Installing Vaultwarden on TrueNAS Community Edition 2025

[0:00]Secure passwords are a must in today's world online. Bitwarden makes this amazingly simple and Bitwarden is a great service if you choose to pay for it. However, some people prefer to host their own passwords on their own server. In that case, you want to use Vault Warden. It is the self-hosted version of Bit Warden that you can run on True Nas or through Dockage and we are going to show both installs right now. In order to install Vault Warden, we first have to have some data sets for all the data to live on safely. So I'm going to go over to my data sets, go to my config tab and I'm going to add a data set here called Vault Warden. I'm going to use the apps preset and hit save. I am now going to add two more data sets underneath Vault Warden. The first is going to be for the config, again with apps permission. The next is going to be for the database. I'm just going to call this DB and I'm going to leave the permissions generic because we're going to overwrite them anyway. Here are my two data sets that I've created. Now let's go over to apps and let's go to Discover apps and let's search for Vault Warden. Here it is. Let's click it and click install. The first thing I have to do is set two passwords. I have to set a database password and an admin token. Next, we're going to scroll down here until we get to the certificate ID. You're going to want to go ahead and click the down box and click True NAS default certificate. Scrolling all the way down, I need to go to the storage configuration and change both of these to host path. When setting the host path for the post grass data storage for my vault warden instance, I always want to make sure I check the automatic permissions checkbox here, otherwise this will not work. I'm not going to change anything else. I'm going to hit install. Now this container is up and running on True NAS, but if you want to do this through Dockage, I'll show you how to do that right now. Let's jump over to the wiki and we can jump over to the Vault Warden page. Here we're going to want to click the Docker compose tab and just copy this whole compose into Dockage. Start a new compose stack, call it Vault Warden. Paste all of this over here on the right. You can go ahead and change the port if you want or change the domain if you have an external domain pointing to your vault warden example. And here is where you're going to want to uncomment out the section for the admin token and go ahead and set a secure password for the admin token. After that, go ahead and hit deploy. Now that our Vault Warden container is up and running, let's go ahead and go to the web UI. Here, we're going to want to create a new account. Type in an email address and your name. Create a new extremely secure master password. Do not use a master password hint, it'll open up risks for you being hacked. You can go ahead and check your password for a data breach because I know I used a weak password. I'm not going to do that. Now I'm logged into the dashboard. I can import data if I have previous Bit Warden data. I can install the browser extension if I'd like, or I can go ahead and just start creating new items in my vault. You'll notice this looks just like the regular version of Bit Warden because it basically is. The only difference is now this is running on my local machine. When I go ahead and log out, all I have to do is enter my email address again and enter my master password, and I'm right back to where I started. Now we need to go ahead and disable something in the admin panel to make sure nobody else can get to our instance. Let's go ahead and close this window and go back to True NAS. Back on True NAS, I'm going to want to go ahead and hit the admin portal. Here, I'm going to enter the password that I set up. I want to go to general settings and I want to scroll down until I see allow new signups. After I've signed up and created my account, I do not want anyone to come into this instance behind me and use it to create an account for them, so I'm going to change this off of the default true. Scroll all the way to the bottom and hit save. Hit okay. Now that that's done, I don't need this admin portal to be open anymore and I don't want it to be able to be logged in from even with somebody. Now this is done, I want to turn off the admin portal so nobody else can log in here and change any other settings. I'm going to go ahead and close the panel. I'm going to go back to Vault Warden, I'm going to edit it and I'm going to remove the admin token here. I'm going to scroll all the way to the bottom and click update. Now this is deployed again, you'll see the admin portal button has gone away. Let's test this to make sure that that's the case. I'm going to click my web UI and I'm going to come over here and change this to admin. You'll notice the admin portal is still available. Even though I don't have the button for it in the UI, it is not totally been taken down, and because I've signed in before on this machine, it automatically took me in here. This is extremely unsafe. So now we have to go in and actually manually turn off the admin portal. Going back to True NAS, let's go to our shell. Now we want to CD into our config file. Let's open our config.json, and we're going to scroll all the way down here until we see admin token. And you see here mine was just set to change me, very insecure. Let's go ahead and remove this completely. Then I'm going to hit Control X, Y and then enter. Now that that's changed, I'm going to go back to my apps and I'm going to restart the Vault Warden container. Let's go back to the web UI now and make sure this is fully off. You'll notice here it now says the admin panel is disabled. Please configure the admin token variable to enable it. Now this panel has been completely taken down. Please be aware of this, as if you make your Bit Warden instance public, which you probably will so you can reach it from your phone or other places. Other people can't log into it and gets your admin panel just because you remove the admin token. It's a false sense of security that removing the token in True NAS actually turns the panel off. That's not the case. To get Vault Warden working in your browser, you're going to look for the normal Bit Warden extension. Now I see Bitwarden Password Manager. I'm going to click Bitwarden, I'm going to click add to Firefox. Now I have a new extension for Bit Warden here. I'm going to go ahead and log in. Down here where it says accessing bitwarden.com, I want to change this to self-hosted. I'm going to type in my server URL and hit save. Now I can go ahead and enter my email, hit continue, and enter my master password. And now I'm logged in and I can see my vault. You'll notice that I use my local IP address. The best practice for something like Vault Warden is either to use this with tail scale so I don't have to expose this to the entire world, or to use something like a cloud flare tunnel, which is why it's very important to disable the admin panel. That's it for this video. I hope you guys are using secure passwords and if you are, please comment below and let me know if you're using something else besides Bit Warden or Vault Warden to keep your passwords safe. Please like and subscribe. If you want to have a discussion with us, please jump on our Discord server and if you want to thank me personally, please buy me a coffee.