Deploy Vaultwarden
Alternative, self-hosted implementation of the Bitwarden password manager.
vaultwarden
Just deployed
/data
Deploy and Host Vaultwarden on Railway
Vaultwarden is a lightweight, self-hosted alternative implementation of the Bitwarden password manager server, written in Rust. It is fully compatible with all official Bitwarden clients — browser extensions, desktop apps, and mobile apps — while being far less resource-intensive than the official server.
About Hosting Vaultwarden
Vaultwarden implements the full Bitwarden Server API as a single Rust binary served via Docker. This Railway template deploys the official image with a persistent volume at /data for storing the encrypted vault database, attachments, and configuration. The admin panel is protected by a token set at deploy time. Railway handles HTTPS at the platform level — set DOMAIN to your Railway public URL (or custom domain) so Vaultwarden can generate correct URLs for client sync, attachments, and the admin panel. The first user to register becomes the vault owner; you can disable further registrations via the admin panel after your initial setup.
Common Use Cases
- Personal password manager — self-host a fully encrypted password vault compatible with all official Bitwarden clients on desktop, mobile, and browser, with complete control over where your credentials are stored
- Family or team vault — use Vaultwarden's organisations support to share credential collections across multiple users with role-based access, without paying Bitwarden's per-seat subscription pricing
- Secure file and secret sharing — use the Send feature to share encrypted text snippets or files with expiry dates and access limits, and store sensitive file attachments alongside vault entries
Dependencies for Vaultwarden Hosting
- Vaultwarden Docker image — used directly by this template
- Persistent volume mounted at
/data— stores the SQLite vault database, attachments, icons cache, and RSA keys; required for data to survive redeploys
Deployment Dependencies
- Vaultwarden GitHub repository
- Official Bitwarden clients — use these to connect to your Vaultwarden instance after deployment
Implementation Details
The template pre-configures the following environment variables:
DOMAIN=https://${{RAILWAY_PUBLIC_DOMAIN}} # Must match the public URL — required for client sync and attachment URLs
ADMIN_TOKEN= # Bcrypt-hashed or plain token for accessing /admin panel; leave empty to disable admin panel
ROCKET_PORT=${{PORT}} # Internal port; wired to Railway's PORT variable automatically
PORT=${{PORT}} # Railway-injected port
Admin panel — accessible at https://your-domain/admin. Set ADMIN_TOKEN to a strong secret to enable it. From the admin panel you can disable user registration, manage users, configure SMTP for email verification, and review instance settings. If you leave ADMIN_TOKEN empty, the admin panel is disabled entirely.
Connecting Bitwarden clients — in any official Bitwarden client, look for a "Self-hosted environment" or "Server URL" option during login and enter your Railway public domain (e.g. https://your-app.up.railway.app). All official clients — browser extensions, desktop apps (Windows, macOS, Linux), and mobile apps (iOS, Android) — are supported.
Disabling registration after setup — once you've created your account(s), disable open registration from the admin panel (/admin → General Settings → Allow new signups) to prevent unauthorised users from creating vaults on your instance.
Why Deploy Vaultwarden on Railway?
Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.
By deploying Vaultwarden on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.
Template Content
vaultwarden
vaultwarden/server:latest
