Configuration from data directory

[kroese]

I would like to setup SMTP email, but it requires changing the docker parameters.

As I have installed Vaultwarden via the app-store of Umbrel, I have no influence over those parameters.

If there was just a simple configuration file in the Vaultwarden data directory, I could just edit that file instead.

Even better if I could set them through the web-interface, but I can understand if that is not possible when it must be identical to Bitwarden's interface.

[RealOrangeOne]

Vaultwarden has an admin interface, which may allow setting it. https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page.

If you can't set environment variables, that's going to massively hinder you. Environment variables can be set in an env file though, see the template in https://github.com/dani-garcia/vaultwarden/blob/main/.env.template.

[kroese]

@RealOrangeOne The .env file would be the perfect solution, however it seems I cannot place it in the DATA directory, but it must be inside the docker container next to the binary?

I only have access to the data directory, I cannot modify the container itself (or its parameters), so it seems Im out of luck then?

[stefan0xC]

As far as I know is the .env file loaded from / inside the container and not the /data directory so if you can't change the volumes of your container you cannot use this option.

However as stated in the configuration overview the admin-page creates a config.json in the /data directory. I could not find an official example but the generated json should look like this:

{
  "domain": "https://vault.example.com",
  "sends_allowed": true,
  "incomplete_2fa_time_limit": 3,
  "disable_icon_download": false,
  "signups_allowed": true,
  "signups_verify": true,
  "signups_verify_resend_time": 3600,
  "signups_verify_resend_limit": 6,
  "invitations_allowed": true,
  "emergency_access_allowed": true,
  "password_iterations": 100000,
  "show_password_hint": false,
  "admin_token": "ADMIN_TOKEN",
  "invitation_org_name": "Vaultwarden",
  "ip_header": "X-Forwarded-For",
  "icon_redirect_code": 302,
  "icon_cache_ttl": 2592000,
  "icon_cache_negttl": 259200,
  "icon_download_timeout": 10,
  "icon_blacklist_non_global_ips": true,
  "disable_2fa_remember": false,
  "authenticator_disable_time_drift": false,
  "require_device_email": false,
  "reload_templates": false,
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "disable_admin_token": false,
  "_enable_yubico": true,
  "_enable_duo": false,
  "_enable_smtp": true,
  "smtp_host": "mail.example.com",
  "smtp_security": "force_tls",
  "smtp_port": 465,
  "smtp_from": "[email protected]",
  "smtp_from_name": "Vaultwarden",
  "smtp_username": "vaultwarden",
  "smtp_password": "SMTP_PASSWORD",
  "smtp_timeout": 15,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "_enable_email_2fa": true,
  "email_token_size": 6,
  "email_expiration_time": 600,
  "email_attempts_limit": 3
}

The values for your domain, the admin_token, as well as the smtp_ configuration should obviously be changed according to your needs (and you might also change the other values to your configuration if you don't want to allow signups, etc).

You should also backup your existing data just in case something goes wrong.

[kroese]

Thank you! This is exactly what I needed!