Clarifying Signup Behavior with SIGNUPS_ALLOWED=false and Invite-Only Setup

Hi everyone,

I’m self-hosting Vaultwarden using Docker and exposing it securely through a Cloudflare Tunnel (Zero Trust, no public IP). This is a small, family-only instance and I don’t have an SMTP server configured.

What I want to achieve is a strict invite-only registration flow, where:

  • As an admin (through the admin panel), I manually invite users by email
  • Only those invited users should be able to click “Create Account” and register
  • No one else should be able to sign up, even if they visit /#/register directly
  • I don’t want to enable SIGNUPS_ALLOWED=true just for a short window, because it allows anyone to register during that time

I’ve already set SIGNUPS_ALLOWED=false and INVITATIONS_ALLOWED=true both in my Docker Compose file and in the admin panel. But with no SMTP server configured, users don’t receive an invite email, and there doesn’t seem to be a way to enforce that only invited users can register, they either can’t register at all, or everyone can.

Is there a proper way to make this work without needing email? Ideally, I’d like Vaultwarden to allow only those users that I explicitly invite (as admin) to be able to create an account, without needing to expose general sign-up to the public.

Thanks in advance for your help!