- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
- Ten sed command examples - Wed, Aug 23 2023
Why a local password manager?
Password managers are a great way to strengthen password security and automate the use of strong passwords across systems. In the age of cloud-based services, it might seem like a step backward to self-host a local password manager. However, cloud-based password managers can be a target for hackers, as seen in the recent hack of LastPass and the resulting concern over compromised passwords.
The most significant advantage is the total control of your environment, including the security of your password database. You own all the infrastructure, network configuration, data, encryption, etc. Online password managers have thousands of tenants that share the infrastructure. You are drastically reducing the attack surface of your password manager solution by self-hosting the password manager database.
Bitwarden unified vs. Bitwarden standard
The Bitwarden unified deployment is a new simplified option that significantly reduces the infrastructure required to deploy your password server. Before the unified deployment, the only option was what Bitwarden referred to as the standard deployment, which required 11 containers to run the self-hosted installation.
Bitwarden unified deployment architecture
The new unified deployment requires a single container and provides flexibility in the database. Whereas the standard deployment only supports Microsoft SQL Server, the new unified deployment supports Microsoft SQL Server, MySQL, and PostgreSQL.
While the Bitwarden unified deployment is in beta, and they still recommend using the standard deployment for production installations, it shows the direction of simplifying and diversifying the underlying infrastructure.
Install Bitwarden unified
Due to the simplified, unified installation, you can spin up a new Bitwarden local password manager in minutes. There are only a few things required for Bitwarden unified:
- Request a hosting installation ID and key
- Create and configure a settings.env file
- Create a local folder
Request a hosting installation ID and key
Even though Bitwarden is open-source, you still need to request an installation ID and key using the admin email you used when signing up for a Bitwarden account. However, it is a simple process. To generate the ID and key, visit this site.
Generating a new Bitwarden self hosting ID and key
Create and configure a settings.env file
Another thing you need to do is create a settings.env file to be used to provision the Bitwarden Unified Docker container. The file contains many environment variables to configure the Bitwarden Docker container environment.
You can find an example on the official Bitwarden GitHub page for the self-hosted project.
Create a local folder
You also need to create a specific folder for the local volume mount of the Bitwarden Unified container data. This folder is a local folder on your Linux volume. However, it will be mounted as a volume inside your Docker container. Here, we created a bitwarden folder on the local disk of the Docker host.
Create a folder to house the Docker volume mount for Bitwarden
Create the Bitwarden unified container
Finally, we need to create the container after the configuration is in place. We can do that with the following command:
docker run -d --name bitwarden -v ./bwdata/:/etc/bitwarden -p 80:8080 --env-file settings.env bitwarden/self-host:beta
You will want to make sure the container port chosen to forward is free and not in conflict with another container on the host.
Pulling down and running the Bitwarden unified container in Docker
After issuing the command to run the Docker container, we can verify it is up and running and that the port is forwarded using the docker ps command.
Verifying the Bitwarden Docker container with docker ps
We should now be able to browse to the Bitwarden unified self-hosted Docker container and log in with the expected credentials.
Browsing to the Bitwarden unified self hosted installation
Wrapping up
The Bitwarden unified installation is a straightforward process of requesting an ID and key, creating the settings.env file, creating a folder for local storage, and pulling down the Bitwarden unified container.
Subscribe to 4sysops newsletter!
As many may be concerned about cloud-hosted password solutions, Bitwarden unified offers a great local password manager. The new installation process is even easier than the standard installation process, as it requires only one versus multiple containers.
It would be swell to integrate this into our online software, especially if we could limit passwords to be only very long random strings which cannot be over-ridden by user with own preferred (therefore likely insecure) passwords. Since the passwords would be of use only on our site for our application, this would not impose an inconvenience on users while assuring their passwords are tough to bust.