Install Bitwarden on a Raspberry Pi: A Complete DIY Guide for a Self‑Hosted Password Manager
If you’ve ever stared at a sticky note full of passwords and thought “there’s got to be a better way,” you’re not alone. I spent a rainy Saturday hunting down a lost Wi‑Fi key, only to realize my own notes were a mess. That moment pushed me to try a self‑hosted password vault on my Raspberry Pi. The result? A tidy, secure vault that lives right in my homelab, and a story worth sharing.
Why Bitwarden and Raspberry Pi Make a Good Pair
Bitwarden is an open‑source password manager that works on phones, browsers, and desktops. It stores everything in an encrypted vault, so you never have to write passwords down again. Running it on a Raspberry Pi gives you full control over the data, no third‑party cloud, and a low‑power device that fits on any shelf.
What You’ll Need
- A Raspberry Pi 3, 4, or 5 with at least 2 GB RAM
- Micro‑SD card (16 GB or larger) with Raspberry Pi OS installed
- Power supply and network connection (wired is easier)
- A domain name (optional, but handy for remote access)
- Docker and Docker‑Compose (we’ll install these)
If you already have a Pi humming in your lab, you’re ready to go.
Step 1: Prepare the Pi
Update the OS
Open a terminal on the Pi or SSH into it, then run:
sudo apt update && sudo apt upgrade -y
This pulls the latest security patches. A clean system makes the rest smoother.
Install Docker
Docker is a lightweight container engine that lets us run Bitwarden without worrying about dependencies.
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
Add your user to the Docker group so you don’t need sudo for every command:
sudo usermod -aG docker $USER
newgrp docker
Install Docker‑Compose
Docker‑Compose lets us define multiple containers in a single file.
sudo apt install -y python3-pip
pip3 install --user docker-compose
Make sure the binary is in your PATH:
export PATH=$PATH:~/.local/bin
You can add that line to ~/.bashrc to keep it permanent.
Step 2: Grab the Bitwarden Docker Image
Bitwarden offers an official Docker image called bitwardenrs/server (now called vaultwarden). It’s a lightweight fork that works great on a Pi.
Create a folder for the project:
mkdir -p ~/bitwarden
cd ~/bitwarden
Create a docker-compose.yml file with this content:
version: '3'
services:
bitwarden:
image: vaultwarden/server:latest
container_name: bitwarden
restart: unless-stopped
ports:
- "8080:80"
volumes:
- ./vw-data:/data
environment:
- WEBSOCKET_ENABLED=true
- SIGNUPS_ALLOWED=true
Explanation:
- image – pulls the latest Bitwarden server image.
- ports – maps the Pi’s port 8080 to the container’s port 80. You can change 8080 to any free port.
- volumes – stores data in
vw-dataon the Pi, so your vault survives restarts. - environment – enables WebSocket for real‑time sync and allows new sign‑ups (turn off later if you want a closed vault).
Step 3: Fire Up the Container
Run:
docker-compose up -d
Docker will download the image (about 150 MB) and start the service. After a minute, open a browser on any device and go to:
http://<pi-ip-address>:8080
You should see the Bitwarden welcome screen. If you’re using a domain name, point a DNS A record to your Pi’s public IP and add a reverse proxy later for HTTPS. For now, the local address works fine.
Step 4: Secure Your Setup
Create an Admin Token
Bitwarden’s admin panel is useful for managing users and seeing logs. Generate a token:
docker exec -it bitwarden /usr/local/bin/vaultwarden admin create
Copy the token and store it somewhere safe. Then enable the admin UI by adding this line to the environment section in docker-compose.yml:
- ADMIN_TOKEN=YOUR_TOKEN_HERE
Restart the container:
docker-compose down && docker-compose up -d
Now you can visit http://<pi-ip>:8080/admin and log in with the token.
Add HTTPS with a Reverse Proxy (Optional but Recommended)
Running plain HTTP is fine on a trusted home network, but if you plan to reach the vault from outside, HTTPS is a must. I like using Caddy because it auto‑gets Let’s Encrypt certificates.
Install Caddy:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo apt-key add -
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
Create /etc/caddy/Caddyfile:
yourdomain.com {
reverse_proxy localhost:8080
}
Reload Caddy:
sudo systemctl reload caddy
Caddy will fetch a TLS certificate automatically. Now you can reach Bitwarden at https://yourdomain.com.
Step 5: Set Up Your First Account
Open the Bitwarden web UI (or the mobile app) and click Create Account. Use a strong master password – this is the only secret you need to remember. The app will sync your vault over the internet, but the data stays encrypted on your Pi.
I like to enable two‑factor authentication (2FA) right away. Go to Settings → Two‑step Login and scan the QR code with an authenticator app. It adds an extra layer of safety, especially if you expose the service to the internet.
Step 6: Keep It Running Smoothly
Back Up Your Vault
Even though the data lives on the SD card, it’s wise to back it up regularly. The vault is stored in ~/bitwarden/vw-data. You can copy it to an external drive or a cloud bucket:
rsync -avh ~/bitwarden/vw-data /mnt/backup/bitwarden
Schedule the command with cron for daily backups.
Update the Image
Bitwarden releases security patches often. To pull the latest version:
docker-compose pull
docker-compose up -d
Do this once a month, or whenever you hear about a critical fix.
A Few Lessons Learned
- Power supply matters. A cheap charger caused my Pi to reboot randomly, which interrupted the vault. I switched to an official Raspberry Pi power supply and the problem vanished.
- SD card wear. The vault writes a lot of small files. I use a high‑endurance card (A1 rating) and rotate it every year.
- Network isolation. I keep the Pi on a separate VLAN from my IoT devices. It reduces the chance of a compromised smart plug reaching my password vault.
Wrap‑Up
Installing Bitwarden on a Raspberry Pi is a satisfying weekend project that pays off every time you log in without hunting for notes. You get the convenience of a modern password manager, the peace of mind that only you control the data, and a neat addition to your homelab. Give it a try, tweak the setup to your liking, and enjoy the feeling of finally having a single, secure place for all your passwords.
- → Create a Raspberry Pi-Based Smart Plant Care System in a Weekend @piprojectshub
- → How to Build a Voice‑Controlled Smart Light Switch with Raspberry Pi for Under $30 @techdiyhub
- → How to Build a Smart Automatic Feeder for Your Dog Using a Raspberry Pi @petfeederpro
- → How to Build a Raspberry Pi-Powered Smart Home Hub from Scratch @techcraftinsights
- → How to Build a Smart Home Hub with a Raspberry Pi for Under $50 @techandtinker