Bitwarden Web interface (Vault) and Bitwarden-compatible API implementation in Rust. Pulls 100M+ Overview Tags. This is a Bitwarden server API implementation written in. Jan 06, 2020 Bitwarden: shared MFA TOTP codes for Gmail accounts # security # passwords Arseny Zinchenko Jan 6, 2020 Originally published at rtfm.co.ua on Jan 6, 2020 ・3 min read. In this article, we'll look at how YAML works and use it to define first a Kubernetes Pod, and then a Kubernetes Deployment. It's difficult to escape YAML if you're doing anything related to many software fields — particularly Kubernetes, SDN, and OpenStack. YAML, which stands for Yet Another Markup Language, or YAML Ain. Self-host Pi-Hole on Kubernetes and block ads and trackers at the network level; Self-host your password manager with Bitwarden; Deploy Prometheus and Grafana to monitor a Kubernetes cluster; Introduction Now we have prepared our RaspberryPi cluster to receive Kubernetes as a self-hosting platform, it's time to start installing applications!
- Bitwarden Kubernetes
- Bitwarden Kubernetes Python
- Bitwarden Kubernetes Dashboard
- Bitwarden Kubernetes Service
- Bitwarden Kubernetes Secrets
Heard about the latest password breach (since lunch)? HaveYouBeenPowned yet (today)? Passwords are broken, and as the amount of sites for which you need to store credentials grows exponetially, so does the risk of using a common password.
'Duh, use a password manager', you say. Sure, but be aware that even password managers have security flaws.
OK, look smartass.. no software is perfect, and there will always be a risk of your credentials being exposed in ways you didn't intend. You can at least minimize the impact of such exposure by using a password manager to store unique credentials per-site. While 1Password is king of the commercial password manager, BitWarden is king of the open-source, self-hosted password manager.
Enter Bitwarden..
Bitwarden is a free and open source password management solution for individuals, teams, and business organizations. While Bitwarden does offer a paid / hosted version, the free version comes with the following (better than any other free password manager!):
- Access & install all Bitwarden apps
- Sync all of your devices, no limits!
- Store unlimited items in your vault
- Logins, secure notes, credit cards, & identities
- Two-step authentication (2FA)
- Secure password generator
- Self-host on your own server (optional)
Ingredients¶
Ingredients
Already deployed:
- Docker swarm cluster with persistent shared storage
- Traefik configured per design
- DNS entry for the hostname you intend to use (or a wildcard), pointed to your keepalived IP
Related:
- Traefik Forward Auth to secure your Traefik-exposed services with an additional layer of authentication
Preparation¶
Setup data locations¶
Bitwarden Kubernetes
We'll need to create a directory to bind-mount into our container, so create /var/data/bitwarden
:
Setup environment¶
Create /var/data/config/bitwarden/bitwarden.env
, and leave it empty for now.
Question
What, why an empty env file? Well, the container supports lots of customizations via environment variables, for things like toggling self-registration, 2FA, etc. These are too complex to go into for this recipe, but readers are recommended to review the dani-garcia/bitwarden_rs wiki, and customize their installation to suite.
Setup Docker Swarm¶
Create a docker swarm config file in docker-compose syntax (v3), something like this:
Tip
I automatically and instantly share (with my sponsors) a private 'premix' git repository, which includes necessary docker-compose and env files for all published recipes. This means that sponsors can launch any recipe with just a git pull
and a docker stack deploy
👍.
🚀 Update: Premix now includes an ansible playbook, so that sponsors can deploy an entire stack + recipes, with a single ansible command! (more here)
Note
Note the clever use of two Traefik frontends to expose the notifications hub on port 3012. Thanks @gkoerk!
Serving¶
Launch Bitwarden stack¶
Launch the Bitwarden stack by running docker stack deploy bitwarden -c
Bitwarden Kubernetes Python
Browse to your new instance at https://YOUR-FQDN, and create a new user account and master password (Just click the **Create Account* button without filling in your email address or master password*)
Get the apps / extensions¶
Once you've created your account, jump over to https://bitwarden.com/#download and download the apps for your mobile and browser, and start adding your logins!
Chef's notes 📓¶
You'll notice we're not using the official container images (all 6 of them required!), but rather a more lightweight version ideal for self-hosting. All of the elements are contained within a single container, and SQLite is used for the database backend. ↩
As mentioned above, readers should refer to the dani-garcia/bitwarden_rs wiki for details on customizing the behaviour of Bitwarden. ↩
The inclusion of Bitwarden was due to the efforts of @gkoerk in our Discord server- Thanks Gerry! ↩
Tip your waiter (sponsor) 👏¶
Did you receive excellent service? Want to make your waiter happy? (..and support development of current and future recipes!) Sponsor me on Github / Patreon, or see the contribute page for more (free or paid) ways to say thank you! 👏
Flirt with waiter (subscribe) 💌¶
Bitwarden Kubernetes Dashboard
Bitwarden is a free and open source password management solution for individuals, teams, and business organizations. While Bitwarden does offer a paid / hosted version, the free version comes with the following (better than any other free password manager!):
- Access & install all Bitwarden apps
- Sync all of your devices, no limits!
- Store unlimited items in your vault
- Logins, secure notes, credit cards, & identities
- Two-step authentication (2FA)
- Secure password generator
- Self-host on your own server (optional)
Ingredients¶
Ingredients
Already deployed:
- Docker swarm cluster with persistent shared storage
- Traefik configured per design
- DNS entry for the hostname you intend to use (or a wildcard), pointed to your keepalived IP
Related:
- Traefik Forward Auth to secure your Traefik-exposed services with an additional layer of authentication
Preparation¶
Setup data locations¶
Bitwarden Kubernetes
We'll need to create a directory to bind-mount into our container, so create /var/data/bitwarden
:
Setup environment¶
Create /var/data/config/bitwarden/bitwarden.env
, and leave it empty for now.
Question
What, why an empty env file? Well, the container supports lots of customizations via environment variables, for things like toggling self-registration, 2FA, etc. These are too complex to go into for this recipe, but readers are recommended to review the dani-garcia/bitwarden_rs wiki, and customize their installation to suite.
Setup Docker Swarm¶
Create a docker swarm config file in docker-compose syntax (v3), something like this:
Tip
I automatically and instantly share (with my sponsors) a private 'premix' git repository, which includes necessary docker-compose and env files for all published recipes. This means that sponsors can launch any recipe with just a git pull
and a docker stack deploy
👍.
🚀 Update: Premix now includes an ansible playbook, so that sponsors can deploy an entire stack + recipes, with a single ansible command! (more here)
Note
Note the clever use of two Traefik frontends to expose the notifications hub on port 3012. Thanks @gkoerk!
Serving¶
Launch Bitwarden stack¶
Launch the Bitwarden stack by running docker stack deploy bitwarden -c
Bitwarden Kubernetes Python
Browse to your new instance at https://YOUR-FQDN, and create a new user account and master password (Just click the **Create Account* button without filling in your email address or master password*)
Get the apps / extensions¶
Once you've created your account, jump over to https://bitwarden.com/#download and download the apps for your mobile and browser, and start adding your logins!
Chef's notes 📓¶
You'll notice we're not using the official container images (all 6 of them required!), but rather a more lightweight version ideal for self-hosting. All of the elements are contained within a single container, and SQLite is used for the database backend. ↩
As mentioned above, readers should refer to the dani-garcia/bitwarden_rs wiki for details on customizing the behaviour of Bitwarden. ↩
The inclusion of Bitwarden was due to the efforts of @gkoerk in our Discord server- Thanks Gerry! ↩
Tip your waiter (sponsor) 👏¶
Did you receive excellent service? Want to make your waiter happy? (..and support development of current and future recipes!) Sponsor me on Github / Patreon, or see the contribute page for more (free or paid) ways to say thank you! 👏
Flirt with waiter (subscribe) 💌¶
Bitwarden Kubernetes Dashboard
Want to know now when this recipe gets updated, or when future recipes are added? Subscribe to the RSS feed, or leave your email address below, and we'll keep you updated. (*double-opt-in, no monkey business, no spam)