Argon2 Admin Token not working

I have the exact same setup. And that works great.
Could you post the startup logs? So the Vaultwarden version info etc… and few lines after that?

Either use docker logs vaultwarden or maybe even better, use docker compose up, without the -d

Here is stated, that I’d not use argon 2

vaultwarden    | [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.
vaultwarden    | Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`.
vaultwarden    | See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
vaultwarden    | 
vaultwarden    | [2023-04-13 16:18:37.591][vaultwarden::api::notifications][INFO] Starting WebSockets server on 0.0.0.0:3012
vaultwarden    | [2023-04-13 16:18:37.595][start][INFO] Rocket has launched from http://0.0.0.0:80
vaultwarden    | [2023-04-13 16:18:44.674][vaultwarden::api::notifications][INFO] Accepting WS connection from <...>
vaultwarden    | [2023-04-13 16:18:44.722][request][INFO] GET /api/accounts/revision-date
vaultwarden    | [2023-04-13 16:18:44.725][response][INFO] (revision_date) GET /api/accounts/revision-date => 200 OK
vaultwarden    | [2023-04-13 16:18:44.754][request][INFO] POST /identity/connect/token
vaultwarden    | [2023-04-13 16:18:44.759][response][INFO] (login) POST /identity/connect/token => 200 OK
vaultwarden    | [2023-04-13 16:18:44.865][request][INFO] GET /api/sync?excludeDomains=true
vaultwarden    | [2023-04-13 16:18:44.884][response][INFO] (sync) GET /api/sync?<data..> => 200 OK
04/13/2023 10:08:03 AM
/--------------------------------------------------------------------\
04/13/2023 10:08:03 AM
|                        Starting Vaultwarden                        |
04/13/2023 10:08:03 AM
|                           Version 1.28.1                           |
04/13/2023 10:08:03 AM
|--------------------------------------------------------------------|
04/13/2023 10:08:03 AM
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
04/13/2023 10:08:03 AM
| official channels to report bugs/features, regardless of client.   |
04/13/2023 10:08:03 AM
| Send usage/configuration questions or feature requests to:         |
04/13/2023 10:08:03 AM
|   https://github.com/dani-garcia/vaultwarden/discussions or        |
04/13/2023 10:08:03 AM
|   https://vaultwarden.discourse.group/                             |
04/13/2023 10:08:03 AM
| Report suspected bugs/issues in the software itself at:            |
04/13/2023 10:08:03 AM
|   https://github.com/dani-garcia/vaultwarden/issues/new            |
04/13/2023 10:08:03 AM
\--------------------------------------------------------------------/
04/13/2023 10:08:03 AM
04/13/2023 10:08:03 AM
[NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.
04/13/2023 10:08:03 AM
Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`.
04/13/2023 10:08:03 AM
See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
04/13/2023 10:08:03 AM
04/13/2023 10:08:03 AM
[2023-04-13 17:08:03.613][vaultwarden::api::notifications][INFO] Starting WebSockets server on 0.0.0.0:3012
04/13/2023 10:08:03 AM
[2023-04-13 17:08:03.618][start][INFO] Rocket has launched from http://0.0.0.0:8089
04/13/2023 10:08:03 AM
[2023-04-13 17:08:03.652][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.10.254:53314
04/13/2023 10:08:03 AM
[2023-04-13 17:08:03.652][vaultwarden::api::notifications][INFO] Accepting WS connection from 192.168.10.254:53306

What happens if you remove the quotes around the variable in the .env file?

Happy to report back that this solved the issue! Error has been resolved and encoded admin password is working in the login prompt as expected. Thank you for the help!

Strange. What version of docker and docker compose are you using?

As a newb, I’ve been following this thread to figure out what the best practice is to update to argon2. I use docker-compose and have updated to 1.28.1. I’ve also generated an argon2 admin hashed password.

It’s not clear to me if I’m supposed to manually change the config.json or delete it or ignore it. It seems like changing the config.json is one way to update the admin password to argon2. But is it preferable to ignore the current config.json and change the yaml file to recreate the config.json?

It is entirely possible the above makes no sense simply because I’m in over my head and have missed the context of this thread so far. :slight_smile: But i would still appreciate any help.

@DiscoC Changing the config.json manually is rarely the recommended approach. I think it would be better to just update the value in the /admin page directly if you use that configuration method.

You can just insert the value (inside the sinqle quotes ') that is generated by vaultwarden hash in the admin token field like so:

Personally, I prefer setting everything via environment variables and therefore I don’t use the admin page for configuration.

Edit: The wiki also says that using “The config.json file is NOT the recommended way to configure your settings!

1 Like

Thanks, @stefan0xC . My hurdle has been differentiating between ways to set environment variables, e.g. .env file, docker-compose.yaml, command line, admin page, config.json. I guess choice is good.

I think that either the .yaml file or an .env file is preferable. But i don’t see the relative benefits of one of these over the other. It seems like the .env file is duplicative to the .yaml file.

Docker compose as detailed in compose file version: "3.7"
Docker version 20.10.12
docker-compose version 1.25.0

Thanks for everyone’s help. I successfully changed my admin token to Argon2. For future newb’s who find this thread, here is the process that worked for me.

(My environment variables are in a docker-compose.yml file.)

Deleted the existing config.json file that was created by my prior changes from the admin panel.

Use docker hash function to create an admin token of the form:
$argon2id$v=19$m=65540,t=3,p=4$deleted$deleted

Edit to escape the $ by making them $$

$$argon2id$$v=19$$m=65540,t=3,p=$$deleted$$deleted

Edited docker-compose.yml to change the plain text token to the edited hashed token.

docker-compose down
docker-compose pull
docker-compose up -d

Verify the admin panel by logging in.

Having the same issue here… any help? I’d appreciate it.

(when removing single quotes)

I’m on the latest docker version of Vaultwarden (image: vaultwarden/server:latest)
NOTE: I have no config.json file (removed it)

In my compose, I have this to connect the ENV file which is in the same folder as the compose file, is this correct?

env_file:
  -  vaultwarden.env

NOTE when using single quotes in ENV file), I get:

NOTE: I have no config.json file (removed it)