No description

Rust 84.5%
Handlebars 8.6%
TypeScript 3.3%
RenderScript 0.8%
JavaScript 0.8%
Other 2%

Find a file

StefanSA 030adb03e0 All checks were successful ci / rust-checks (push) Successful in 2m46s Details validate-publish-surface / validate-publish-surface (push) Successful in 4s Details docs: update repository links to Forgejo		2026-06-24 12:18:43 +02:00
.forgejo/workflows	ci: make buildx cache replacement atomic	2026-06-24 10:34:47 +02:00
docker	Update docker/dockerfile Docker tag to v1.25	2026-06-21 16:47:11 +00:00
docs	docs: update repository links to Forgejo	2026-06-24 12:18:43 +02:00
macros	chore(deps): update safe rc1 dependency batch	2026-06-22 14:55:35 +02:00
migrations	feat(send): add email verification schema foundation	2026-06-16 09:34:43 +02:00
playwright	Fix migration for MariaDB 12.2.2	2026-06-01 12:32:03 +02:00
resources	Update README (#5153 )	2024-11-02 22:20:10 +01:00
src	feat(mail): finish account mail hardening	2026-06-24 10:50:06 +02:00
tools	Misc Updates (#7027 )	2026-03-29 22:21:39 +02:00
.dockerignore	build: improve Docker build cache reuse	2026-06-05 22:05:48 +02:00
.editorconfig	Misc changes.	2021-03-30 21:45:10 +02:00
.env.template	docs(security): document external tls requirement	2026-06-18 08:56:16 +02:00
.gitattributes	Update Rust, Crates, GHA and fix a DNS issue (#7108 )	2026-04-18 15:03:41 +02:00
.gitignore	chore: remove local governance from publish surface	2026-06-23 14:45:00 +02:00
.hadolint.yaml	Container building changes (#3958 )	2023-10-23 00:18:38 +02:00
.pre-commit-config.yaml	Fix Host/IP resolving (#7162 )	2026-04-29 22:20:59 +02:00
.typos.toml	Fix Host/IP resolving (#7162 )	2026-04-29 22:20:59 +02:00
build.rs	feat(mail): add AWS SES transport support	2026-06-05 09:39:58 +02:00
Cargo.lock	Lock file maintenance	2026-06-21 14:42:42 +00:00
Cargo.toml	chore(deps): update diesel	2026-06-22 20:52:55 +02:00
CHANGELOG.md	docs: prepare v1.36.1 release	2026-06-24 11:01:13 +02:00
diesel.toml	Update Rust, Crates, GHA and fix a DNS issue (#7108 )	2026-04-18 15:03:41 +02:00
Dockerfile	Container building changes (#3958 )	2023-10-23 00:18:38 +02:00
FEATURES.md	docs(release): document send verification and 2026.5 compatibility	2026-06-17 11:15:38 +02:00
KNOWN_LIMITATIONS.md	docs(security): document external tls requirement	2026-06-18 08:56:16 +02:00
LICENSE.txt	Re-License Vaultwarden to AGPLv3	2023-01-24 20:49:11 +01:00
README.md	docs: update repository links to Forgejo	2026-06-24 12:18:43 +02:00
renovate.json	Prevent Renovate from scanning Dockerfile template	2026-06-21 18:09:11 +02:00
ROADMAP.md	docs(release): document send verification and 2026.5 compatibility	2026-06-17 11:15:38 +02:00
rust-toolchain.toml	Update Rust, Crates, GHA and fix a DNS issue (#7108 )	2026-04-18 15:03:41 +02:00
rustfmt.toml	Upd Crates, Rust, MSRV, GHA and remove Backtrace	2023-03-07 09:17:42 +01:00
SECURITY.md	chore: fix some comments (#5224 )	2024-11-25 18:35:00 +01:00

README.md

Vaultwarden-Plus

A community-maintained fork of Vaultwarden with additional operator features, mail integrations, and client-compatibility improvements for self-hosted deployments.

Vaultwarden-Plus stays compatible with the official Bitwarden clients ^[disclaimer] while extending upstream Vaultwarden with features aimed at self-hosting operators.

Important

When running this server, please report Vaultwarden-Plus bugs or suggestions through the Vaultwarden-Plus issue tracker. Do not use the official Bitwarden support channels, and do not report Plus-specific behaviour to the upstream Vaultwarden project.

What Vaultwarden-Plus adds

These features extend upstream Vaultwarden and are exclusive to this fork:

Send Email Verification — require recipients to verify their email address before accessing a Send.
DKIM Signing Support — sign outgoing notification mail with DKIM for better deliverability.
AWS SES Mail Transport — send notification mail through Amazon SES as an alternative to SMTP.
OpenDAL S3 Enhancements — improved S3-compatible object-storage handling for attachments and data.
2026.5 Client Compatibility Updates — keep pace with recent Bitwarden client releases.
Passkey Login (experimental) — passwordless sign-in via passkeys.
Mail Dispatch Hardening — non-critical account notifications are dispatched outside latency-sensitive request paths while critical OTP/security mails remain fail-closed.
Additional operator-focused improvements — assorted quality-of-life and deployment refinements, including CI image build cache durability.

See FEATURES.md for details, CHANGELOG.md for release notes, ROADMAP.md for what's planned, and KNOWN_LIMITATIONS.md for current caveats.

Inherited from Vaultwarden

Vaultwarden-Plus builds on Vaultwarden's nearly complete implementation of the Bitwarden Client API, including:

Personal Vault
Send
Attachments
Website icons
Personal API Key
Organizations: Collections, Password Sharing, Member Roles, Groups, Event Logs, Admin Password Reset, Directory Connector, Policies
Multi/Two Factor Authentication: Authenticator, Email, FIDO2 WebAuthn, YubiKey, Duo
Emergency Access
Admin Backend
Modified Web Vault client (bundled within the containers)

Usage

Important

The web vault requires HTTPS and a secure context for the Web Crypto API. Vaultwarden-Plus expects TLS termination to be provided by an external reverse proxy such as Traefik, Nginx, HAProxy, or similar. The container itself should listen on HTTP behind that trusted proxy.

Note

While Vaultwarden is based on the Rocket web framework, Vaultwarden-Plus does not recommend Rocket's built-in TLS for production. Rocket 0.5.1 currently pulls rustls 0.21, keeping the rustls-webpki 0.101.7 advisory path open until the Rocket TLS stack is updated. Terminate TLS at a reverse proxy and run the container over HTTP internally. See the Vaultwarden-Plus security baseline and the upstream proxy examples.

Container images

Stable Vaultwarden-Plus container images are published to the Forgejo package registry:

forgejo.sabolowitsch.org/stefansa/vaultwarden-plus:1.36.1
forgejo.sabolowitsch.org/stefansa/vaultwarden-plus:latest

Release image exports and checksums are also attached to Vaultwarden-Plus releases. Operators may use the registry image, load a release artifact, or build locally from this repository.

Upstream community-driven packages exist for Vaultwarden, but they may lag behind or deviate in configuration, and they do not include Vaultwarden-Plus features unless the package explicitly says so.

Docker / Podman CLI

Load the image and mount a host volume for persistent storage. You can replace docker with podman if you prefer.

docker load --input vaultwarden-plus-image.tar
docker run --detach --name vaultwarden \
  --env DOMAIN="https://vw.domain.tld" \
  --volume /vw-data/:/data/ \
  --restart unless-stopped \
  --publish 127.0.0.1:8000:80 \
  vaultwarden-plus:local

This preserves persistent data under /vw-data/; adapt the path to whatever suits you.

Docker Compose

Create a compose.yaml holding the configuration to run the Vaultwarden-Plus container:

services:
  vaultwarden:
    image: forgejo.sabolowitsch.org/stefansa/vaultwarden-plus:1.36.1
    container_name: vaultwarden
    restart: unless-stopped
    environment:
      DOMAIN: "https://vw.domain.tld"
    volumes:
      - ./vw-data/:/data/
    ports:
      - 127.0.0.1:8000:80

Tip

For more detailed examples on how to install, use, and configure the underlying server, see the upstream Wiki. Adapt image names and release artifacts for Vaultwarden-Plus where needed.

Relationship to upstream

Vaultwarden-Plus is a friendly downstream fork. It periodically tracks and merges changes from upstream Vaultwarden and layers the Plus features on top.

Upstream bugs — if an issue is reproducible on an unmodified Vaultwarden installation, please report it upstream.
Plus-specific issues — features, integrations, and regressions introduced by this fork belong in the Vaultwarden-Plus issue tracker.

For general Vaultwarden questions and community help, the upstream channels are excellent resources: Matrix, GitHub Discussions, and the Discourse forums.

Credits & thanks

Vaultwarden-Plus would not exist without the work of the upstream Vaultwarden project by @dani-garcia and its contributors. Enormous thanks for building and maintaining such a solid foundation — this fork stands entirely on their effort.

Contributions to Vaultwarden-Plus itself are welcome via pull requests on forgejo.sabolowitsch.org.

License

Vaultwarden-Plus is licensed under the AGPL-3.0, the same license as upstream Vaultwarden. See LICENSE.txt.

Disclaimer

This project is not associated with Bitwarden or Bitwarden, Inc., nor is it an official Vaultwarden release.

Vaultwarden-Plus is an independent, community-maintained fork. It is not endorsed by the upstream Vaultwarden maintainers.

Caution

We cannot be held liable for any data loss that may occur while using Vaultwarden-Plus. This includes passwords, attachments, and other information handled by the application. Please perform regular backups of your files and database.