Skip to content
Klutch.sh Docs

Deploying a Vaultwarden App

Introduction

Vaultwarden is a lightweight Bitwarden-compatible server built in Rust. This guide shows how to containerize Vaultwarden with a Dockerfile, secure it with environment variables, persist your vault data, and deploy it to Klutch.sh over HTTP.

Prerequisites

  • GitHub repository containing your Dockerfile.
  • Klutch.sh project ready in klutch.sh/app.
  • Plan for admin token management and TLS termination at the edge.

Project structure

.
└── Dockerfile

Sample Dockerfile

FROM vaultwarden/server:latest


# Default HTTP port
ENV ROCKET_PORT=80
EXPOSE 80

Required environment variables

  • DOMAIN – public URL, e.g., https://example-app.klutch.sh
  • ADMIN_TOKEN – strong token for the admin panel
  • ROCKET_PORT=80 – internal port
  • SIGNUPS_ALLOWED=false – restrict open registration
  • INVITATIONS_ALLOWED=true – allow invites while signups are closed
  • WEB_VAULT_ENABLED=true
  • LOG_LEVEL=info

Persistence

Vaultwarden stores data locally by default (SQLite plus attachments):

  • Mount path: /data
  • Size: match expected vault size and file attachments

Networking

  • Protocol: HTTP
  • Internal port: 80
  • Users reach https://example-app.klutch.sh while Klutch.sh routes to port 80 inside the container.
Terminal window
curl -I http://localhost:80

Deployment on Klutch.sh

  1. Push your Dockerfile to GitHub.
  2. In klutch.sh/app, create a new app and select GitHub as the source.
  3. Klutch.sh automatically detects the Dockerfile in the repository root.
  4. Select HTTP traffic and set the internal port to 80.
  5. Add environment variables for DOMAIN, ADMIN_TOKEN, and your signup policy (SIGNUPS_ALLOWED, INVITATIONS_ALLOWED). Mark secrets as sensitive.
  6. Attach a persistent volume at /data sized for vault data and attachments.
  7. Deploy. Sign in via the public URL and use the admin token to configure your instance.

Verification

  • UI: open https://example-app.klutch.sh and confirm the login page loads.
  • Admin: visit https://example-app.klutch.sh/admin and authenticate with your admin token.

Next steps

  • Enable 2FA and enforce strong master passwords.
  • Schedule backups of the /data volume.
  • Rotate the ADMIN_TOKEN periodically and keep it in a secure secret manager.