Vaultwarden based on TrueNAS / FreeBSD

Introduction

We have many passwords. Unfortunately, we can't remember them all, so what do we do? We take the same one everywhere.

To put it briefly: This is bad!

However, password managers help to ensure that each service has its own good password. These generate and store all the passwords that are required for our everyday services. Unfortunately, many password managers only run locally (e.g. KeppassXC) and are therefore not available on a cell phone, for example, or are stored in a cloud whose administration and access (possibly by third parties) cannot be controlled or simply costs money every month. Also, passwords for shared services cannot be shared, e.g. with family members, colleagues or customers.

Screenshot Webgui

A nice project offers exactly that:

  • Store passwords locally on your own server/NAS,
  • access from cell phone, PC & Co and
  • with the possibility to share accesses.

Vaultwarden is a free open source offshoot of Bitwarden, the main commercial project. The mature Apps and Browser Extensions from Bitwarden are compatible to Vaultwarden and can be used 1:1.

The BSDBox is my IT playground. Professional services around network, server and structure building I offer with my company computing-competence. If you find this content valuable and useful, please send me feedback via matrix, email, follow me on Mastodon.

Goals

The goal of this tutorial is the operation of a VaultWarden server based on TrueNAS/FreeBSD with SQLite as database. PostgreSQL is only needed if many people want to access the service. To be able to use Vaultwarden also publicly, further measures are needed, which are treated separately from the 2nd part.

TrueNAS also known as FreeNAS, is a free operating system for Network Attached Storage (NAS). A NAS is an easy-to-manage file server that you can install on your own hardware, unlike Synology or QNAP. TrueNAS can not only serve files: Since it is based on FreeBSD, other services can be operated very easily, leanly and securely with so-called JAILS. FreeBSD does not care if one or 100 jails are running at the same time; only the services running in them are relevant.