Change DB password

Hi, I’m wondering if it’s necessary to set a random password for vaultwarden sqlite db ?

On a fresh install I’m able to open the database without any credentials.

Most of the data seems to be encrypted, but some data aren’t.

And are we able to do it with an env variable ?


sqlite doesn’t support a password by default. So, that will not help.
You just needs to keep the database in a secure location.

Same btw with MariaDB/MySQL for example. If someone has access to the files, they access access the data.

Also, setting a password to the database and storing that password in an env on the same system will not be much of a security though.

Yeah, ideally you’d have a public front-end and then your back-end database would be secured and not publicly accessible.

You could use something like Docker secrets or other type of secrets management. Though honestly this is most likely overkill and if you are worried about security simply having Vaultwarden only locally accessible behind a VPN would be fine.

All data is encrypted locally client side anyways so worst case if your Bitwarden/Vaultwarden server was compromised not much lost either way.
Not an ideal day but not the worst case scenario either IMO.


Thank you both for your inputs.

New to VW and now with your informations regarding the encryption point is ok for me :+1:

Also, you could use Postgres or MariaDB/MySQL, those have a password to connect, and i think one of those support encryption at rest, but not sure if that is also available for the community versions.