The Bitwarden unified self-hosted deployment is an excellent local password manager. In this post, I will explain the difference between Bitwarden unified and Bitwarden standard, outline the installation of Bitwarden unified, and show you how to configure your new local password manager.

Why a local password manager?

Password managers are a great way to strengthen password security and automate the use of strong passwords across systems. In the age of cloud-based services, it might seem like a step backward to self-host a local password manager. However, cloud-based password managers can be a target for hackers, as seen in the recent hack of LastPass and the resulting concern over compromised passwords.

The most significant advantage is the total control of your environment, including the security of your password database. You own all the infrastructure, network configuration, data, encryption, etc. Online password managers have thousands of tenants that share the infrastructure. You are drastically reducing the attack surface of your password manager solution by self-hosting the password manager database.

Bitwarden unified vs. Bitwarden standard

The Bitwarden unified deployment is a new simplified option that significantly reduces the infrastructure required to deploy your password server. Before the unified deployment, the only option was what Bitwarden referred to as the standard deployment, which required 11 containers to run the self-hosted installation.

Bitwarden unified deployment architecture

Bitwarden unified deployment architecture

The new unified deployment requires a single container and provides flexibility in the database. Whereas the standard deployment only supports Microsoft SQL Server, the new unified deployment supports Microsoft SQL Server, MySQL, and PostgreSQL.

While the Bitwarden unified deployment is in beta, and they still recommend using the standard deployment for production installations, it shows the direction of simplifying and diversifying the underlying infrastructure.

Install Bitwarden unified

Due to the simplified, unified installation, you can spin up a new Bitwarden local password manager in minutes. There are only a few things required for Bitwarden unified:

  • Request a hosting installation ID and key
  • Create and configure a settings.env file
  • Create a local folder

Request a hosting installation ID and key

Even though Bitwarden is open-source, you still need to request an installation ID and key using the admin email you used when signing up for a Bitwarden account. However, it is a simple process. To generate the ID and key, visit this site.

Generating a new Bitwarden self hosting ID and key

Generating a new Bitwarden self hosting ID and key

Create and configure a settings.env file

Another thing you need to do is create a settings.env file to be used to provision the Bitwarden Unified Docker container. The file contains many environment variables to configure the Bitwarden Docker container environment.

You can find an example on the official Bitwarden GitHub page for the self-hosted project.

Create a local folder

You also need to create a specific folder for the local volume mount of the Bitwarden Unified container data. This folder is a local folder on your Linux volume. However, it will be mounted as a volume inside your Docker container. Here, we created a bitwarden folder on the local disk of the Docker host.

Create a folder to house the Docker volume mount for Bitwarden

Create a folder to house the Docker volume mount for Bitwarden

Create the Bitwarden unified container

Finally, we need to create the container after the configuration is in place. We can do that with the following command:

docker run -d --name bitwarden -v ./bwdata/:/etc/bitwarden -p 80:8080 --env-file settings.env bitwarden/self-host:beta

You will want to make sure the container port chosen to forward is free and not in conflict with another container on the host.

Pulling down and running the Bitwarden unified container in Docker

Pulling down and running the Bitwarden unified container in Docker

After issuing the command to run the Docker container, we can verify it is up and running and that the port is forwarded using the docker ps command.

Verifying the Bitwarden Docker container with docker ps

Verifying the Bitwarden Docker container with docker ps

We should now be able to browse to the Bitwarden unified self-hosted Docker container and log in with the expected credentials.

Browsing to the Bitwarden unified self hosted installation

Browsing to the Bitwarden unified self hosted installation

Wrapping up

The Bitwarden unified installation is a straightforward process of requesting an ID and key, creating the settings.env file, creating a folder for local storage, and pulling down the Bitwarden unified container.

Subscribe to 4sysops newsletter!

As many may be concerned about cloud-hosted password solutions, Bitwarden unified offers a great local password manager. The new installation process is even easier than the standard installation process, as it requires only one versus multiple containers.

avataravatar
1 Comment
  1. Bud 5 months ago

    It would be swell to integrate this into our online software, especially if we could limit passwords to be only very long random strings which cannot be over-ridden by user with own preferred (therefore likely insecure) passwords. Since the passwords would be of use only on our site for our application, this would not impose an inconvenience on users while assuring their passwords are tough to bust.

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account