Admin page restrictions

Hi folks,
first post as member of this nice community :slight_smile:

I am running my Vaultwarden instance in a docker container hosted by my synology NAS (still DSM 6.x.x). I was asking myself if there is a way (either through the mechanism of vaultwarden itself or other procedures…) restrict the access to the admin page? I know I am able to set a decent password for the admin access, but to have it more secure while sharing the vault to different people in my family, I would love to restrict the access to admin-users (me :wink: ).

Happy to hear about your experience!


I am not sure I understand: you would like to share it with some trusted people? Or making sure that you are the only one who can use it?

There is no account bound to the admin panel, so there is only one token (that you would need to share with the other admins).

The only restriction I can think of would be IP-based (on the proxy).

Or, some reverse proxies, like nginx, allow to set an extra basic auth credentials for specific url endpoints. That is something you could look at.

Thanks for your input on that.
To point that out quickly: Vault is used by a number of shared users in family.
Admin page access should be restricted to me as admin only!

As I mentioned I am running the container on docker onto Synology NAS, in NATed network, so I use the reverse proxy functionality from synology to have access to vaultwarden itself.
Not quite familiar with reverse proxy deep dive so do you have any tipps how to configurate this for my desired case?

So I assume, that you are aware on how to set the Admin-Token? Because if you set it, only the one who knows said Token will be able to access the admin page.

If you are looking for additional protection (e.g. only specific IPs), than you most likely would want to use a reverse proxy

Yes, I am aware on how to set token for Admin-Page!
Just need some information how to protect the admin-page and have this available to be accessed only from my endpoint/ip or something like this…

As @bokkabonga already mentioned, if you are the only one in possession of the admin token, then only you can access it.
If you want any further protection on top of that, you need to check with the reverse proxy software you use on how to limit that specific url path /admin to only your IP, or even add an extra basic auth login too it.

Those are the options, nothing more nothing less.