--- title: "Stop Exposing Your Vault: Secure NodeWarden with Cloudflare" canonical_url: "https://techvoyage.dev/article/how-to-secure-nodewarden-at-cloudflare" last_updated: "2026-06-14T11:05:19.473Z" meta: description: "The moment your NodeWarden is exposed to the public on the Internet, it starts attracting thousands of automated bots scrapping for vulnerabilities 24/7." "og:description": "The moment your NodeWarden is exposed to the public on the Internet, it starts attracting thousands of automated bots scrapping for vulnerabilities 24/7." "og:title": "Stop Exposing Your Vault: Secure NodeWarden with Cloudflare" "twitter:description": "The moment your NodeWarden is exposed to the public on the Internet, it starts attracting thousands of automated bots scrapping for vulnerabilities 24/7." "twitter:title": "Stop Exposing Your Vault: Secure NodeWarden with Cloudflare" --- [Home](https://techvoyage.dev/) ![Step-by-step guide thumbnail for securing a NodeWarden vault with Cloudflare integration, featuring a digital safe with a padlock and a server rack protected by Cloudflare security.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/secure-nodewarden-cloudflare-integration-guide.webp) # **Stop Exposing Your Vault: Secure NodeWarden with Cloudflare** The moment your NodeWarden is exposed to the public on the Internet, it starts attracting thousands of automated bots scrapping for vulnerabilities 24/7. May 27, 2026 -8 MIN READ The moment your NodeWarden is exposed to the public on the Internet, it starts attracting thousands of automated bots scrapping for vulnerabilities 24/7. To protect your sensitive data, You need to put NodeWarden instance in the maximum lockdown possible. To secure your NodeWarden instance, you can use one of two Cloudflare features: - **Cloudflare IP Access Rules:** Allows you to block, challenge, or permit traffic based on specific IP addresses or countries. - **Cloudflare Zero Trust (Recommend):** Acts as a secure gateway that makes your NodeWarden instance completely invisible to the public, only letting authorised users through. #### Why we recommend Cloudflare Zero Trust We strongly advise using Cloudflare Zero Trust since IP Access Rules are tied to IP addresses or countries, meaning you need to manually update the your rules every time you travel or if you have a dynamic IP address. Cloudflare Zero Trust on the other hand relies on your **identity**, not your location—giving you seamless, secure access to NodeWarden. --- ## Configuration Guide Follow these steps to configure Cloudflare Zero Trust for NodeWarden. ### Phase 1: Getting Started 1. In your Cloudflare dashboard, click on 'Zero Trust' from left menu ![Cloudflare dashboard sidebar showing the Zero Trust option selected in the navigation menu.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-dashboard-zero-trust-sidebar.webp) 2. Click on 'Access controls' then click on 'Applications' ![Cloudflare Zero Trust navigation menu with Access controls section expanded.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-zero-trust-access-controls-menu.webp) 3. You may be asked to 'Choose a plan'. ![Cloudflare Zero Trust account setup screen prompting the user to choose a subscription plan.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-zero-trust-choose-plan-setup.webp) 4. Click on the 'Choose a plan' button and choose the 'Zero Trust Free'. ![The Zero Trust Free plan details page on Cloudflare, highlighting the Select plan button.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-zero-trust-free-plan-selection.webp) ### Phase 2: Secure Your Web Interface First, we will create an application to protect the NodeWarden web dashboard. 1. Click on 'Create new application' to create the first application ![Cloudflare Access Applications dashboard featuring the Create new application button.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-create-new-application.webp) 2. Choose the 'Self-hosted and private' ![The Add an application modal in Cloudflare Access with Self-hosted and private application type selected.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-add-self-hosted-application.webp) 3. Enter the domain name of the NodeWarden. ![Cloudflare Access application configuration screen showing the public hostname set to warden.techvoyage.dev.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-application-public-hostname.webp) 4. Click on 'Create new policy' to create a policy. ![Cloudflare Access policies page showing no policies added and a button to create a new policy.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-no-policies-create-button.webp) 5. Select 'Emails' and enter an email under 'Policy rules'. ![Cloudflare Access policy rule configuration screen with an email address specified as the inclusion criteria.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-policy-rule-email.webp) 6. Enter a name and select 'Allow' under 'Policy details'. ![Cloudflare Access policy details screen showing the policy name NodeWarden-Web and the action set to Allow.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-policy-details-allow.webp) 7. Click 'Save Policy' to create the policy. 8. Enter a name and select '1 month' under the 'Details' section. ![Final configuration summary for a Cloudflare Access application named NodeWarden-Web with a one-month session duration.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-application-final-details.webp) 9. Click on 'Create' to create the application. 10. **Test it:** Open the domain on the web browser, you will see the 'Cloudflare Access' asking for email. ![A preview of the Cloudflare Access login screen for NodeWarden-Web, prompting for an email address.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-login-screen-preview.webp) ### Phase 3: Allow BitWarden Clients Syncing (API Bypass) The desktop and mobile BitWarden apps cannot process Cloudflare's email login screen, we need to create a second application that allows traffic to bypass the login screen specifically for API syncing. 1. Go back to Applications and click **Create new application**, choosing **Self-hosted and private** again. 2. Enter the 'api/_', 'identity/_', 'notifications/_', and 'icons/_' in the Destinations. ![Configuring multiple public hostnames for API bypass in Cloudflare Access, including api, identity, notifications, and icons paths.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-api-bypass-destinations.webp) 3. Click on 'Create new policy' to create a policy. ![Cloudflare Access policies page showing no policies added and a button to create a new policy.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-no-policies-create-button.webp) 4. Select 'Everyone' under 'Policy rules'. ![Cloudflare Access policy rule configuration with Everyone selected to allow broad access for specific paths.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-policy-rule-everyone.webp) 5. Enter a name and select 'Bypass' under 'Policy details'. ![Cloudflare Access policy details for NodeWarden-API with the action set to Bypass.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-policy-details-bypass.webp) 6. Click 'Save Policy' to create the policy. 7. Enter a name and select '1 month' for 'Session Duration'. ![Final configuration screen for the NodeWarden-API application in Cloudflare Access.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-api-application-final-details.webp) 8. You should have 2 applications created. ![The Cloudflare Access applications dashboard showing both the Web and API applications successfully created.](https://inimages.techvoyage.dev/articles/How%20to%20secure%20NodeWarden%20at%20Cloudflare/cloudflare-access-applications-list-final.webp) ## Final thought Just remember that Cloudflare is your outer shield. To maintain a truly secure vault, ensure you are still using a strong master password, utilising Two-Factor Authentication (2FA) , and keeping your Cloudflare account secure. [Share](https://api.whatsapp.com/send?text=https%3A%2F%2Ftechvoyage.dev%2Farticle%2Fhow-to-secure-nodewarden-at-cloudflare) [Share](https://www.reddit.com/submit?url=https%3A%2F%2Ftechvoyage.dev%2Farticle%2Fhow-to-secure-nodewarden-at-cloudflare) [Share](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Ftechvoyage.dev%2Farticle%2Fhow-to-secure-nodewarden-at-cloudflare) [Share](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Ftechvoyage.dev%2Farticle%2Fhow-to-secure-nodewarden-at-cloudflare) [Share](https://x.com/intent/post?url=https%3A%2F%2Ftechvoyage.dev%2Farticle%2Fhow-to-secure-nodewarden-at-cloudflare) [**How to Self-Host a BitWarden Compatible Password Vault** Your passwords are your most critical digital property, and keeping them secure means keeping them in your own hands.](https://techvoyage.dev/article/self-hosting-nodewarden-at-cloudflare) [**Solving AI Agent Skills Fragmentation with npx skills** Running multiple AI agents like Claude Code or Kimi? Learn how to fix skills fragmentation and manage a single, centralized skills folder using npx skills CLI.](https://techvoyage.dev/article/centralised-the-skills-for-agents)