How to Self-Host Bitwarden Password Manager on Raspberry Pi Zero

Abraham Smith

Many users create or use simple passwords when registering online for a service or product because they are easy to remember. Some users use complex passwords but store login information in the web browser, which is not recommended or secure. Instead of using a web browser to manage your passwords, Bitwarden lets you create a self-hosted modern password manager with Multi-Factor Authentication (MFA), backups, SSL certificate, remote access, and enhanced security.


things you need

You can set up a Bitwarden server on an old laptop, PC or Raspberry Pi 3, 4 or 400. However, in this guide we show how to host Bitwarden and use the password manager on a Raspberry Pi Zero 2 W works well since it is small and runs on low power and resources. You will need the following items:

  • Raspberry Pi Zero 2W
  • MicroSD card
  • card reader
  • Windows, Mac or Linux PC
  • Wireless LAN (Wi-Fi)

Step 1: Install Raspberry Pi OS Lite (64-bit)

Insert the microSD card into the card reader and connect it to your computer system. Then follow these steps to write the 64-bit lite version of Raspberry Pi OS on it.

  1. Download, install and launch the Raspberry Pi Imager tool on your system.
  2. click Choose operating system > Raspberry Pi OS (Other) > Raspberry Pi OS Lite (64-bit).

  3. Click the gear icon and enable SSH.

  4. Enter the details such as username and passwordWireless Internet access SSID and Password, to configure the Wi-Fi connection. For more information, see our guide to installing an operating system on a Raspberry Pi.
  5. After writing the operating system to the card, eject it and plug it into your Raspberry Pi Zero.

Step 2: Connect via SSH

Since we have SSH enabled at the time of writing the operating system, we can connect to your Raspberry Pi via SSH using the Terminal app on macOS or Linux and PuTTY on Windows. In order to connect to the Pi, we need to know the IP of the Raspberry Pi. You can use the Fing app on your smartphone or check your router’s DHCP settings to find the IP.

If you are using the Terminal app on macOS or Linux, run the following command:

ssh username@RaspberryPiIP

For example:

ssh pi@192.168.0.160

Enter your password and press the To return/Enter Key.

If you use PuTTY instead:

  1. Enter the IP address of the Raspberry Pi with port 22 and click Open.
  2. When prompted with “Login as:”, enter the username and press Enter.
  3. Enter the password and press Enter.

You will be successfully logged into the Pi via SSH. If not, check the network connection, your username and password.

Run the following command to upgrade and update software packages. This may take a while.

sudo apt update && sudo apt upgrade -y

Step 3: Install Docker

To install Docker on Raspberry Pi, run the following command in the SSH terminal window.

curl -sSL https:

This will run a script and install Docker on your Raspberry Pi. Check the installed Docker version with the following command.

docker version

Next, we allow our default pi user to access this Docker installation. The command is as follows:

sudo usermod -aG docker pi

Once this is done, reboot the Raspberry Pi with the sudo restart command, and then continue with the steps given below to install Portainer.

Step 4: Install Portainer

Although you can manage Docker containers from the command line, Portainer provides an easy-to-use GUI interface for deploying and managing our Docker containers on Raspberry Pi. To install Portainer, run the following command in the SSH terminal window.

sudo docker pull portainer/portainer-ce:latest

In order to run Portainer, we need to create a new Docker container on port 9000.

sudo docker run -d -p 9000:9000 --restart=always --name=portainer -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

When done, open the web browser and visit the Raspberry Pi’s IP address on port 9000 to open and access the Portainer container:

http://[RaspberryPi-IP-Address]:9000

Enter the desired username and password to create a Portainer user account and log in.

Step 5: Install and set up Bitwarden RS (Vaultwarden).

After you’ve signed up for Portainer, follow these steps to deploy and set up a self-hosted BitWarden server on Raspberry Pi.

  1. Click on volume > add volume.
  2. Enter the name and click Create the volume Button. We named the volume BitWardenServer.
  3. click container > Add container. Enter the information in the following fields:
    • Surname: BitWarden (You can call it anything)
    • Picture: vaultwarden/server:latest

    click Publish a new network port. In which host field type 8080, and in the Container field type 80as shown in the picture below.

  4. Scroll down and click volumes > Allocate additional volume under the Advanced container settings Section. Type /Data in which Container field and select it BitwardenServer Volume we created in previous steps.
  5. Click on Restart policy under the Advanced container settings section and select Always.
  6. click Deploy the container under the Actions Section. After a few minutes this should appear BitWarden Server we just deployed healthy.
  7. You can now look up the Raspberry Pi’s IP address on port 8080. This will open the Bitwarden web UI.

Step 6: Set up a Cloudflare tunnel

In order to access and use Bitwarden, you need to set up a reverse proxy. You can deploy and use Nginx Proxy Manager to add and set up a proxy host. However, we will take a completely different approach and instead use the Cloudflare tunnel service to remotely access Bitwarden from anywhere using a secure SSL connection.

To set it up, you must have a registered domain. Add your domain to Cloudflare, then follow these steps to install and set up the Cloudflare tunnel.

  1. In the Terminal or PuTTY SSH connection, run the following commands. 
    sudo wget https:
    sudo cp ./cloudflared /usr/local/bin
    sudo chmod +x /usr/local/bin/cloudflared
    cloudflared v
    cloudflared tunnel login
  2. Copy the displayed URL into the output and open the URL in a web browser. Sign in to Cloudflare and authorize the added domain.
  3. Now we can create a secure tunnel. We name it bitguard. 
    cloudflared tunnel create bitwarden
  4. Copy the Tunnel ID and JSON file path from the output and paste them into an editor on your system. Keep this information safe and confidential. Then run the following command to create a configuration file. 
    sudo nano ~/.cloudflared/config.yml
  5. In the nano editor, paste the following code. Be sure to replace those Tunnel: value and Credentials file: Away with your own. 
    tunnel: a2efc6dg1-2c75f8-b529d3ee
    credentials-file: /home/pi/.cloudflared/a2efc6dg1-2c75f8-b529d3ee.json
    ingress:
    - hostname: bitwarden.YourDomain.com
    service: http:
    - service: http_status:404
  6. Press Ctrl+Xthen Y and press the Enter Key.
  7. Create a DNS route to access the Bitwarden self-hosted server. 
    cloudflared tunnel route DNS bitwarden bitwarden.YourDomain.com
  8. Finally, run through the tunnel. 
    cloudflared tunnel run bitwarden
  9. You can visit now https://bitwarden.yourdomain.com to access the Bitwarden server.

Step 7: Login and create user

You can now access your self-hosted Bitwarden server from anywhere in the world using the hostname you set up in the Cloudflare tunnel. Activate the admin panel to manage the users and vaults in your Bitwarden server.

You can also create multiple accounts of your friends and family to allow them to store their passwords encrypted in their Bitwarden vaults, generate passwords, etc. Make sure you enable 2-factor authentication for more security.

After creating the account, you or users can login to Bitwarden and import their passwords from the web browser (.csv) into their Bitwarden accounts or vaults to protect the passwords. For more information on how to use it, see the Bitwarden documentation. In addition, you can self-host Bitwarden with Google Cloud (almost) for free.

DIY password manager with complete privacy

How to deploy a secure, self-hosted Bitwarden server on a Raspberry Pi Zero 2W. The steps are the same as described in this guide if you want to set up a Bitwarden server on Raspberry Pi 3 or Raspberry Pi 4/400.

After deploying the Bitwarden server, you can install the Bitwarden extension in the web browser or in the app on your Android or iOS device to create and manage passwords. Because we use Cloudflare Tunnel, we don’t expose our public IP, making it more secure than other methods. Your passwords and credentials stay safe, secure and private in your Bitwarden vaults.

Leave a Reply

Your email address will not be published. Required fields are marked *