Edge
Vaultwarden logo

For Vaultwarden

Vaultwarden on Edge,
Bitwarden you control

Self-host the Bitwarden-compatible password manager on a tiny VM. Use the official apps, get every Enterprise feature for free, keep your vault on your infrastructure.

Start your trial Read the deploy guide

# docker-compose.yml — Vaultwarden

services:

vaultwarden:

image: vaultwarden/server:latest

environment:

DOMAIN: https://vault.example.com

SIGNUPS_ALLOWED: false

ADMIN_TOKEN: ...

volumes:

- ./vw-data:/data

# Front it with the CDN (auto-SSL)

$ edge cdn create vault.example.com \

--origin https://<vm-ip>

✓ Live, ~$5/month for a family vault

Why people self-host Vaultwarden

All of Bitwarden's features, none of the per-seat upgrades.

Bitwarden-compatible

Use the official Bitwarden mobile, desktop and browser clients pointed at your Vaultwarden server. Same UX, your server.

Rust on a tiny VM

Vaultwarden is a single Rust binary with a tiny memory footprint. The smallest Edge VM is overkill for almost any team.

Family / org sharing without paywalls

Bitwarden's Family and Organization features cost extra in their cloud. Vaultwarden makes them all available, free, on your server.

SSO and 2FA included

OIDC SSO, TOTP, Yubikey, Duo, FIDO2 — all built in. No paid Enterprise tier to upgrade to.

Encrypted attachments to S3

Configure Vaultwarden's attachment storage to point at Edge Storage. Encrypted-at-rest in your bucket, served via signed URLs.

Behind the CDN with auto-SSL

Edge CDN handles SSL automatically and adds DDoS protection. Bitwarden client traffic falls through to your Vaultwarden VM.

Reference architecture

How Vaultwarden maps to Edge

A tiny Vaultwarden VM, attachments in S3, CDN out front. The most cost-effective password infrastructure you'll ever run.

Compute

Vaultwarden (Rust) on a tiny VM, SQLite or external Postgres

Storage

S3-compatible bucket for encrypted attachments

CDN

Auto-SSL and DDoS protection in front of the Vaultwarden VM

DNS

Anycast DNS for `vault.example.com`

Indicative cost

A 25-person team vault

Bitwarden Enterprise (25 seats) ~$150/mo
1Password Business (25 seats) ~$200/mo
Edge (1 tiny VM) ~$5/mo

Common questions

How does this compare to Bitwarden Cloud?

Same clients, your server. Vaultwarden ships every Bitwarden feature including the ones gated behind paid Bitwarden tiers (organisations, families, SSO, hardware keys), all free.

Is it really safe to self-host a password manager?

Yes — vaults are end-to-end encrypted client-side before they ever reach the server. Even if someone got your VM's database, they'd see opaque encrypted blobs. Your master password never leaves your device.

Will the official Bitwarden apps work?

Yes. Mobile, desktop and browser apps all let you set a custom server URL. Point them at `https://vault.example.com` and you're done.

How do I back it up?

Snapshot the SQLite database (or `pg_dump` if you use Postgres) to Edge Storage on a schedule. Both files are tiny — backups can run every hour without breaking a sweat.

By Stack

Other stacks on Edge

View all stacks →
Ollama logo

Ollama

Run open LLMs on your own GPUs
vLLM logo

vLLM

Production-grade LLM serving
llama.cpp logo

llama.cpp

Quantised LLM inference, CPU or GPU
ComfyUI logo

ComfyUI

Node-based Stable Diffusion on GPU VMs

Stand up your vault

30-day trial. A family or team vault on a $5 VM.

Start your trial Talk to an engineer