Add the ability (if it doesn’t exist) to specify specific users in the environmental variables for the admin portal
adminSettings__admins=john@example.com
I’ve tried this variable however I could not get it to work, therefore I’m assuming the feature is not available in Vaultwarden.
Source: Admin portal users
Please read https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page
Vaultwarden works in a different way
I have it already enabled with a token.
So is there no way to further secure this page access? Whether it’s limiting the user name email or some sort of 2fa on this page? I feel like a token only is insecure or rather not enough.
It is something on the todo-list somewhere, but nobody has had a real interest into adding it.
You can always add a Basic Auth in-front of it as some proxy examples show, that is what i do my self.
Also, the configuration from Bitwarden isn’t even linked to the users in the database, it is totally separated. The reason we do not have the same is because Vaultwarden allows to be run without a mail server setup, which isn’t working for Bitwarden if you want to access the admin interface.
That is why Vaultwarden doesn’t have this mandatory.
Though, i’m still wanting to add a bit more protection to it, i just haven’t come around to start on it my self.
Is there any good guides out there on how to do something like this?
@gerardv514 Which reverse proxy are you using?
I’m using a synology nas, and using the native reverse proxy.
No idea what they use sorry.
I have been messing around with an opnsense router. I still haven’t flipped over to it yet. One of the things I was thinking about was moving the reverse proxy to that once I learned how to.
Pretty decent general guide for lots of self-hosted things.
I happen to follow the guy on YT, pretty informative. Hopefully that helps.
For admin portal - I’m using nginx as my reverse proxy and implemented Authelia as the front end which controls access and use of 2FA to access site. It didn’t take too long to do. I’d probably use traefik as my reverse proxy if I were going to do it all over again however nginx is working OK for me.