Add Image information

.dockerignore

@@ -1,16 +1,18 @@
-// Ignore everything
-*
+# Local build artifacts
+target
 
-// Allow what is needed
-!.git
-!docker/healthcheck.sh
-!docker/start.sh
-!macros
-!migrations
-!src
+# Data folder
+data
+
+# IDE files
+.vscode
+.idea
+*.iml
+
+# Git files
+.git
+.gitignore
+
+# Documentation
+*.md
 
-!build.rs
-!Cargo.lock
-!Cargo.toml
-!rustfmt.toml
-!rust-toolchain.toml

.editorconfig

@@ -1,23 +0,0 @@
-# EditorConfig is awesome: https://EditorConfig.org
-
-# top-most EditorConfig file
-root = true
-
-[*]
-end_of_line = lf
-charset = utf-8
-
-[*.{rs,py}]
-indent_style = space
-indent_size = 4
-trim_trailing_whitespace = true
-insert_final_newline = true
-
-[*.{yml,yaml}]
-indent_style = space
-indent_size = 2
-trim_trailing_whitespace = true
-insert_final_newline = true
-
-[Makefile]
-indent_style = tab

.env

@@ -0,0 +1,13 @@
+# DATABASE_URL=data/db.sqlite3
+# PRIVATE_RSA_KEY=data/private_rsa_key.der
+# PUBLIC_RSA_KEY=data/public_rsa_key.der
+# ICON_CACHE_FOLDER=data/icon_cache
+# ATTACHMENTS_FOLDER=data/attachments
+
+# true for yes, anything else for no
+SIGNUPS_ALLOWED=true
+
+# ROCKET_ENV=production
+# ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
+# ROCKET_PORT=8000
+# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}

.gitattributes

@@ -1,2 +0,0 @@
-# Ignore vendored scripts in GitHub stats
-src/static/scripts/* linguist-vendored

.github/CODEOWNERS

@@ -1,6 +0,0 @@
-/.github @dani-garcia @BlackDex
-/.github/** @dani-garcia @BlackDex
-/.github/CODEOWNERS @dani-garcia @BlackDex
-/.github/ISSUE_TEMPLATE/** @dani-garcia @BlackDex
-/.github/workflows/** @dani-garcia @BlackDex
-/SECURITY.md @dani-garcia @BlackDex

.github/FUNDING.yml

@@ -1,3 +0,0 @@
-github: dani-garcia
-liberapay: dani-garcia
-custom: ["https://paypal.me/DaniGG"]

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,182 +0,0 @@
-name: Bug Report
-description: File a bug report
-labels: ["bug"]
-body:
-  #
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this bug report!
-
-        Please **do not** submit feature requests or ask for help on how to configure Vaultwarden here!
-
-        The [GitHub Discussions](https://github.com/dani-garcia/vaultwarden/discussions/) has sections for Questions and Ideas.
-
-        Our [Wiki](https://github.com/dani-garcia/vaultwarden/wiki/) has topics on how to configure Vaultwarden.
-
-        Also, make sure you are running [![GitHub Release](https://img.shields.io/github/release/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/releases/latest) of Vaultwarden!
-
-        Be sure to check and validate the Vaultwarden Admin Diagnostics (`/admin/diagnostics`) page for any errors!
-        See here [how to enable the admin page](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page).
-
-        > [!IMPORTANT]
-        > ## :bangbang: Search for existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) regarding your topic before posting! :bangbang:
-  #
-  - type: checkboxes
-    id: checklist
-    attributes:
-      label: Prerequisites
-      description: Please confirm you have completed the following before submitting an issue!
-      options:
-        - label: I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=)
-          required: true
-        - label: I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/)
-          required: true
-  #
-  - id: support-string
-    type: textarea
-    attributes:
-      label: Vaultwarden Support String
-      description: Output of the **Generate Support String** from the `/admin/diagnostics` page.
-      placeholder: |
-        1. Go to the Vaultwarden Admin of your instance https://example.domain.tld/admin/diagnostics
-        2. Click on `Generate Support String`
-        3. Click on `Copy To Clipboard`
-        4. Replace this text by pasting it into this textarea without any modifications
-    validations:
-      required: true
-  #
-  - id: version
-    type: input
-    attributes:
-      label: Vaultwarden Build Version
-      description: What version of Vaultwarden are you running?
-      placeholder: ex. v1.34.0 or v1.34.1-53f58b14
-    validations:
-      required: true
-  #
-  - id: deployment
-    type: dropdown
-    attributes:
-      label: Deployment method
-      description: How did you deploy Vaultwarden?
-      multiple: false
-      options:
-        - Official Container Image
-        - Build from source
-        - OS Package (apt, yum/dnf, pacman, apk, nix, ...)
-        - Manually Extracted from Container Image
-        - Downloaded from GitHub Actions Release Workflow
-        - Other method
-    validations:
-      required: true
-  #
-  - id: deployment-other
-    type: textarea
-    attributes:
-      label: Custom deployment method
-      description: If you deployed Vaultwarden via any other method, please describe how.
-  #
-  - id: reverse-proxy
-    type: input
-    attributes:
-      label: Reverse Proxy
-      description: Are you using a reverse proxy, if so which and what version?
-      placeholder: ex. nginx 1.29.0, caddy 2.10.0, traefik 3.4.4, haproxy 3.2
-    validations:
-      required: true
-  #
-  - id: os
-    type: dropdown
-    attributes:
-      label: Host/Server Operating System
-      description: On what operating system are you running the Vaultwarden server?
-      multiple: false
-      options:
-        - Linux
-        - NAS/SAN
-        - Cloud
-        - Windows
-        - macOS
-        - Other
-    validations:
-      required: true
-  #
-  - id: os-version
-    type: input
-    attributes:
-      label: Operating System Version
-      description: What version of the operating system(s) are you seeing the problem on?
-      placeholder: ex. Arch Linux, Ubuntu 24.04, Kubernetes, Synology DSM 7.x, Windows 11
-  #
-  - id: clients
-    type: dropdown
-    attributes:
-      label: Clients
-      description: What client(s) are you seeing the problem on?
-      multiple: true
-      options:
-        - Web Vault
-        - Browser Extension
-        - CLI
-        - Desktop
-        - Android
-        - iOS
-    validations:
-      required: true
-  #
-  - id: client-version
-    type: input
-    attributes:
-      label: Client Version
-      description: What version(s) of the client(s) are you seeing the problem on?
-      placeholder: ex. CLI v2025.7.0, Firefox 140 - v2025.6.1
-  #
-  - id: reproduce
-    type: textarea
-    attributes:
-      label: Steps To Reproduce
-      description: How can we reproduce the behavior.
-      value: |
-        1. Go to '...'
-        2. Click on '....'
-        3. Scroll down to '....'
-        4. Click on '...'
-        5. Etc '...'
-    validations:
-      required: true
-  #
-  - id: expected
-    type: textarea
-    attributes:
-      label: Expected Result
-      description: A clear and concise description of what you expected to happen.
-    validations:
-      required: true
-  #
-  - id: actual
-    type: textarea
-    attributes:
-      label: Actual Result
-      description: A clear and concise description of what is happening.
-    validations:
-      required: true
-  #
-  - id: logs
-    type: textarea
-    attributes:
-      label: Logs
-      description: Provide the logs generated by Vaultwarden during the time this issue occurs.
-      render: text
-  #
-  - id: screenshots
-    type: textarea
-    attributes:
-      label: Screenshots or Videos
-      description: If applicable, add screenshots and/or a short video to help explain your problem.
-  #
-  - id: additional-context
-    type: textarea
-    attributes:
-      label: Additional Context
-      description: Add any other context about the problem here.

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: GitHub Discussions for Vaultwarden
-    url: https://github.com/dani-garcia/vaultwarden/discussions
-    about: Use the discussions to request features or get help with usage/configuration.
-  - name: Discourse forum for Vaultwarden
-    url: https://vaultwarden.discourse.group/
-    about: An alternative to the GitHub Discussions, if this is easier for you.

.github/workflows/build.yml

@@ -1,220 +0,0 @@
-name: Build
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-on:
-  push:
-    paths:
-      - ".github/workflows/build.yml"
-      - "src/**"
-      - "migrations/**"
-      - "Cargo.*"
-      - "build.rs"
-      - "rust-toolchain.toml"
-      - "rustfmt.toml"
-      - "diesel.toml"
-      - "docker/Dockerfile.j2"
-      - "docker/DockerSettings.yaml"
-      - "macros/**"
-
-  pull_request:
-    paths:
-      - ".github/workflows/build.yml"
-      - "src/**"
-      - "migrations/**"
-      - "Cargo.*"
-      - "build.rs"
-      - "rust-toolchain.toml"
-      - "rustfmt.toml"
-      - "diesel.toml"
-      - "docker/Dockerfile.j2"
-      - "docker/DockerSettings.yaml"
-      - "macros/**"
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build:
-    name: Build and Test ${{ matrix.channel }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 120
-    # Make warnings errors, this is to prevent warnings slipping through.
-    # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
-    env:
-      RUSTFLAGS: "-Dwarnings"
-    strategy:
-      fail-fast: false
-      matrix:
-        channel:
-          - "rust-toolchain" # The version defined in rust-toolchain
-          - "msrv" # The supported MSRV
-
-    steps:
-      # Install dependencies
-      - name: "Install dependencies Ubuntu"
-        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config
-      # End Install dependencies
-
-      # Checkout the repo
-      - name: "Checkout"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-      # End Checkout the repo
-
-      # Determine rust-toolchain version
-      - name: Init Variables
-        id: toolchain
-        env:
-          CHANNEL: ${{ matrix.channel }}
-        run: |
-          if [[ "${CHANNEL}" == 'rust-toolchain' ]]; then
-            RUST_TOOLCHAIN="$(grep -m1 -oP 'channel.*"(\K.*?)(?=")' rust-toolchain.toml)"
-          elif [[ "${CHANNEL}" == 'msrv' ]]; then
-            RUST_TOOLCHAIN="$(grep -m1 -oP 'rust-version\s.*"(\K.*?)(?=")' Cargo.toml)"
-          else
-            RUST_TOOLCHAIN="${CHANNEL}"
-          fi
-          echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
-      # End Determine rust-toolchain version
-
-
-      - name: "Install toolchain ${{steps.toolchain.outputs.RUST_TOOLCHAIN}} as default"
-        env:
-          CHANNEL: ${{ matrix.channel }}
-          RUST_TOOLCHAIN: ${{steps.toolchain.outputs.RUST_TOOLCHAIN}}
-        run: |
-          # Remove the rust-toolchain.toml
-          rm rust-toolchain.toml
-
-          # Install the correct toolchain version
-          rustup toolchain install "${RUST_TOOLCHAIN}" --profile minimal --no-self-update
-
-          # If this matrix is the `rust-toolchain` flow, also install rustfmt and clippy
-          if [[ "${CHANNEL}" == 'rust-toolchain' ]]; then
-            rustup component add --toolchain "${RUST_TOOLCHAIN}" rustfmt clippy
-          fi
-
-          # Set as the default toolchain
-          rustup default "${RUST_TOOLCHAIN}"
-
-      # Show environment
-      - name: "Show environment"
-        run: |
-          rustc -vV
-          cargo -vV
-      # End Show environment
-
-      # Enable Rust Caching
-      - name: Rust Caching
-        uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
-        with:
-          # Use a custom prefix-key to force a fresh start. This is sometimes needed with bigger changes.
-          # Like changing the build host from Ubuntu 20.04 to 22.04 for example.
-          # Only update when really needed! Use a <year>.<month>[.<inc>] format.
-          prefix-key: "v2025.09-rust"
-      # End Enable Rust Caching
-
-      # Run cargo tests
-      # First test all features together, afterwards test them separately.
-      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc,s3"
-        id: test_sqlite_mysql_postgresql_mimalloc_s3
-        if: ${{ !cancelled() }}
-        run: |
-          cargo test --profile ci --features sqlite,mysql,postgresql,enable_mimalloc,s3
-
-      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
-        id: test_sqlite_mysql_postgresql_mimalloc
-        if: ${{ !cancelled() }}
-        run: |
-          cargo test --profile ci --features sqlite,mysql,postgresql,enable_mimalloc
-
-      - name: "test features: sqlite,mysql,postgresql"
-        id: test_sqlite_mysql_postgresql
-        if: ${{ !cancelled() }}
-        run: |
-          cargo test --profile ci --features sqlite,mysql,postgresql
-
-      - name: "test features: sqlite"
-        id: test_sqlite
-        if: ${{ !cancelled() }}
-        run: |
-          cargo test --profile ci --features sqlite
-
-      - name: "test features: mysql"
-        id: test_mysql
-        if: ${{ !cancelled() }}
-        run: |
-          cargo test --profile ci --features mysql
-
-      - name: "test features: postgresql"
-        id: test_postgresql
-        if: ${{ !cancelled() }}
-        run: |
-          cargo test --profile ci --features postgresql
-      # End Run cargo tests
-
-
-      # Run cargo clippy, and fail on warnings
-      - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc,s3"
-        id: clippy
-        if: ${{ !cancelled() && matrix.channel == 'rust-toolchain' }}
-        run: |
-          cargo clippy --profile ci --features sqlite,mysql,postgresql,enable_mimalloc,s3
-      # End Run cargo clippy
-
-
-      # Run cargo fmt (Only run on rust-toolchain defined version)
-      - name: "check formatting"
-        id: formatting
-        if: ${{ !cancelled() && matrix.channel == 'rust-toolchain' }}
-        run: |
-          cargo fmt --all -- --check
-      # End Run cargo fmt
-
-
-      # Check for any previous failures, if there are stop, else continue.
-      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
-      - name: "Some checks failed"
-        if: ${{ failure() }}
-        env:
-          TEST_DB_M_S3: ${{ steps.test_sqlite_mysql_postgresql_mimalloc_s3.outcome }}
-          TEST_DB_M: ${{ steps.test_sqlite_mysql_postgresql_mimalloc.outcome }}
-          TEST_DB: ${{ steps.test_sqlite_mysql_postgresql.outcome }}
-          TEST_SQLITE: ${{ steps.test_sqlite.outcome }}
-          TEST_MYSQL: ${{ steps.test_mysql.outcome }}
-          TEST_POSTGRESQL: ${{ steps.test_postgresql.outcome }}
-          CLIPPY: ${{ steps.clippy.outcome }}
-          FMT: ${{ steps.formatting.outcome }}
-        run: |
-          echo "### :x: Checks Failed!" >> "${GITHUB_STEP_SUMMARY}"
-          echo "" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|Job|Status|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|---|------|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (sqlite,mysql,postgresql,enable_mimalloc,s3)|${TEST_DB_M_S3}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (sqlite,mysql,postgresql,enable_mimalloc)|${TEST_DB_M}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (sqlite,mysql,postgresql)|${TEST_DB}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (sqlite)|${TEST_SQLITE}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (mysql)|${TEST_MYSQL}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|test (postgresql)|${TEST_POSTGRESQL}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc,s3)|${CLIPPY}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "|fmt|${FMT}|" >> "${GITHUB_STEP_SUMMARY}"
-          echo "" >> "${GITHUB_STEP_SUMMARY}"
-          echo "Please check the failed jobs and fix where needed." >> "${GITHUB_STEP_SUMMARY}"
-          echo "" >> "${GITHUB_STEP_SUMMARY}"
-          exit 1
-
-
-      # Check for any previous failures, if there are stop, else continue.
-      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
-      - name: "All checks passed"
-        if: ${{ success() }}
-        run: |
-          echo "### :tada: Checks Passed!" >> "${GITHUB_STEP_SUMMARY}"
-          echo "" >> "${GITHUB_STEP_SUMMARY}"

.github/workflows/check-templates.yml

@@ -1,35 +0,0 @@
-name: Check templates
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-on: [ push, pull_request ]
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  docker-templates:
-    name: Validate docker templates
-    runs-on: ubuntu-24.04
-    timeout-minutes: 30
-
-    steps:
-      # Checkout the repo
-      - name: "Checkout"
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-      # End Checkout the repo
-
-      - name: Run make to rebuild templates
-        working-directory: docker
-        run: make
-
-      - name: Check for unstaged changes
-        working-directory: docker
-        run: git diff --exit-code
-        continue-on-error: false

.github/workflows/hadolint.yml

@@ -1,60 +0,0 @@
-name: Hadolint
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-on: [ push, pull_request ]
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  hadolint:
-    name: Validate Dockerfile syntax
-    runs-on: ubuntu-24.04
-    timeout-minutes: 30
-
-    steps:
-      # Start Docker Buildx
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
-        # https://github.com/moby/buildkit/issues/3969
-        # Also set max parallelism to 2, the default of 4 breaks GitHub Actions and causes OOMKills
-        with:
-          buildkitd-config-inline: |
-            [worker.oci]
-              max-parallelism = 2
-          driver-opts: |
-            network=host
-
-      # Download hadolint - https://github.com/hadolint/hadolint/releases
-      - name: Download hadolint
-        run: |
-          sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \
-          sudo chmod +x /usr/local/bin/hadolint
-        env:
-          HADOLINT_VERSION: 2.14.0
-      # End Download hadolint
-      # Checkout the repo
-      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-      # End Checkout the repo
-
-      # Test Dockerfiles with hadolint
-      - name: Run hadolint
-        run: hadolint docker/Dockerfile.{debian,alpine}
-      # End Test Dockerfiles with hadolint
-
-      # Test Dockerfiles with docker build checks
-      - name: Run docker build check
-        run: |
-          echo "Checking docker/Dockerfile.debian"
-          docker build --check . -f docker/Dockerfile.debian
-          echo "Checking docker/Dockerfile.alpine"
-          docker build --check . -f docker/Dockerfile.alpine
-      # End Test Dockerfiles with docker build checks

.github/workflows/releasecache-cleanup.yml

@@ -1,34 +0,0 @@
-name: Cleanup
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: false
-
-on:
-  workflow_dispatch:
-    inputs:
-      manual_trigger:
-        description: "Manual trigger buildcache cleanup"
-        required: false
-        default: ""
-
-  schedule:
-    - cron: '0 1 * * FRI'
-
-jobs:
-  releasecache-cleanup:
-    name: Releasecache Cleanup
-    permissions:
-      packages: write # To be able to cleanup old caches
-    runs-on: ubuntu-24.04
-    continue-on-error: true
-    timeout-minutes: 30
-    steps:
-      - name: Delete vaultwarden-buildcache containers
-        uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0
-        with:
-          package-name: 'vaultwarden-buildcache'
-          package-type: 'container'
-          min-versions-to-keep: 0
-          delete-only-untagged-versions: 'false'

.github/workflows/trivy.yml

@@ -1,55 +0,0 @@
-name: Trivy
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-on:
-  push:
-    branches:
-      - main
-
-    tags:
-      - '*'
-
-  pull_request:
-    branches:
-      - main
-
-  schedule:
-    - cron: '08 11 * * *'
-
-jobs:
-  trivy-scan:
-    # Only run this in the upstream repo and not on forks
-    # When all forks run this at the same time, it is causing `Too Many Requests` issues
-    if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
-    name: Trivy Scan
-    permissions:
-      security-events: write # To write the security report
-    runs-on: ubuntu-24.04
-    timeout-minutes: 30
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
-        env:
-          TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
-          TRIVY_JAVA_DB_REPOSITORY: docker.io/aquasec/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1
-        with:
-          scan-type: repo
-          ignore-unfixed: true
-          format: sarif
-          output: trivy-results.sarif
-          severity: CRITICAL,HIGH
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
-        with:
-          sarif_file: 'trivy-results.sarif'

.github/workflows/typos.yml

@@ -1,26 +0,0 @@
-name: Code Spell Checking
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-on: [ push, pull_request ]
-
-jobs:
-  typos:
-    name: Run typos spell checking
-    runs-on: ubuntu-24.04
-    timeout-minutes: 30
-
-    steps:
-      # Checkout the repo
-      - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-      # End Checkout the repo
-
-      # When this version is updated, do not forget to update this in `.pre-commit-config.yaml` too
-      - name: Spell Check Repo
-        uses: crate-ci/typos@37bb98842b0d8c4ffebdb75301a13db0267cef89 # v1.47.2

.github/workflows/zizmor.yml

@@ -1,31 +0,0 @@
-name: Security Analysis with zizmor
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-on:
-  push:
-    branches: ["main"]
-  pull_request:
-    branches: ["**"]
-
-jobs:
-  zizmor:
-    name: Run zizmor
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write # To write the security report
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-
-      - name: Run zizmor
-        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
-        with:
-          # intentionally not scanning the entire repository,
-          # since it contains integration tests.
-          inputs: ./.github/

.gitignore

@@ -10,7 +10,7 @@ data
 *.iml
 
 # Environment file
-.env
+# .env
 
 # Web vault
-web-vault
+web-vault

.hadolint.yaml

@@ -1,13 +0,0 @@
-ignored:
-  # To prevent issues and make clear some images only work on linux/amd64, we ignore this
-  - DL3029
-  # disable explicit version for apt install
-  - DL3008
-  # disable explicit version for apk install
-  - DL3018
-  # Ignore shellcheck info message
-  - SC1091
-trustedRegistries:
-  - docker.io
-  - ghcr.io
-  - quay.io

.pre-commit-config.yaml

@@ -1,60 +0,0 @@
----
-repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # v6.0.0
-    hooks:
-      - id: check-yaml
-      - id: check-json
-      - id: check-toml
-      - id: mixed-line-ending
-        args: [ "--fix=no" ]
-      - id: end-of-file-fixer
-        exclude: "(.*js$|.*css$)"
-      - id: check-case-conflict
-      - id: check-merge-conflict
-      - id: detect-private-key
-      - id: check-symlinks
-      - id: forbid-submodules
-
-  # When this version is updated, do not forget to update this in `.github/workflows/typos.yaml` too
-  - repo: https://github.com/crate-ci/typos
-    rev: 37bb98842b0d8c4ffebdb75301a13db0267cef89 # v1.47.2
-    hooks:
-      - id: typos
-
-  - repo: local
-    hooks:
-      - id: fmt
-        name: fmt
-        description: Format files with cargo fmt.
-        entry: cargo fmt
-        language: system
-        always_run: true
-        pass_filenames: false
-        args: [ "--", "--check" ]
-      - id: cargo-test
-        name: cargo test
-        description: Test the package for errors.
-        entry: cargo test
-        language: system
-        args: [ "--features", "sqlite,mysql,postgresql", "--" ]
-        types_or: [ rust, file ]
-        files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$)
-        pass_filenames: false
-      - id: cargo-clippy
-        name: cargo clippy
-        description: Lint Rust sources
-        entry: cargo clippy
-        language: system
-        args: [ "--features", "sqlite,mysql,postgresql", "--", "-D", "warnings" ]
-        types_or: [ rust, file ]
-        files: (Cargo.toml|Cargo.lock|rust-toolchain.toml|rustfmt.toml|.*\.rs$)
-        pass_filenames: false
-      - id: check-docker-templates
-        name: check docker templates
-        description: Check if the Docker templates are updated
-        language: system
-        entry: sh
-        args:
-          - "-c"
-          - "cd docker && make"

.typos.toml

@@ -1,28 +0,0 @@
-[files]
-extend-exclude = [
-    ".git/",
-    "playwright/",
-    "*.js", # Ignore all JavaScript files
-    "!admin*.js", # Except our own JavaScript files
-]
-ignore-hidden = false
-
-[default]
-extend-ignore-re = [
-    # We use this in place of the reserved type identifier at some places
-    "typ",
-    # In SMTP it's called HELO, so ignore it
-    "(?i)helo_name",
-    "Server name sent during.+HELO",
-    # COSE Is short for CBOR Object Signing and Encryption, ignore these specific items
-    "COSEKey",
-    "COSEAlgorithm",
-    # Ignore this specific string as it's valid
-    "Ensure they are valid OTPs",
-    # This word is misspelled upstream
-    # https://github.com/bitwarden/server/blob/dff9f1cf538198819911cf2c20f8cda3307701c5/src/Notifications/HubHelpers.cs#L86
-    # https://github.com/bitwarden/clients/blob/9612a4ac45063e372a6fbe87eb253c7cb3c588fb/libs/common/src/auth/services/anonymous-hub.service.ts#L45
-    "AuthRequestResponseRecieved",
-    # Ignore Punycode/IDN tests
-    "xn--.+"
-]

BUILD.md

@@ -0,0 +1,69 @@
+## How to compile bitwarden_rs
+Install `rust nightly`, in Windows the recommended way is through `rustup`.
+
+Install the `openssl` library, in Windows the best option is Microsoft's `vcpkg`,
+on other systems use their respective package managers.
+
+Then run:
+```sh
+cargo run
+# or
+cargo build
+```
+
+## How to install the web-vault locally
+If you're using docker image, you can just update `VAULT_VERSION` variable in Dockerfile and rebuild the image.
+
+Install `node.js` and either `yarn` or `npm` (usually included with node)
+
+Clone the web-vault outside the project:
+```
+git clone https://github.com/bitwarden/web.git web-vault
+```
+
+Modify `web-vault/settings.Production.json` to look like this:
+```json
+{
+  "appSettings": {
+    "apiUri": "/api",
+    "identityUri": "/identity",
+    "iconsUri": "/icons",
+    "stripeKey": "",
+    "braintreeKey": ""
+  }
+}
+```
+
+Then, run the following from the `web-vault` dir:
+```sh
+# With yarn (recommended)
+yarn
+yarn gulp dist:selfHosted
+
+# With npm
+npm install
+npx gulp dist:selfHosted
+```
+
+Finally copy the contents of the `web-vault/dist` folder into the `bitwarden_rs/web-vault` folder.
+
+## How to recreate database schemas
+Install diesel-cli with cargo:
+```sh
+cargo install diesel_cli --no-default-features --features sqlite-bundled # Or use only sqlite to use the system version
+```
+
+Make sure that the correct path to the database is in the `.env` file.
+
+If you want to modify the schemas, create a new migration with:
+```
+diesel migration generate <name>
+```
+
+Modify the *.sql files, making sure that any changes are reverted in the down.sql file.
+
+Apply the migrations and save the generated schemas as follows:
+```
+diesel migration redo
+diesel print-schema > src/db/schema.rs
+```

Dockerfile

@@ -1 +0,0 @@
-docker/Dockerfile.debian

Dockerfile

@@ -0,0 +1,88 @@
+# Using multistage build: 
+# 	https://docs.docker.com/develop/develop-images/multistage-build/
+# 	https://whitfin.io/speeding-up-rust-docker-builds/
+####################### VAULT BUILD IMAGE  #######################
+FROM node:9-alpine as vault
+
+ENV VAULT_VERSION "1.26.0"
+ENV URL "https://github.com/bitwarden/web/archive/v${VAULT_VERSION}.tar.gz"
+
+RUN apk add --update-cache --upgrade \
+    curl \
+    git \
+    tar \
+    && npm install -g \
+        gulp-cli \
+        gulp
+
+RUN mkdir /web-build \
+    && cd /web-build \
+    && curl -L "${URL}" | tar -xvz --strip-components=1
+
+WORKDIR /web-build
+
+COPY /docker/settings.Production.json /web-build/
+
+RUN git config --global url."https://github.com/".insteadOf ssh://git@github.com/ \
+    && npm install \
+    && gulp dist:selfHosted \
+    && mv dist /web-vault
+
+########################## BUILD IMAGE  ##########################
+# We need to use the Rust build image, because
+# we need the Rust compiler and Cargo tooling
+FROM rustlang/rust:nightly as build
+
+# Using bundled SQLite, no need to install it
+# RUN apt-get update && apt-get install -y\
+#    sqlite3\
+#    --no-install-recommends\
+# && rm -rf /var/lib/apt/lists/*
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
+WORKDIR /app
+
+# Copies over *only* your manifests and vendored dependencies
+COPY ./Cargo.* ./
+COPY ./libs ./libs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --release
+RUN find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY . .
+
+# Builds again, this time it'll just be
+# your actual source files being built
+RUN cargo build --release
+
+######################## RUNTIME IMAGE  ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+FROM debian:stretch-slim
+
+# Install needed libraries
+RUN apt-get update && apt-get install -y\
+    openssl\
+    --no-install-recommends\
+ && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir /data
+VOLUME /data
+EXPOSE 80
+
+# Copies the files from the context (env file and web-vault)
+# and the binary from the "build" stage to the current stage
+COPY .env .
+COPY --from=vault /web-vault ./web-vault
+COPY --from=build app/target/release/bitwarden_rs .
+
+# Configures the startup!
+# Use production to disable Rocket logging
+#CMD ROCKET_ENV=production ./bitwarden_rs
+CMD ROCKET_ENV=staging ./bitwarden_rs

LICENSE.txt

@@ -1,5 +1,5 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
 
  Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
@@ -7,15 +7,17 @@
 
                             Preamble
 
-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
 
   The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
+the GNU General Public License is intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
 
   When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -24,34 +26,44 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.
 
-  Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
 
-  A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate.  Many developers of free software are heartened and
-encouraged by the resulting cooperation.  However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
 
-  The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community.  It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
 
-  An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals.  This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
@@ -60,7 +72,7 @@ modification follow.
 
   0. Definitions.
 
-  "This License" refers to version 3 of the GNU Affero General Public License.
+  "This License" refers to version 3 of the GNU General Public License.
 
   "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -537,45 +549,35 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
 
-  13. Remote Network Interaction; Use with the GNU General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
+  13. Use with the GNU Affero General Public License.
 
   Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
+under version 3 of the GNU Affero General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
 
   14. Revised Versions of this License.
 
   The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 
   Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
+Program specifies that a certain numbered version of the GNU General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
+GNU General Public License, you may choose any version ever published
 by the Free Software Foundation.
 
   If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
+versions of the GNU General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
 
@@ -633,29 +635,40 @@ the "copyright" line and a pointer to where the full notice is found.
     Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.
 
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
+    GNU General Public License for more details.
 
-    You should have received a copy of the GNU Affero General Public License
+    You should have received a copy of the GNU General Public License
     along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
-  If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source.  For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code.  There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
 
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
+For more information on this, and how to apply and follow the GNU GPL, see
 <https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

README.md

@@ -1,147 +1,148 @@
-![Vaultwarden Logo](./resources/vaultwarden-logo-auto.svg)
+This is Bitwarden server API implementation written in rust compatible with [upstream Bitwarden clients](https://bitwarden.com/#download)*, ideal for self-hosted deployment where running official resource-heavy service might not be ideal.
 
-An alternative server implementation of the Bitwarden Client API, written in Rust and compatible with [official Bitwarden clients](https://bitwarden.com/download/) [[disclaimer](#disclaimer)], perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
+Image is based on [Rust implementation of Bitwarden API](https://github.com/dani-garcia/bitwarden_rs).
 
----
-
-[![GitHub Release](https://img.shields.io/github/release/dani-garcia/vaultwarden.svg?style=for-the-badge&logo=vaultwarden&color=005AA4)](https://github.com/dani-garcia/vaultwarden/releases/latest)
-[![ghcr.io Pulls](https://img.shields.io/badge/dynamic/json?style=for-the-badge&logo=github&logoColor=fff&color=005AA4&url=https%3A%2F%2Fipitio.github.io%2Fbackage%2Fdani-garcia%2Fvaultwarden%2Fvaultwarden.json&query=%24.downloads&label=ghcr.io%20pulls&cacheSeconds=14400)](https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden)
-[![Docker Pulls](https://img.shields.io/docker/pulls/vaultwarden/server.svg?style=for-the-badge&logo=docker&logoColor=fff&color=005AA4&label=docker.io%20pulls)](https://hub.docker.com/r/vaultwarden/server)
-[![Quay.io](https://img.shields.io/badge/quay.io-download-005AA4?style=for-the-badge&logo=redhat&cacheSeconds=14400)](https://quay.io/repository/vaultwarden/server) <br>
-[![Contributors](https://img.shields.io/github/contributors-anon/dani-garcia/vaultwarden.svg?style=flat-square&logo=vaultwarden&color=005AA4)](https://github.com/dani-garcia/vaultwarden/graphs/contributors)
-[![Forks](https://img.shields.io/github/forks/dani-garcia/vaultwarden.svg?style=flat-square&logo=github&logoColor=fff&color=005AA4)](https://github.com/dani-garcia/vaultwarden/network/members)
-[![Stars](https://img.shields.io/github/stars/dani-garcia/vaultwarden.svg?style=flat-square&logo=github&logoColor=fff&color=005AA4)](https://github.com/dani-garcia/vaultwarden/stargazers)
-[![Issues Open](https://img.shields.io/github/issues/dani-garcia/vaultwarden.svg?style=flat-square&logo=github&logoColor=fff&color=005AA4&cacheSeconds=300)](https://github.com/dani-garcia/vaultwarden/issues)
-[![Issues Closed](https://img.shields.io/github/issues-closed/dani-garcia/vaultwarden.svg?style=flat-square&logo=github&logoColor=fff&color=005AA4&cacheSeconds=300)](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue+is%3Aclosed)
-[![AGPL-3.0 Licensed](https://img.shields.io/github/license/dani-garcia/vaultwarden.svg?style=flat-square&logo=vaultwarden&color=944000&cacheSeconds=14400)](https://github.com/dani-garcia/vaultwarden/blob/main/LICENSE.txt) <br>
-[![Dependency Status](https://img.shields.io/badge/dynamic/xml?url=https%3A%2F%2Fdeps.rs%2Frepo%2Fgithub%2Fdani-garcia%2Fvaultwarden%2Fstatus.svg&query=%2F*%5Blocal-name()%3D'svg'%5D%2F*%5Blocal-name()%3D'g'%5D%5B2%5D%2F*%5Blocal-name()%3D'text'%5D%5B4%5D&style=flat-square&logo=rust&label=dependencies&color=005AA4)](https://deps.rs/repo/github/dani-garcia/vaultwarden)
-[![GHA Release](https://img.shields.io/github/actions/workflow/status/dani-garcia/vaultwarden/release.yml?style=flat-square&logo=github&logoColor=fff&label=Release%20Workflow)](https://github.com/dani-garcia/vaultwarden/actions/workflows/release.yml)
-[![GHA Build](https://img.shields.io/github/actions/workflow/status/dani-garcia/vaultwarden/build.yml?style=flat-square&logo=github&logoColor=fff&label=Build%20Workflow)](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml) <br>
-[![Matrix Chat](https://img.shields.io/matrix/vaultwarden:matrix.org.svg?style=flat-square&logo=matrix&logoColor=fff&color=953B00&cacheSeconds=14400)](https://matrix.to/#/#vaultwarden:matrix.org)
-[![GitHub Discussions](https://img.shields.io/github/discussions/dani-garcia/vaultwarden?style=flat-square&logo=github&logoColor=fff&color=953B00&cacheSeconds=300)](https://github.com/dani-garcia/vaultwarden/discussions)
-[![Discourse Discussions](https://img.shields.io/discourse/topics?server=https%3A%2F%2Fvaultwarden.discourse.group%2F&style=flat-square&logo=discourse&color=953B00)](https://vaultwarden.discourse.group/)
-
-> [!IMPORTANT]
-> **When using this server, please report any bugs or suggestions directly to us (see [Get in touch](#get-in-touch)), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official Bitwarden support channels.**
-
-<br>
+_*Note, that this project is not associated with the [Bitwarden](https://bitwarden.com/) project nor 8bit Solutions LLC._
 
 ## Features
 
-A nearly complete implementation of the Bitwarden Client API is provided, including:
+Basically full implementation of Bitwarden API is provided including:
 
- * [Personal Vault](https://bitwarden.com/help/managing-items/)
- * [Send](https://bitwarden.com/help/about-send/)
- * [Attachments](https://bitwarden.com/help/attachments/)
- * [Website icons](https://bitwarden.com/help/website-icons/)
- * [Personal API Key](https://bitwarden.com/help/personal-api-key/)
- * [Organizations](https://bitwarden.com/help/getting-started-organizations/)
-   - [Collections](https://bitwarden.com/help/about-collections/),
-     [Password Sharing](https://bitwarden.com/help/sharing/),
-     [Member Roles](https://bitwarden.com/help/user-types-access-control/),
-     [Groups](https://bitwarden.com/help/about-groups/),
-     [Event Logs](https://bitwarden.com/help/event-logs/),
-     [Admin Password Reset](https://bitwarden.com/help/admin-reset/),
-     [Directory Connector](https://bitwarden.com/help/directory-sync/),
-     [Policies](https://bitwarden.com/help/policies/)
- * [Multi/Two Factor Authentication](https://bitwarden.com/help/bitwarden-field-guide-two-step-login/)
-   - [Authenticator](https://bitwarden.com/help/setup-two-step-login-authenticator/),
-     [Email](https://bitwarden.com/help/setup-two-step-login-email/),
-     [FIDO2 WebAuthn](https://bitwarden.com/help/setup-two-step-login-fido/),
-     [YubiKey](https://bitwarden.com/help/setup-two-step-login-yubikey/),
-     [Duo](https://bitwarden.com/help/setup-two-step-login-duo/)
- * [Emergency Access](https://bitwarden.com/help/emergency-access/)
- * [Vaultwarden Admin Backend](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page)
- * [Modified Web Vault client](https://github.com/dani-garcia/bw_web_builds) (Bundled within our containers)
+ * Basic single user functionality
+ * Organizations support
+ * Attachments
+ * Vault API support 
+ * Serving the static files for Vault interface
+ * Website icons API
 
-<br>
+## Docker image usage
 
-## Usage
+### Starting a container
 
-> [!IMPORTANT]
-> The web-vault requires the use of HTTPS and a secure context for the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API). <br>
-> That means it will only work if you [enable HTTPS](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS). <br>
-> We also suggest to use a [reverse proxy](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples).
+The persistent data is stored under /data inside the container, so the only requirement for persistent deployment using Docker is to mount persistent volume at the path:
 
-The recommended way to install and use Vaultwarden is via our container images which are published to [ghcr.io](https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden), [docker.io](https://hub.docker.com/r/vaultwarden/server) and [quay.io](https://quay.io/repository/vaultwarden/server).
-See [which container image to use](https://github.com/dani-garcia/vaultwarden/wiki/Which-container-image-to-use) for an explanation of the provided tags.
-
-There are also [community driven packages](https://github.com/dani-garcia/vaultwarden/wiki/Third-party-packages) which can be used, but those might be lagging behind the latest version or might deviate in the way Vaultwarden is configured, as described in our [Wiki](https://github.com/dani-garcia/vaultwarden/wiki).
-
-Alternatively, you can also [build Vaultwarden](https://github.com/dani-garcia/vaultwarden/wiki/Building-binary) yourself.
-
-While Vaultwarden is based upon the [Rocket web framework](https://rocket.rs) which has built-in support for TLS our recommendation would be that you setup a reverse proxy (see [proxy examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples)).
-
-> [!TIP]
->**For more detailed examples on how to install, use and configure Vaultwarden you can check our [Wiki](https://github.com/dani-garcia/vaultwarden/wiki).**
-
-### Docker/Podman CLI
-
-Pull the container image and mount a volume from the host for persistent storage.<br>
-You can replace `docker` with `podman` if you prefer to use podman.
-
-```shell
-docker pull vaultwarden/server:latest
-docker run --detach --name vaultwarden \
-  --env DOMAIN="https://vw.domain.tld" \
-  --volume /vw-data/:/data/ \
-  --restart unless-stopped \
-  --publish 127.0.0.1:8000:80 \
-  vaultwarden/server:latest
+```
+docker run -d --name bitwarden -v /bw-data/:/data/ -p 80:80 mprasil/bitwarden:latest
 ```
 
-This will preserve any persistent data under `/vw-data/`, you can adapt the path to whatever suits you.
+This will preserve any persistent data under `/bw-data/`, you can adapt the path to whatever suits you.
 
-### Docker Compose
+The service will be exposed on port 80.
 
-To use Docker compose you need to create a `compose.yaml` which will hold the configuration to run the Vaultwarden container.
+### Updating the bitwarden image
 
-```yaml
-services:
-  vaultwarden:
-    image: vaultwarden/server:latest
-    container_name: vaultwarden
-    restart: unless-stopped
-    environment:
-      DOMAIN: "https://vw.domain.tld"
-    volumes:
-      - ./vw-data/:/data/
-    ports:
-      - 127.0.0.1:8000:80
+Updating is straightforward, you just make sure to preserve the mounted volume. If you used the bind-mounted path as in the example above, you just need to `pull` the latest image, `stop` and `rm` the current container and then start a new one the same way as before:
+
+```sh
+# Pull the latest version
+docker pull mprasil/bitwarden:latest
+
+# Stop and remove the old container
+docker stop bitwarden
+docker rm bitwarden
+
+# Start new container with the data mounted
+docker run -d --name bitwarden -v /bw-data/:/data/ -p 80:80 mprasil/bitwarden:latest
 ```
 
-<br>
+In case you didn't bind mount the volume for persistent data, you need an intermediate step where you preserve the data with an intermediate container:
 
-## Get in touch
+```sh
+# Pull the latest version
+docker pull mprasil/bitwarden:latest
 
-Have a question, suggestion or need help? Join our community on [Matrix](https://matrix.to/#/#vaultwarden:matrix.org), [GitHub Discussions](https://github.com/dani-garcia/vaultwarden/discussions) or [Discourse Forums](https://vaultwarden.discourse.group/).
+# Create intermediate container to preserve data
+docker run --volumes-from bitwarden --name bitwarden_data busybox true
 
-Encountered a bug or crash? Please search our issue tracker and discussions to see if it's already been reported. If not, please [start a new discussion](https://github.com/dani-garcia/vaultwarden/discussions) or [create a new issue](https://github.com/dani-garcia/vaultwarden/issues/). Ensure you're using the latest version of Vaultwarden and there aren't any similar issues open or closed!
+# Stop and remove the old container
+docker stop bitwarden
+docker rm bitwarden
 
-<br>
+# Start new container with the data mounted
+docker run -d --volumes-from bitwarden_data --name bitwarden -p 80:80 mprasil/bitwarden:latest
 
-## Contributors
+# Optionally remove the intermediate container
+docker rm bitwarden_data
 
-Thanks for your contribution to the project!
+# Alternatively you can keep data container around for future updates in which case you can skip last step.
+```
 
-[![Contributors Count](https://img.shields.io/github/contributors-anon/dani-garcia/vaultwarden?style=for-the-badge&logo=vaultwarden&color=005AA4)](https://github.com/dani-garcia/vaultwarden/graphs/contributors)<br>
-[![Contributors Avatars](https://contributors-img.web.app/image?repo=dani-garcia/vaultwarden)](https://github.com/dani-garcia/vaultwarden/graphs/contributors)
+## Configuring bitwarden service
 
-<br>
+### Changing persistent data location
 
-## Disclaimer
+#### /data prefix:
 
-**This project is not associated with [Bitwarden](https://bitwarden.com/) or Bitwarden, Inc.**
+By default all persistent data is saved under `/data`, you can override this path by setting the `DATA_FOLDER` env variable:
 
-However, one of the active maintainers for Vaultwarden is employed by Bitwarden and is allowed to contribute to the project on their own time. These contributions are independent of Bitwarden and are reviewed by other maintainers.
+```sh
+docker run -d --name bitwarden \
+  -e DATA_FOLDER=/persistent \
+  -v /bw-data/:/persistent/ \
+  -p 80:80 \
+  mprasil/bitwarden:latest
+```
 
-The maintainers work together to set the direction for the project, focusing on serving the self-hosting community, including individuals, families, and small organizations, while ensuring the project's sustainability.
+Notice, that you need to adapt your volume mount accordingly.
 
-**Please note:** We cannot be held liable for any data loss that may occur while using Vaultwarden. This includes passwords, attachments, and other information handled by the application. We highly recommend performing regular backups of your files and database. However, should you experience data loss, we encourage you to contact us immediately.
+#### database name and location
 
-<br>
+Default is `$DATA_FOLDER/db.sqlite3`, you can change the path specifically for database using `DATABASE_URL` variable:
 
-## Bitwarden_RS
+```sh
+docker run -d --name bitwarden \
+  -e DATABASE_URL=/database/bitwarden.sqlite3 \
+  -v /bw-data/:/data/ \
+  -v /bw-database/:/database/ \
+  -p 80:80 \
+  mprasil/bitwarden:latest
+```
 
-This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues.<br>
-Please see [#1642 - v1.21.0 release and project rename to Vaultwarden](https://github.com/dani-garcia/vaultwarden/discussions/1642) for more explanation.
+Note, that you need to remember to mount the volume for both database and other persistent data if they are different.
+
+#### attachments location
+
+Default is `$DATA_FOLDER/attachments`, you can change the path using `ATTACHMENTS_FOLDER` variable:
+
+```sh
+docker run -d --name bitwarden \
+  -e ATTACHMENTS_FOLDER=/attachments \
+  -v /bw-data/:/data/ \
+  -v /bw-attachments/:/attachments/ \
+  -p 80:80 \
+  mprasil/bitwarden:latest
+```
+
+Note, that you need to remember to mount the volume for both attachments and other persistent data if they are different.
+
+#### icons cache
+
+Default is `$DATA_FOLDER/icon_cache`, you can change the path using `ICON_CACHE_FOLDER` variable:
+
+```sh
+docker run -d --name bitwarden \
+  -e ICON_CACHE_FOLDER=/icon_cache \
+  -v /bw-data/:/data/ \
+  -v /icon_cache/ \
+  -p 80:80 \
+  mprasil/bitwarden:latest
+```
+
+Note, that in the above example we don't mount the volume locally, which means it won't be persisted during the upgrade unless you use intermediate data container using `--volumes-from`. This will impact performance as bitwarden will have to re-dowload the icons on restart, but might save you from having stale icons in cache as they are not automatically cleaned.
+
+### Other configuration
+
+Though this is unlikely to be required in small deployment, you can fine-tune some other settings like number of workers using environment variables that are processed by [Rocket](https://rocket.rs), please see details in [documentation](https://rocket.rs/guide/configuration/#environment-variables).
+
+## Building your own image
+
+Clone the repository, then from the root of the repository run:
+
+```sh
+# Build the docker image:
+docker build -t bitwarden_rs .
+```
+
+## Building binary
+
+For building binary outside the Docker environment and running it locally without docker, please see [build instructions](BUILD.md).

SECURITY.md

@@ -1,49 +0,0 @@
-Vaultwarden tries to prevent security issues but there could always slip something through.
-If you believe you've found a security issue in our application, we encourage you to
-notify us. We welcome working with you to resolve the issue promptly. Thanks in advance!
-
-# Disclosure Policy
-
-- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
-  effort to quickly resolve the issue.
-- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a
-  third-party. We may publicly disclose the issue before resolving it, if appropriate.
-- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
-  degradation of our service. Only interact with accounts you own or with explicit permission of the
-  account holder.
-
-# In-scope
-
-- Security issues in any current release of Vaultwarden. Source code is available at https://github.com/dani-garcia/vaultwarden. This includes the current `latest` release and `main / testing` release.
-
-# Exclusions
-
-The following bug classes are out-of scope:
-
-- Bugs that are already reported on Vaultwarden's issue tracker (https://github.com/dani-garcia/vaultwarden/issues)
-- Bugs that are not part of Vaultwarden, like on the web-vault or mobile and desktop clients. These issues need to be reported in the respective project issue tracker at https://github.com/bitwarden to which we are not associated
-- Issues in an upstream software dependency (ex: Rust, or External Libraries) which are already reported to the upstream maintainer
-- Attacks requiring physical access to a user's device
-- Issues related to software or protocols not under Vaultwarden's control
-- Vulnerabilities in outdated versions of Vaultwarden
-- Missing security best practices that do not directly lead to a vulnerability (You may still report them as a normal issue)
-- Issues that do not have any impact on the general public
-
-While researching, we'd like to ask you to refrain from:
-
-- Denial of service
-- Spamming
-- Social engineering (including phishing) of Vaultwarden developers, contributors or users
-
-Thank you for helping keep Vaultwarden and our users safe!
-
-# How to contact us
-
-- You can contact us on Matrix https://matrix.to/#/#vaultwarden:matrix.org (users: `@danig:matrix.org` and/or `@blackdex:matrix.org`)
-- You can send an ![security-contact](/.github/security-contact.gif) to report a security issue.<br>
-  If you want to send an encrypted email you can use the following GPG key: 13BB3A34C9E380258CE43D595CB150B31F6426BC<br>
-  It can be found on several public GPG key servers.<br>
-    * https://keys.openpgp.org/search?q=security%40vaultwarden.org
-    * https://keys.mailvelope.com/pks/lookup?op=get&search=security%40vaultwarden.org
-    * https://pgpkeys.eu/pks/lookup?search=security%40vaultwarden.org&fingerprint=on&op=index
-    * https://keyserver.ubuntu.com/pks/lookup?search=security%40vaultwarden.org&fingerprint=on&op=index