---
title: vaultwarden_docker
type: docs
---

[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.vaultwarden_docker?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.vaultwarden_docker) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.vaultwarden_docker/src/branch/main/LICENSE)

Role to setup a [Vaultwarden](https://github.com/dani-garcia/vaultwarden) password safe. Vaultwarden is a community Bitwarden API server implementation written in Rust.

<!--more-->

- [Default Variables](#default-variables)
  - [vaultwarden_admin_token](#vaultwarden_admin_token)
  - [vaultwarden_authenticator_disable_time_drift](#vaultwarden_authenticator_disable_time_drift)
  - [vaultwarden_base_url](#vaultwarden_base_url)
  - [vaultwarden_cap_add](#vaultwarden_cap_add)
  - [vaultwarden_cap_drop](#vaultwarden_cap_drop)
  - [vaultwarden_container_name](#vaultwarden_container_name)
  - [vaultwarden_cpu_shares](#vaultwarden_cpu_shares)
  - [vaultwarden_db_name](#vaultwarden_db_name)
  - [vaultwarden_db_password](#vaultwarden_db_password)
  - [vaultwarden_db_port](#vaultwarden_db_port)
  - [vaultwarden_db_server](#vaultwarden_db_server)
  - [vaultwarden_db_ssl_mode](#vaultwarden_db_ssl_mode)
  - [vaultwarden_db_ssl_rootcert](#vaultwarden_db_ssl_rootcert)
  - [vaultwarden_db_user](#vaultwarden_db_user)
  - [vaultwarden_disable_2fa_remember](#vaultwarden_disable_2fa_remember)
  - [vaultwarden_disable_icon_download](#vaultwarden_disable_icon_download)
  - [vaultwarden_exposed_ports](#vaultwarden_exposed_ports)
  - [vaultwarden_extended_logging](#vaultwarden_extended_logging)
  - [vaultwarden_extra_hosts](#vaultwarden_extra_hosts)
  - [vaultwarden_healthcheck](#vaultwarden_healthcheck)
  - [vaultwarden_icon_blacklist_non_global_ips](#vaultwarden_icon_blacklist_non_global_ips)
  - [vaultwarden_icon_blacklist_regexl](#vaultwarden_icon_blacklist_regexl)
  - [vaultwarden_icon_cache_negttl](#vaultwarden_icon_cache_negttl)
  - [vaultwarden_icon_cache_ttl](#vaultwarden_icon_cache_ttl)
  - [vaultwarden_icon_download_timeout](#vaultwarden_icon_download_timeout)
  - [vaultwarden_image](#vaultwarden_image)
  - [vaultwarden_invitations_allowed](#vaultwarden_invitations_allowed)
  - [vaultwarden_ip_header](#vaultwarden_ip_header)
  - [vaultwarden_log_level](#vaultwarden_log_level)
  - [vaultwarden_memory_limit](#vaultwarden_memory_limit)
  - [vaultwarden_memory_reservation](#vaultwarden_memory_reservation)
  - [vaultwarden_networks](#vaultwarden_networks)
  - [vaultwarden_networks_applied](#vaultwarden_networks_applied)
  - [vaultwarden_org_attachment_limit](#vaultwarden_org_attachment_limit)
  - [vaultwarden_password_iterations](#vaultwarden_password_iterations)
  - [vaultwarden_pids_limit](#vaultwarden_pids_limit)
  - [vaultwarden_reload_templates](#vaultwarden_reload_templates)
  - [vaultwarden_restart_policy](#vaultwarden_restart_policy)
  - [vaultwarden_security_opt](#vaultwarden_security_opt)
  - [vaultwarden_service_directory](#vaultwarden_service_directory)
  - [vaultwarden_service_stopped](#vaultwarden_service_stopped)
  - [vaultwarden_show_password_hint](#vaultwarden_show_password_hint)
  - [vaultwarden_signups_allowed](#vaultwarden_signups_allowed)
  - [vaultwarden_signups_domains_whitelist](#vaultwarden_signups_domains_whitelist)
  - [vaultwarden_signups_verify](#vaultwarden_signups_verify)
  - [vaultwarden_signups_verify_resend_limit](#vaultwarden_signups_verify_resend_limit)
  - [vaultwarden_signups_verify_resend_time](#vaultwarden_signups_verify_resend_time)
  - [vaultwarden_smtp_auth_mechanism](#vaultwarden_smtp_auth_mechanism)
  - [vaultwarden_smtp_from](#vaultwarden_smtp_from)
  - [vaultwarden_smtp_from_name](#vaultwarden_smtp_from_name)
  - [vaultwarden_smtp_host](#vaultwarden_smtp_host)
  - [vaultwarden_smtp_password](#vaultwarden_smtp_password)
  - [vaultwarden_smtp_port](#vaultwarden_smtp_port)
  - [vaultwarden_smtp_security](#vaultwarden_smtp_security)
  - [vaultwarden_smtp_timeout](#vaultwarden_smtp_timeout)
  - [vaultwarden_smtp_username](#vaultwarden_smtp_username)
  - [vaultwarden_templates_folder](#vaultwarden_templates_folder)
  - [vaultwarden_user_attachment_limit](#vaultwarden_user_attachment_limit)
  - [vaultwarden_version](#vaultwarden_version)
  - [vaultwarden_volumes](#vaultwarden_volumes)
  - [vaultwarden_web_vault_enabled](#vaultwarden_web_vault_enabled)
  - [vaultwarden_websocket_enabled](#vaultwarden_websocket_enabled)
- [Dependencies](#dependencies)

---

## Default Variables

### vaultwarden_admin_token

#### Default value

```YAML
vaultwarden_admin_token: _unset_
```

### vaultwarden_authenticator_disable_time_drift

#### Default value

```YAML
vaultwarden_authenticator_disable_time_drift: false
```

### vaultwarden_base_url

#### Default value

```YAML
vaultwarden_base_url: http://localhost/
```

### vaultwarden_cap_add

#### Default value

```YAML
vaultwarden_cap_add: []
```

### vaultwarden_cap_drop

#### Default value

```YAML
vaultwarden_cap_drop: []
```

### vaultwarden_container_name

#### Default value

```YAML
vaultwarden_container_name: vaultwarden
```

### vaultwarden_cpu_shares

#### Default value

```YAML
vaultwarden_cpu_shares: _unset_
```

#### Example usage

```YAML
vaultwarden_cpu_shares: '1024'
```

### vaultwarden_db_name

#### Default value

```YAML
vaultwarden_db_name: vaultwarden
```

### vaultwarden_db_password

#### Default value

```YAML
vaultwarden_db_password: secure
```

### vaultwarden_db_port

#### Default value

```YAML
vaultwarden_db_port: 5432
```

### vaultwarden_db_server

This ansible roles does only support postgresql as database"

#### Default value

```YAML
vaultwarden_db_server: localhost
```

### vaultwarden_db_ssl_mode

#### Default value

```YAML
vaultwarden_db_ssl_mode: disable
```

### vaultwarden_db_ssl_rootcert

#### Default value

```YAML
vaultwarden_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
```

### vaultwarden_db_user

#### Default value

```YAML
vaultwarden_db_user: pgvaultwarden
```

### vaultwarden_disable_2fa_remember

#### Default value

```YAML
vaultwarden_disable_2fa_remember: false
```

### vaultwarden_disable_icon_download

#### Default value

```YAML
vaultwarden_disable_icon_download: false
```

### vaultwarden_exposed_ports

#### Default value

```YAML
vaultwarden_exposed_ports:
  - 127.0.0.1:8080:8080
```

#### Example usage

```YAML
vaultwarden_exposed_ports:
  - "127.0.0.1:8080:8080"
  - "127.0.0.1:3012:3012"
```

### vaultwarden_extended_logging

#### Default value

```YAML
vaultwarden_extended_logging: true
```

### vaultwarden_extra_hosts

#### Default value

```YAML
vaultwarden_extra_hosts: []
```

### vaultwarden_healthcheck

#### Default value

```YAML
vaultwarden_healthcheck:
  test: '["CMD", "/usr/local/bin/healthcheck"]'
  interval: 10s
  timeout: 3s
  retries: 3
```

### vaultwarden_icon_blacklist_non_global_ips

#### Default value

```YAML
vaultwarden_icon_blacklist_non_global_ips: true
```

### vaultwarden_icon_blacklist_regexl

#### Default value

```YAML
vaultwarden_icon_blacklist_regexl: _unset_
```

### vaultwarden_icon_cache_negttl

#### Default value

```YAML
vaultwarden_icon_cache_negttl: '{{ vaultwarden_icon_cache_ttl }}'
```

### vaultwarden_icon_cache_ttl

#### Default value

```YAML
vaultwarden_icon_cache_ttl: 2592000
```

### vaultwarden_icon_download_timeout

#### Default value

```YAML
vaultwarden_icon_download_timeout: 10
```

### vaultwarden_image

#### Default value

```YAML
vaultwarden_image: thegeeklab/vaultwarden:{{ vaultwarden_version }}
```

### vaultwarden_invitations_allowed

#### Default value

```YAML
vaultwarden_invitations_allowed: true
```

### vaultwarden_ip_header

#### Default value

```YAML
vaultwarden_ip_header: X-Forwarded-For
```

### vaultwarden_log_level

#### Default value

```YAML
vaultwarden_log_level: Info
```

### vaultwarden_memory_limit

#### Default value

```YAML
vaultwarden_memory_limit: _unset_
```

#### Example usage

```YAML
vaultwarden_memory_limit: 512m
```

### vaultwarden_memory_reservation

#### Default value

```YAML
vaultwarden_memory_reservation: _unset_
```

#### Example usage

```YAML
vaultwarden_memory_reservation: 256m
```

### vaultwarden_networks

#### Default value

```YAML
vaultwarden_networks:
  - name: default
```

#### Example usage

```YAML
vaultwarden_networks:
  - name: default
    # optional network driver, defaults to 'bride'
    driver: host
```

### vaultwarden_networks_applied

#### Default value

```YAML
vaultwarden_networks_applied:
  - default
```

### vaultwarden_org_attachment_limit

#### Default value

```YAML
vaultwarden_org_attachment_limit: 1024
```

### vaultwarden_password_iterations

#### Default value

```YAML
vaultwarden_password_iterations: 100000
```

### vaultwarden_pids_limit

#### Default value

```YAML
vaultwarden_pids_limit: _unset_
```

### vaultwarden_reload_templates

#### Default value

```YAML
vaultwarden_reload_templates: false
```

### vaultwarden_restart_policy

#### Default value

```YAML
vaultwarden_restart_policy: always
```

### vaultwarden_security_opt

#### Default value

```YAML
vaultwarden_security_opt: []
```

### vaultwarden_service_directory

#### Default value

```YAML
vaultwarden_service_directory: /var/lib/docker/services/vaultwarden
```

### vaultwarden_service_stopped

#### Default value

```YAML
vaultwarden_service_stopped: false
```

### vaultwarden_show_password_hint

#### Default value

```YAML
vaultwarden_show_password_hint: true
```

### vaultwarden_signups_allowed

#### Default value

```YAML
vaultwarden_signups_allowed: false
```

### vaultwarden_signups_domains_whitelist

#### Default value

```YAML
vaultwarden_signups_domains_whitelist: _unset_
```

### vaultwarden_signups_verify

#### Default value

```YAML
vaultwarden_signups_verify: false
```

### vaultwarden_signups_verify_resend_limit

#### Default value

```YAML
vaultwarden_signups_verify_resend_limit: 6
```

### vaultwarden_signups_verify_resend_time

#### Default value

```YAML
vaultwarden_signups_verify_resend_time: 3600
```

### vaultwarden_smtp_auth_mechanism

#### Default value

```YAML
vaultwarden_smtp_auth_mechanism: plain
```

### vaultwarden_smtp_from

#### Default value

```YAML
vaultwarden_smtp_from: vaultwarden@localhost
```

### vaultwarden_smtp_from_name

#### Default value

```YAML
vaultwarden_smtp_from_name: Vaultwarden
```

### vaultwarden_smtp_host

#### Default value

```YAML
vaultwarden_smtp_host: _unset_
```

### vaultwarden_smtp_password

#### Default value

```YAML
vaultwarden_smtp_password: _unset_
```

### vaultwarden_smtp_port

#### Default value

```YAML
vaultwarden_smtp_port: 465
```

### vaultwarden_smtp_security

#### Default value

```YAML
vaultwarden_smtp_security: force_tls
```

### vaultwarden_smtp_timeout

#### Default value

```YAML
vaultwarden_smtp_timeout: 15
```

### vaultwarden_smtp_username

#### Default value

```YAML
vaultwarden_smtp_username: _unset_
```

### vaultwarden_templates_folder

#### Default value

```YAML
vaultwarden_templates_folder: _unset_
```

### vaultwarden_user_attachment_limit

#### Default value

```YAML
vaultwarden_user_attachment_limit: 1024
```

### vaultwarden_version

#### Default value

```YAML
vaultwarden_version: latest
```

### vaultwarden_volumes

> Define required docker volumes.

#### Default value

```YAML
vaultwarden_volumes:
  - name: data
    dest: /app/data
    bind: false
```

#### Example usage

```YAML
vaultwarden_volumes:
  # Instead of the name you could specify a path on the container host system,
  # but you also have to enable bind mount for this volume
  - name: data
    # target location inside the container
    dest: /var/www/app/data
    # enable bind mount, if false volume will be configured as named volume
    # keep in mind you MUST set bind in any case
    bind: True
```

### vaultwarden_web_vault_enabled

#### Default value

```YAML
vaultwarden_web_vault_enabled: true
```

### vaultwarden_websocket_enabled

If you enable websockets you also have to expose port `3012`.

#### Default value

```YAML
vaultwarden_websocket_enabled: false
```



## Dependencies

None.