarden audited?
Vaultwarden itself is open-source and reviewed by the community; the underlying Bitwarden client code-base has been formally audited by Cure53. Vaultwarden's server-side implementation matches the Bitwarden API; the client-side encryption is identical because it's the same client app.
Vaultwarden is the lightweight Bitwarden-compatible password-manager server that lets you run the official Bitwarden clients against your own subdomain. Same UX, same features, plus all of Bitwarden's "Premium"-tier features unlocked. Hosted on ElfHosted with HTTPS, automated backups, and security-tracked updates for $9/month.
Only logged in customers who have purchased this product may leave a review.
Related products
PrivateBin
Self-hosted encrypted pastebin — text and files encrypted in the browser before they ever reach the server, with burn-after-reading, expiration, and password protection.
A managed instance of PrivateBin on ElfHosted — a zero-knowledge pastebin where the server stores ciphertext only and the decryption key lives in the URL fragment (the part after `#`, which never reaches the server). Paste a snippet, share the link, recipient sees the content; the server itself can't read it. Free, open-source, ZLib license.
Reviews
Clear filtersThere are no reviews yet.