Hi everyone,
I’m self-hosting Vaultwarden using Docker and exposing it securely through a Cloudflare Tunnel (Zero Trust, no public IP). This is a small, family-only instance and I don’t have an SMTP server configured.
What I want to achieve is a strict invite-only registration flow, where:
- As an admin (through the admin panel), I manually invite users by email
- Only those invited users should be able to click “Create Account” and register
- No one else should be able to sign up, even if they visit
/#/register
directly - I don’t want to enable
SIGNUPS_ALLOWED=true
just for a short window, because it allows anyone to register during that time
I’ve already set SIGNUPS_ALLOWED=false
and INVITATIONS_ALLOWED=true
both in my Docker Compose file and in the admin panel. But with no SMTP server configured, users don’t receive an invite email, and there doesn’t seem to be a way to enforce that only invited users can register, they either can’t register at all, or everyone can.
Is there a proper way to make this work without needing email? Ideally, I’d like Vaultwarden to allow only those users that I explicitly invite (as admin) to be able to create an account, without needing to expose general sign-up to the public.
Thanks in advance for your help!