Techvoyage
Home
Thumbnail for self-hosting Bitwarden compatible server tutorial, showing a digital vault and a secure server rack.

How to Self-Host a BitWarden Compatible Password Vault

Your passwords are your most critical digital property, and keeping them secure means keeping them in your own hands.

May 25, 2026 - 8 MIN READ

Your passwords are your most critical digital property, and keeping them secure means keeping them in your own hands. By self-hosting your password manager; you take control of your own security.

BitWarden is widely regarded as one of most trusted in password management domain and its source code is made available under AGPL-3.0 licence. An unofficial BitWarden compatible server, NodeWarden, is written in Typescript and can be deployed for free on Cloudflare.

Feature Comparison with the Official BitWarden Server

CapabilityBitWardenNodeWardenNotes
Web VaultOriginal Web Vault interface
Full sync /api/syncCompatibility optimised for official clients
Attachment upload / downloadCloudflare R2 or KV
SendSupports both text and file Sends
Import / ExportSupports BitWarden JSON / CSV / ZIP import with attachments
Cloud Backup CenterScheduled backup to WebDAV / S3
Password hint (web)⚠️ LimitedNo email required
TOTP / Steam TOTPIncludes steam:// support
Multi-userInvite-based registration
Organizations / Collections / Member rolesNot implemented
Login 2FA⚠️ PartialCurrently only user-level TOTP
SSO / SCIM / Enterprise directoryNot implemented

What we need:

  1. A GitHub Account
  2. A Cloudflare Account (Free) with R2 Storage enabled.
  3. Optional: A custom domain name managed in Cloudflare.

Phase 1: Prepare the Code:

  1. Fork the NodeWarden repository from https://github.com/Tech-Voyage-Dev/nodewarden or original repository, https://github.com/shuaiplus/nodewarden in GitHub
  2. Enable the Sync Upstream Workflow

Phase 2: Deploy to Cloudflare

  1. Create a Worker Application in Cloudflare
  2. Select 'Continue with GitHub' to deploy the app.
  3. Wait a few moments for Cloudflare to build and deploy your app. It will give you a default worker.dev URL. (Optional) Add a Custom Domain: * In your Cloudflare Worker settings, go to the Settings tab.
    • Click + Add.
    • Type in your preferred domain and follow the prompts.

Phase 3: Secure Your Server (The JWT Secret)

  1. Head to the web browser and enter the custom domain name or the generated 'worker.dev' domain.
  2. You will get 'JWT_SECRET is missing'.
  3. Copy the generated secret key and head back to the Settings tab on the NodeWarden Worker, then click on '+ Add' button on 'Variables and Secrets' section.
  4. Enter the generated secret and click on the 'Deploy / Save' button.

Phase 4: Create Your Admin Account

  1. Go back to the web browser and refresh the page, you will get the following login page.
  2. Click on 'Create Account' to create the admin account.
  3. Login using the created admin account to the Dashboard.
  4. Now we have the server deployed and running. We start configuring the BitWarden clients.

Phase 5: Connect Your Devices

You can use the official BitWarden apps on all your devices.

Chrome Extension

  1. Install the BitWarden Chrome extension
  2. Open the extension.
  3. Click the link next to 'Accessing:' at the bottom of the popup.
  4. Enter the domain name of the NodeWarden server.
  5. Save the settings and log in with your account.

iOS App

  1. Install the BitWarden app from the App Store
  2. Open the app and click on 'Self-hosted' next to 'Logging in on:'
  3. Enter the domain name of the NodeWarden server and click on '✓' button.

Other Clients

NodeWarden has been tested and confirmed compatible with these official BitWarden clients:

  • ✅ Windows desktop
  • ✅ Android/iOS mobile apps
  • ✅ Browser extensions
  • ✅ Linux desktop
  • ⚠️ macOS desktop (not fully verified)

Vault Backup

NodeWarden allows you to back up your vault to a local computer or remote storage (WebDAV or S3-compatible storage).

To automate remote backups:

  • Configure the remote storage details inside the NodeWarden dashboard.
  • Make sure the Cron task is set on Cloudflare Worker settings for auto remote backup.

Final Security thoughts

  • Secure the Cloudflare account access, otherwise the data can be compromised. Enable the Two-Factor Authentication (2FA) or Passkey on your Cloudflare account immediately.
  • Host the NodeWarden on a dedicated Cloudflare account. Do not share resources with other web apps to minimise the security risks.
  • Secure NodeWarden with Cloudflare

Reference

Stop Exposing Your Vault: Secure NodeWarden with Cloudflare

The moment your NodeWarden is exposed to the public on the Internet, it starts attracting thousands of automated bots scrapping for vulnerabilities 24/7.