I’ve been using Vaultwarden for almost a year and I’ve never configured the admin interface. A basic two person home setup not exposed to the internet (only tailscale access for away from home).
On these forums I often see “use the admin interface” as part of the solution for various problems.
Would it be better to setup the admin interface to help resolve some future problems or does that open up additional attack surfaces? My plan is to restore the last good daily backup (frequently tested) should a big problem arise.
The admin interface is useful during issues. There is a diagnostics page which might help.
You can also manage users and orgs for example.
And configure settings.
It’s not needed perse.
Well, it’s more part of a troubleshooting process. And it also gives you the ability to change the role of an organization member (e.g. if your organization owner lost their password you could promote any other member to owner) or it allows you to delete or invite users if you have invitations disabled, remove the 2FA, etc.
It also lets you set configuration options with the highest precedence, which might be useful (but also confusing if you are not aware)
Sounds like the admin interface is all upside. I’ll try to get around to setting it up.
Thanks for the excellent information.
The admin interface does provide an additional attack vector, yes. And while a successful brute force attack seems very unlikely, you can reduce the attack surface by restricting access to the admin interface to local IP addresses if you use a reverse proxy in front of your Vaultwarden instance.
1 Like