Home Assistant Community Add-on: Bitwarden RS

Hi, indeed I use nearly all of them personally except for Radarr. So I should update them regularly (as it was one of the basis of creating my repo, + adding local mount options to some addons), and if I miss something you can just create an “issue” in github (or send me a message) and I’ll do so.

1 Like

Thank you for this. I was able to get your version up and running quickly and maintained shares. Steps I followed:

3.1 add my repository into hassio (explanation here ) (same)
3.2 install the updated bitwarden (same)
3.3 Stop old Bitwarden instance and disable watchdog
3.4 ssh into HA (I have root) and issue these commands:
3.4.1 cd cd /usr/share/hassio/
3.4.2 cp -R cd -R addons/data/[old_instance]/* addons/data[new_instance]
3.5 Start @alexbelgium’s new instance of Bitwarden

2 Likes

Bitwarden_RS Add-on has been updated now have

1.18.0

Also iOS app is working again with latest iOS Version and the AUTO-Fill option for passwords!

@frenck great job !!!

1 Like

With the news about lastpass crippling their free option, I think I’ll be looking into installing this add-on. Hartelijk dank Frenck!

2 Likes

Hi
could somebody explain to me how to backup bitwarden files?
I am using HomeAssistant as a virtual machine on a debian based system and I could not find where bitwarden stores its files.

Also the backup option under /admin says it backs up data succesfully but I do not know where they are stored

there is an user here who says that files are under “/mnt/data/supervisor/addons/data/a0d7b954_bitwarden/”

but the /mnt/ folder is empty when I login in to hassio via WinScp

thank you

Try /usr/share/hassio/addons/data/

Another option is to make a snapshot of just bitwarden addon, without encryption. That should give you the files too.

unfortunately I have no hassio directory under /usr/share
making a snapshot of just bitwarden is certainly an idea, periodically exporting from bitwarden itself is another idea

but ideally I would have wanted an automated process which would periodically copy bitwarden data on a USB drive attached to the server I am running HA on…

anyway, even if I could find the path that bitwarden is storing its files, I still would not know how to setup this automated process (i.e. is there an addon for such a thing?)

There is an addon that automatically saves your snapshots to google drive. It is very handy and makes it easy to recover if your server ever dies or want to try new hardware.

sabeechen/hassio-google-drive-backup: Automatically create and sync Hass.io snapshots into Google Drive (github.com)

thank you, I will give it a try

I’m using this add-on to backup Home Assistant to my NAS:

1 Like

I’m having issues when trying to install this addon where it states that libcrypto.so.1.1 cannot be found. I’ve not done anything exciting outside of the standard install and all my other addons work fine.

Am I missing something?

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 
curl: error while loading shared libraries: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: cannot read file data: Input/output error
[13:01:54] ERROR: Something went wrong contacting the API
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
Log level is set to DEBUG
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] nginx.sh: executing... 
[cont-init.d] nginx.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
openssl: error while loading shared libraries: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: cannot read file data: Input/output error
[cont-finish.d] executing container finish scripts...
[cont-finish.d] 99-message.sh: executing... 
[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.

Hello,

It’s possible to disable admin portal for public IPs?

Thanks

Where does one configure SMTP for this add-on?

[2021-05-10 15:08:50.659][vaultwarden::api::core::organizations][ERROR] SMTP is not configured.

Check the docs :wink:

Search for the “Bitwarden (Vaultwarden)” add-on in the Supervisor add-on store and install it.
Start the “Bitwarden (Vaultwarden)” add-on.
Check the logs of the “Bitwarden (Vaultwarden)” add-on to see if everything went well and to get the admin token/password.
Click the “OPEN WEB UI” button to open Vaultwarden.
Add /admin to the URL to access the admin panel, e.g., http://hassio.local:7277/admin. Log in using the admin token you got in step 3.
The admin/token in the logs is only shown until it is saved or changed. Hit save in the admin panel to use the randomly generated password or change it to one of your choosing.
Be sure to store your admin token somewhere safe.

Has anyone gotten this working with NPM and Cloud Flare? Just returning a server not found error, whereas this was previously working fine with duckdns

Hi @frenck great add-on, me and my friends use it often. As a pentester I have some concerns on how this add-on is implemented. There doesn’t seem to be any form of rate limiting on 2FA, which means the 2FA code could be bruteforced within 30 seconds, which gives 2FA a false sense of security. Basically it doesn’t really matter if you turn on 2FA or not.

Hopefully you (as an experienced programmer) have an idea how to make 2FA safe again.

Please let me know if you require any information, I’m Dutch so we could discuss in Dutch privately.

1 Like

I think Frenck mainly packages these addons, for this kind of change the maintainers of Vaultwarden ( GitHub - dani-garcia/vaultwarden: Unofficial Bitwarden compatible server written in Rust, formerly kno ) should be contacted. And yeah, this is a very good topic, never tried multiple codes myself, hadn’t realized this issue existed.

1 Like

Sent them a mail. They expect that admins use something like fail2ban. But are looking into implementing at least some basic rate limiting in the future. So I have some hopes that there will be something of a solution in the future.

2 Likes

Hi,

is it possible to run vaultwarden, especially the browser extensions and the android app, without portforwarding via a wireguard vpn tunnel?

2 Likes

Hi All,

In case someone is having trouble setting up SMTP with Gmail account here are the steps to do it:

  1. Create an App Password in your Google account (instructions)
  2. Setup Bitwarden SMTP:
  3. Send a test mail to make sure it is configured OK

Now you can enable Email 2FA Settings so users can receive tokens in their email. Also notifications for new logins will work etc.

2 Likes