Page:
Enabling Yubikey OTP authentication
Pages
Audits
Backing up your vault
Building binary
Building your own docker image
Caddy 2.x with Cloudflare DNS
Changing persistent data location
Changing the API request size limit
Changing the number of workers
Configuration overview
Customize Vaultwarden CSS
Deployment examples
Differences from the upstream API implementation
Disable admin token
Disable invitations
Disable registration of new users
Disabling or overriding the Vault interface hosting
Docker Traefik ModSecurity Setup
Enable admin page
Enabling HTTPS
Enabling Mobile Client push notification
Enabling U2F (and FIDO2 WebAuthn) authentication
Enabling U2F authentication
Enabling WebSocket notifications
Enabling Yubikey OTP authentication
Enabling admin page secure the admin_token
Enabling admin page
FAQs
Fail2Ban Setup
General (not docker)
Hardening Guide
Home
Importing data from Keepass or KeepassX
Kubernetes deployment
Logging
Logrotate example
Migrating from MariaDB (MySQL) to SQLite
Other configuration
Password hint display
Pre built binaries
Private CA and self signed certs that work with Chrome
Proxy examples
Running a private vaultwarden instance with Let's Encrypt certs
Running docker container with non root user
Running without WAL enabled
SMTP Configuration
Setup as a systemd service
Starting a Container
Supporting upstream
Syncing users from LDAP
Testing SSO
Third party packages
Translating the email templates
Updating the vaultwarden image
Using Docker Compose
Using Podman
Using an alternate base dir
Using the MariaDB (MySQL) Backend
Using the MySQL Backend
Using the PostgreSQL Backend
Which container image to use
6
Enabling Yubikey OTP authentication
Proxymiity ☆ edited this page 2021-04-29 20:23:52 +02:00
To enable YubiKey authentication, you must set the YUBICO_CLIENT_ID
and YUBICO_SECRET_KEY
env variables.
If YUBICO_SERVER
is not specified, it will use the default YubiCloud servers. You can generate YUBICO_CLIENT_ID
and YUBICO_SECRET_KEY
for the default YubiCloud here.
Notes:
- In order to generate API keys or use a YubiKey with an OTP server, it must be registered. After configuring your key in the YubiKey Personalization Tool, you can register it with the default servers here.
- aarch64 builds of the server version 1.6.0 or older do not support Yubikey functionality due to upstream issues - see #262.
docker run -d --name bitwarden \
-e YUBICO_CLIENT_ID=12345 \
-e YUBICO_SECRET_KEY=ABCDEABCDEABCDEABCDE= \
-v /vw-data/:/data/ \
-p 80:80 \
vaultwarden/server:latest
FAQs
Container Image Usage
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
Deployment
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
HTTPS
Configuration
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration
Database
- Using the MariaDB (MySQL) Backend
- Using the PostgreSQL Backend
- Running without WAL enabled
- Migrating from MariaDB (MySQL) to SQLite