Vaultwarden

Description / name	Input element
Container Registry
Container Configuration Root Path
Timezone
User ID
Group ID
Vaultwarden Host Port
Vaultwarden /config Path

Lightweight Bitwarden-compatible password manager server — self-host your passwords, secrets, and secure notes.


Port	`80`
Registry	`ghcr.io/daemonless/vaultwarden`
Daemonless	daemonless/vaultwarden
Source	dani-garcia/vaultwarden
Website	github.com/dani-garcia/vaultwarden

Version Tags

Tag	Description	Best For
`latest`	Upstream Binary. Built from official release.	Alternative build.
`pkg`	FreeBSD Quarterly. Uses stable, tested packages.	Most users. Matches Linux Docker behavior.
`pkg-latest`	FreeBSD Latest. Rolling package updates.	Newest FreeBSD packages.

Root Privileges Required

Podman on FreeBSD currently requires root. All commands must be run as root (or via doas/sudo).

Before deploying, ensure your host environment is ready. See the Quick Start Guide for host setup instructions.

Deployment

Podman Compose AppJail Director Podman CLI Ansible

services:
  vaultwarden:
    image: "ghcr.io/daemonless/vaultwarden:latest"
    container_name: vaultwarden
    environment:
      - PUID=1000  # User ID for the application process
      - PGID=1000  # Group ID for the application process
      - TZ=UTC  # Timezone for the container
      - SIGNUPS_ALLOWED=true  # Enable/disable user registration (true/false)
    volumes:
      - "/path/to/containers/vaultwarden:/config"
    ports:
      - "80:80"
    restart: unless-stopped

DIRECTOR_PROJECT=vaultwarden
PUID=1000
PGID=1000
TZ=UTC
SIGNUPS_ALLOWED=true

options:
  - virtualnet: ':<random> default'
  - nat:
services:
  vaultwarden:
    name: vaultwarden
    options:
      - container: 'boot args:--pull'
    oci:
      user: root
      environment:
        - PUID: !ENV '${PUID}'
        - PGID: !ENV '${PGID}'
        - TZ: !ENV '${TZ}'
        - SIGNUPS_ALLOWED: !ENV '${SIGNUPS_ALLOWED}'
    volumes:
      - VAULTWARDEN_CONFIG_PATH: /config
volumes:
  VAULTWARDEN_CONFIG_PATH:
    device: '/path/to/containers/vaultwarden'

ARG tag=latest

OPTION overwrite=force
OPTION from=ghcr.io/daemonless/vaultwarden:${tag}

podman run -d --name vaultwarden \
  -p 80:80 \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=UTC \
  -e SIGNUPS_ALLOWED=true \
  -v /path/to/containers/vaultwarden:/config \
  ghcr.io/daemonless/vaultwarden:latest

- name: Deploy vaultwarden
  containers.podman.podman_container:
    name: vaultwarden
    image: "ghcr.io/daemonless/vaultwarden:latest"
    state: started
    restart_policy: always
    env:
      PUID: "1000"
      PGID: "1000"
      TZ: "UTC"
      SIGNUPS_ALLOWED: "true"
    ports:
      - "80:80"
    volumes:
      - "/path/to/containers/vaultwarden:/config"

Interactive Configuration

Parameters

Environment Variables

Variable	Default	Description
`PUID`	`1000`	User ID for the application process
`PGID`	`1000`	Group ID for the application process
`TZ`	`UTC`	Timezone for the container
`SIGNUPS_ALLOWED`	`true`	Enable/disable user registration (true/false)

Volumes

Path	Description
`/config`	Data directory (database, attachments, icons)

Ports

Port	Protocol	Description
`80`	TCP	Web UI

Implementation Details

Architectures: amd64
User: bsd (UID/GID set via PUID/PGID). Defaults to 1000:1000.
Base: Built on ghcr.io/daemonless/base (FreeBSD 15.0).

Need help? Join our Discord community.