A password manager is a tool that helps you securely store and manage your passwords and other sensitive information, such as credit card numbers and bank account details. There are many commercial password managers available, but if you want more control and security over your personal data, you can create a self-hosted password manager using a tool called Bitwarden.
Bitwarden is an open-source password manager that allows you to self-host your own instance, giving you the ability to fully customize and control your password management experience.
In this article, we will go through the steps to set up a self-hosted Bitwarden instance, starting from setting up the necessary prerequisites to accessing and using your new password manager.
Prerequisites
Before we start setting up Bitwarden, there are a few things you will need:
- A server to host your Bitwarden instance. This can be a virtual private server (VPS) from a provider such as DigitalOcean, or a physical server you have set up yourself. The server should have at least 1 GB of RAM and 2 CPU cores.
- A domain name to access your Bitwarden instance. This can be a subdomain (e.g. "passwords.example.com") or a top-level domain (e.g. "passwordmanager.com").
- An SSL/TLS certificate for your domain name. This is necessary for encrypting the connection to your Bitwarden instance and is required for the self-hosted version. You can obtain a free SSL/TLS certificate from Let's Encrypt.
- Docker and Docker Compose installed on your server. Docker is a containerization platform that allows you to easily deploy applications, and Docker Compose is a tool for defining and running multi-container Docker applications.
Setting up the server
Start by creating a server with you VPS provider. In this case, Digital Ocean will be used.
- Log in to your server via SSH. If you are using a VPS, the login details should have been provided by the provider. If you are using a physical server, you will need to use a program such as PuTTY (for Windows) or Terminal (for macOS and Linux).
- Next, update the package manager's package list and upgrade any existing packages by running the following commands:
sudo apt update -y
sudo apt upgrade -y
You can run all command with root previliges without entering sudo every single time. To do that, run the following command.
sudo -i
The next step is to Install Docker and Docker Compose by running the following commands:
apt install docker.io -y
apt install docker-compose -y
- Verify that Docker and Docker Compose are installed and working by running the following commands:
docker --version
docker-compose --version
You should see the version numbers of the installed packages printed to the terminal.
Setting up the domain name and SSL/TLS certificate
- If you have not already done so, purchase a domain name from a domain registrar such as GoDaddy or Namecheap.
- Set up a DNS A record for your domain name that points to the IP address of your server. The exact steps for doing this will depend on your domain registrar and DNS provider. Consult their documentation for more information.
- Install the Let's Encrypt client "certbot" by running the following command:
sudo apt install certbot
- Obtain an SSL/TLS certificate for your domain name by running the following command:
sudo certbot certonly --standalone -d yourdomain.com
Replace "yourdomain.com" with your your domain name.
This process is useful as the domain name will be used for the configuration of Bitwarden.
Installing Bitwarden
Once the server and domain name are ready, the next step is to install Bitwarden.
- Run the following command to create a new user and a new new directory for Bitwarden .
useradd -G docker,sudo -s /bin/bash -m -d /opt/bitwarden bitwarden
This creates a new user called "bitwarden" that is a member of the "docker" and "sudo" groups, with a login shell of "/bin/bash" and a home directory of "/opt/bitwarden".
- Set a password for the "bitwarden" user by running the "passwd" command:
passwd bitwarden
This command will prompt you to type your new password and retype it for confirmation.
- Change the ownership of the "/opt/bitwarden" directory to the "bitwarden" user:
chown -R bitwarden: /opt/bitwarden
Switch to the "bitwarden" user by running the following command:
su - bitwarden
- Change to the "/opt/bitwarden" directory:
cd /opt/bitwarden
Download the Bitwarden installation script by running the following command:
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh
We can confirm the script has downloaded by using the ls
command. It is a bash file.
Make the script executable by running the following command:
chmod +x bitwarden.sh
- Run the installation script with the "install" command:
./bitwarden.sh install
This will install the necessary dependencies and set up the Bitwarden environment.
At this point, you will be asked to enter your domain name in which case you will enter the domain name you created earlier. (This domain name should point to the servers ip address).
The next prompt will ask if you want to use Let's Encrypt to generate a free ssl cert. If you choose yes, you should make sure that port 80 and 443 are forwarded to the server. In this case, a demo server is used so the ports are not forwarded which mean the certificate generation will fail. For this reason, I will choose n
and press enter.
The next step is to enter name for the Bitwardens database. You can name it anything and press Enter
Next step prompts you for the installation ID
and the installation key
. You can get these by going to the following link
https://bitwarden.com/host/
Enter your email and click Submit to generate your Installation ID and Key.
Next step is a confirmation if you have an SSL certificate. This prompt will not show if you used "Let's Encrypt" to generate a free one. In this case I will choose n
and generate a self-signed SSL certificate.
That is all. You can start the Bitwarden server by running the following command:
./bitwarden.sh start
This command will pull all the containers that are going to be utilized by Bitwarden.
When the process is completed, you should see a message indicating that Bitwarden is up and running.
Accessing and Using Bitwarden
-
Open a web browser and navigate to your domain name (e.g. "https://passwords.example.com"). You should see the Bitwarden login page.
-
Click the "Create account" to create a new account. Fill in the required information and click "Sign Up" to complete the registration process.
-
After signing up, you will be redirected to the login page. Enter your email address and password to log in to your account.
-
Once logged in, you will see the Bitwarden dashboard. From here, you can add new passwords, generate secure passwords, and manage your existing passwords.
-
To add a new password, click the "Add" button in the top right corner and select "Add Item". Fill in the necessary information for the item you want to add (e.g. website, username, password) and click "Save" to add it to your password manager.
-
To generate a secure password, click the "Add" button in the top right corner and select "Generate Password". Enter the necessary information and click "Generate" to create a new secure password. You can then use this password to create a new password item or update an existing one.
Why Choose Bitwarden?
There are many options available when it comes to choosing a password manager, so why should you choose Bitwarden? Here are a few reasons:
- Security: Bitwarden uses industry-standard encryption to protect your data, and by self-hosting your own instance, you have complete control over where your data is stored and how it is managed.
- Open-source: Bitwarden is open-source, which means that the code is publicly available for anyone to review and contribute to. This adds an extra layer of transparency and security, as anyone can audit the code to ensure that it is secure.
- Cross-platform compatibility: Bitwarden is available on a wide range of platforms, including Windows, macOS, Linux, Android, and iOS. This makes it easy to access your password manager from any device.
- Customization: As we have seen in this article, self-hosting your own Bitwarden instance allows you to fully customize your password management experience. You can choose your own domain name, SSL/TLS certificate, and customize the various settings to suit your needs.
- Free: Bitwarden is completely free to use, with no hidden costs or subscription fees unless you need the premium features such as the vault health reports and priority support. The free plan offers Unlimited vault items, a password generator, secure text and file sharing and autofill.
Conclusion
In this article, we have gone through the steps to set up a self-hosted Bitwarden instance and use it to manage and secure your passwords and other sensitive data. Self-hosting your own password manager can provide you with added security and control, and Bitwarden makes it easy to get started with its open-source and customizable platform. Whether you are a individual looking to secure your personal information or a organization looking to provide password management for your employees, self-hosting Bitwarden is a reliable and effective solution.