I cannot figure out how to source the .env file

Help
1

The systemd service passes the env file to the process:
EnvironmentFile=/etc/vaultwarden.env

However the process doesn’t see the file:

Jun 16 17:50:04 gentooserver vaultwarden[2095161]: /--------------------------------------------------------------------\
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: |                        Starting Vaultwarden                        |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: |                           Version 1.21.0                           |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: |--------------------------------------------------------------------|
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: | official channels to report bugs/features, regardless of client.   |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: | Send usage/configuration questions or feature requests to:         |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: |   <censored because discourse bans hyperlinks>                            |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: | Report suspected bugs/issues in the software itself at:            |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: |   <censored because discourse bans hyperlinks>            |
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: \--------------------------------------------------------------------/
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: [INFO] No .env file found.
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: Configured for production.
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => address: 0.0.0.0
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => port: 8000
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => log: critical
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => workers: 16
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => secret key: private-cookies disabled
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => limits: forms = 32KiB
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => keep-alive: 5s
Jun 16 17:50:04 gentooserver vaultwarden[2095161]:     => tls: disabled
Jun 16 17:50:04 gentooserver vaultwarden[2095161]: Rocket has launched from http://0.0.0.0:8000

I tried symlinking the .env to the working directory:

root@gentooserver /etc # ls /var/lib/vaultwarden
data  vaultwarden  vaultwarden.env

Didn’t work.

I tried cd’ing to /etc and starting the process from bash:

/--------------------------------------------------------------------\
|                        Starting Vaultwarden                        |
|                           Version 1.21.0                           |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Send usage/configuration questions or feature requests to:         |
|   <censored because discourse bans hyperlinks>/                             |
| Report suspected bugs/issues in the software itself at:            |
|    <censored because discourse bans hyperlinks>           |
\--------------------------------------------------------------------/

[INFO] No .env file found.

Error loading config:
	`DATABASE_URL` looks like a SQLite URL, but 'sqlite' feature is not enabled

Didn’t work.

The file is in the directory:

root@gentooserver /etc # ls vaultwarden.env
vaultwarden.env

What do I do?

2

The .env file is normally located at the same path as the binary.
If using systemd i think letting it use the correct setting there should be fine. It will still show the info message, but that should not be an issue.

3

So you believe this message is spurious?

It seems like vaultwarden is ignoring settings in my .env file. For example, i have set LOG_LEVEL=info (also tried trace and debug) and LOG_FILE=/var/log/vaultwarden.log, and /var/log/vaultwarden.log does not get any log messages. Actually, the file doesn’t exist.

4

No, the message isn’t false, it checks for the file .env at the same place were the executable is located. If that is not there it will show that message.

It will also show that message even if you have export ENV=Value there or any other means of env values provided for the executable, it is docker -e or some shell script.

It will only not show if the file .env is actually right there next to the executable.

5

Ok, so if the .env file is working, why is nothing being logged? Is it a bug?

6

The very first copy/paste send to look ok. It states it has started on port 8080.

7

So if there’s not a problem, nothing gets logged? Even with “debug” verbosity?

I ask because I’m unable to get vaultwarden to work with apache proxying, so clearly something is going wrong.

8

I don’t know what you mean with not logs. I clearly see log output in your first post.

Second, within that log output it shows me that the application isn’t build with sqlite, so it’s probably a custom build, so not sure if there is anything modified in the code.

Further, please follow these wiki articles, in the hope they can help you.

9

@Gooberpatrol66 did you manage to figure this out?
I’m also struggling to understand how to make vaultwarden pick up the environment file.
Storing this file inside the container, isn’t a good idea in my book. Then it’s lost whenever the container is killed. Therefore I’d like to store it in the bt_data folder (outside the container), but how do I inform vaultwarden what I named it and where to find it?

10

No, I did not.

Jul 14 15:20:27 gentooserver vaultwarden[73424]: Configured for production.
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => address: 0.0.0.0
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => port: 8000
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => log: critical
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => workers: 16
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => secret key: private-cookies disabled
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => limits: forms = 32KiB
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => keep-alive: 5s
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => tls: disabled
Jul 14 15:20:27 gentooserver vaultwarden[73424]: Rocket has launched from http://0.0.0.0:8000

The program outputs these settings on startup, despite the fact that in the .env file, I have set the port to 8443, the log level to “info”, and have disabled Rocket.

11

The .env file doesn’t need to be used with docker, just use the -e for this. When using docker-compose put the env variables in the right section environment:

If using systemd, put the file into the correct systemd .service section.

In any other case like running it native on the system (or even within docker) make sure the .env file is placed right next to, in the exact same path as the Vaultwarden binary!

For docker you can use -v, else just place it right next to the binary in the same path!

12

Various methods are listed at

13

Does this service file look correct?

[Unit]
Description=Unofficial Bitwarden compatible server written in Rust
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target mariadb.service mysqld.service postgresql.service

[Service]
User=vaultwarden
Group=vaultwarden
Environment="WEB_VAULT_FOLDER=/usr/share/vaultwarden-web-vault/htdocs"
EnvironmentFile=/etc/vaultwarden.env
ExecStart=/usr/bin/vaultwarden

LimitNOFILE=1048576
LimitNPROC=256

PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes

RestrictNamespaces=yes

SystemCallArchitectures=native
SystemCallFilter=@system-service
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6

WorkingDirectory=/var/lib/vaultwarden
ReadWriteDirectories=/var/lib/vaultwarden
# Allow vaultwarden to bind ports in the range of 0-1024
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
14

Seems to look ok. But the .env file there has nothing to do with Vaultwarden it self. The .env in /etc should provide all environment variables to the application. Why do you think that isn’t working?
Have you checked the systemd logs?

15 
Jul 14 15:20:27 gentooserver systemd[1]: Started Unofficial Bitwarden compatible server written in Rust.
░░ Subject: A start job for unit vaultwarden.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://gentoo.org/support/
░░ 
░░ A start job for unit vaultwarden.service has finished successfully.
░░ 
░░ The job identifier is 121192.
Jul 14 15:20:27 gentooserver vaultwarden[73424]: /--------------------------------------------------------------------\
Jul 14 15:20:27 gentooserver vaultwarden[73424]: |                        Starting Vaultwarden                        |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: |                           Version 1.22.1                           |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: |--------------------------------------------------------------------|
Jul 14 15:20:27 gentooserver vaultwarden[73424]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: | official channels to report bugs/features, regardless of client.   |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: | Send usage/configuration questions or feature requests to:         |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: |   https://vaultwarden.discourse.group/                             |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: | Report suspected bugs/issues in the software itself at:            |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: |   https://github.com/dani-garcia/vaultwarden/issues/new            |
Jul 14 15:20:27 gentooserver vaultwarden[73424]: \--------------------------------------------------------------------/
Jul 14 15:20:27 gentooserver vaultwarden[73424]: [INFO] No .env file found.
Jul 14 15:20:27 gentooserver vaultwarden[73424]: Configured for production.
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => address: 0.0.0.0
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => port: 8000
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => log: critical
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => workers: 16
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => secret key: private-cookies disabled
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => limits: forms = 32KiB
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => keep-alive: 5s
Jul 14 15:20:27 gentooserver vaultwarden[73424]:     => tls: disabled
Jul 14 15:20:27 gentooserver vaultwarden[73424]: Rocket has launched from http://0.0.0.0:8000

According to this, EnvironmentFile= does not pass environment variables to a process started by systemd. centos7 - Systemd Environment and EnvironmentFile not working - Server Fault

16

WorkingDirectory=/var/lib/vaultwarden is set in the systemd service file, and there is /var/lib/vaultwarden.env symlinked to /etc/vaultwarden.env, so it should work no matter what, but it doesn’t.

17

It should be /var/lib/vaultwarden/.env notice the last / before .env.

18

My bad, I mistyped. The symlink is at /var/lib/vaultwarden/vaultwarden.env.

19

Then it is still wrong. For Vaultwarden to see the file it needs to be named .env not vaultwarden.env

20

The “No .env file found” message has gone away, but it seems like the other settings didn’t change. Whatever.