The first person to open the URL can create an account. Register yours immediately after install, then close sign-ups (see Lock it down).
Install
Dashboard → Apps → Vaultwarden → Install:| Field | Required | Notes |
|---|---|---|
| VM | yes | Single container, ~512 MB. Fits any VM size. |
| Subdomain | no | Suggestion is vault. Reached at https://<subdomain>.suji.fr. |
| Allow new sign-ups | no | Leave Yes to register your account, then switch to No afterwards. |
| Admin panel token | no | Leave blank to keep /admin disabled (recommended). Set a strong secret to enable it. |
https://<subdomain>.suji.fr into Vaultwarden’s DOMAIN automatically, which is what makes WebAuthn / two-step login and attachments work.
Click Deploy. When the install is running, it’s live at https://vault-<random>.suji.fr over HTTPS through the tunnel.
First connection — create your account
- Open the install URL (
https://vault-<random>.suji.fr). - Click Create account and register (email + master password).
- Install a Bitwarden client (browser extension, desktop, or mobile).
- In the client, before logging in, open settings and set the Server URL (self-hosted) to your
https://vault-<random>.suji.fraddress. - Log in with the account you just created. Your vault syncs.
Lock it down
Vaultwarden ships with sign-ups open so you can create your first account. As soon as you (and anyone you intend to invite) have registered:- Go to the install detail page → Edit Install.
- Set Allow new sign-ups to No.
- Redeploy.
https://vault-<random>.suji.fr/admin, log in with that token, and send invites from there.
Two-step login (2FA)
Because Suji wires the publicDOMAIN for you, security keys (WebAuthn / FIDO2 / passkeys) and authenticator-app (TOTP) two-step login work out of the box — enable them from the web vault under Settings → Security → Two-step login.
Email-based 2FA and password-hint / invite emails need an SMTP server, which isn’t configured by default — see Email.
SMTP_* env vars yourself via Edit Install → environment variables, then redeploy.
Day-to-day management
| Want to… | Where |
|---|---|
| Manage your passwords | The web vault (https://vault-<random>.suji.fr) or any Bitwarden client |
| Invite / manage users | /admin panel (set an Admin panel token first) |
| View container logs | Dashboard → Logs (pick Vaultwarden) |
| Open a shell inside the container | Dashboard → Terminal (pick Vaultwarden) |
| Restart the app | Install detail page → Restart |
| Upgrade to a newer version | Install detail page → Upgrade (when available) |
| Remove the install + its data | Install detail page → Uninstall |
Troubleshooting
A Bitwarden client won't connect
A Bitwarden client won't connect
Set the Server URL in the client to your full
https://vault-<random>.suji.fr address before logging in — not the default Bitwarden cloud server.Security-key / passkey 2FA fails
Security-key / passkey 2FA fails
WebAuthn needs the public
DOMAIN, which Suji sets only when the install is exposed. Make sure exposure is on (it is by default) and you’re reaching the vault over its https://…suji.fr URL, not an internal address.I can't reach /admin
I can't reach /admin
The admin panel is disabled unless an Admin panel token is set. Add one via Edit Install, redeploy, then log in at
/admin with that exact value.Invite / hint emails aren't sending
Invite / hint emails aren't sending
Expected until you configure SMTP — see Email above (use port 587; 25/465 are blocked upstream).
Where things live
| What | Service | Named volume |
|---|---|---|
| Vault db, attachments, keys, config | vaultwarden | vaultwarden-data |
Recommended size
- Any size. Vaultwarden is a single lightweight container (~512 MB) and runs comfortably on the smallest VM.
- Storage grows mainly with file attachments; the password data itself is tiny.
Reporting issues
| Class | Where |
|---|---|
| Vaultwarden bug (vault, sync, admin panel) | dani-garcia/vaultwarden issues |
| Marketplace packaging bug (compose / manifest / install form) | suji-hq/suji-templates issues |
| Suji platform bug (dashboard, billing, network) | Support ticket from the dashboard |