You've already forked Vaultwarden
417 lines
13 KiB
Plaintext
417 lines
13 KiB
Plaintext
#
|
||
# Vaultwarden Configuration
|
||
#
|
||
|
||
# Option: [_duo_akey]
|
||
# Notes: DUO Application Key
|
||
# Values: [ NONE | KEY ] Default: ''
|
||
#
|
||
_DUO_AKEY=''
|
||
|
||
# Option: [admin_ratelimit_max_burst]
|
||
# Notes: Allow a burst of requests of up to this size, while maintaining
|
||
# the average indicated by 'admin_ratelimit_seconds'
|
||
# Values: [ NUMBER ] Default: '3'
|
||
#
|
||
ADMIN_RATELIMIT_MAX_BURST='3'
|
||
|
||
# Option: [admin_ratelimit_seconds]
|
||
# Notes: Number of seconds, on average, between admin requests from the
|
||
# same IP address before rate limiting kicks in.
|
||
# Values: [ SECONDS ] Default: '300'
|
||
#
|
||
ADMIN_RATELIMIT_SECONDS='300'
|
||
|
||
# Option: [admin_token]
|
||
# Notes: The plain text token or Argon2 PHC string used to authenticate
|
||
# in this very same page.
|
||
#
|
||
# Values: [ NONE | TOKEN ] Default: ''
|
||
#
|
||
ADMIN_TOKEN=''
|
||
|
||
# Option: [attachments_folder]
|
||
# Notes: Attachments folder.
|
||
# Values: [ FOLDER ] Default: '/var/lib/vaultwarden/attachments'
|
||
#
|
||
ATTACHMENTS_FOLDER='/var/lib/vaultwarden/attachments'
|
||
|
||
# Option: [data_folder]
|
||
# Notes: Main data folder.
|
||
# Values: [ FOLDER ] Default: '/var/lib/vaultwarden'
|
||
#
|
||
DATA_FOLDER='/var/lib/vaultwarden'
|
||
|
||
# Option: [database_conn_init]
|
||
# Notes: SQL statements to run when creating a new database connection,
|
||
# mainly useful for connection-scoped pragmas.
|
||
# Values: [ NONE | SQL ] Default: ''
|
||
#
|
||
DATABASE_CONN_INIT=''
|
||
|
||
# Option: [database_max_conns]
|
||
# Notes: Maximal number of connections at the same time.
|
||
# Values: [ SECONDS ] Default: '10'
|
||
#
|
||
DATABASE_MAX_CONNS='10'
|
||
|
||
# Option: [database_timeout]
|
||
# Notes: Number of seconds to try connect to the database before give up.
|
||
# Values: [ SECONDS ] Default: '30'
|
||
#
|
||
DATABASE_TIMEOUT='30'
|
||
|
||
# Option: [database_url]
|
||
# Notes: File or MySQL/PostgreSQL backend for database.
|
||
# Values: [ FILE | SQLCON ] Default: 'vaultwarden.sqlite'
|
||
#
|
||
DATABASE_URL='/var/lib/vaultwarden/server.sqlite'
|
||
#DATABASE_URL='mysql://<MYSQL_USER>:<MYSQL_PASSWORD>@<MYSQL_HOST>/<MYSQL_DATABASE>'
|
||
|
||
# Option: [db_connection_retries]
|
||
# Notes: Number of times to retry the database connection during startup,
|
||
# with 1 second between each retry, set to 0 to retry indefinitely.
|
||
# Values: [ NUMBER ] Default: '15'
|
||
#
|
||
DB_CONNECTION_RETRIES='15'
|
||
|
||
# Option: [disable_admin_token]
|
||
# Notes: Disables the Admin Token for the admin page so you may use your
|
||
# own auth in-front.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
DISABLE_ADMIN_TOKEN='false'
|
||
|
||
# Option: [domain_path]
|
||
# Notes: Domain URL Path - For Example in
|
||
# https://example.com:8443/path
|
||
# /path is the path.
|
||
# Values: [ NONE | PATH ] Default: ''
|
||
#
|
||
DOMAIN_PATH=''
|
||
|
||
# Option: [emergency_notification_reminder_schedule]
|
||
# Notes: Cron schedule of the job that sends expiration reminders to
|
||
# emergency access grantors.
|
||
# Values: [ NONE | CRON ] Default: '0 3 * * * *'
|
||
#
|
||
EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE='0 3 * * * *'
|
||
|
||
# Option: [emergency_request_timeout_schedule]
|
||
# Notes: Cron schedule of the job that grants emergency access
|
||
# requests that have met the required wait time.
|
||
# Values: [ NONE | CRON ] Default: '0 7 * * * *'
|
||
#
|
||
EMERGENCY_REQUEST_TIMEOUT_SCHEDULE='0 7 * * * *'
|
||
|
||
# Option: [enable_db_wal]
|
||
# Notes: Set SQLite to operate in WAL mode.
|
||
# Values: [ TRUE | FALSE ] Default: 'true'
|
||
#
|
||
ENABLE_DB_WAL='true'
|
||
|
||
# Option: [event_cleanup_schedule]
|
||
# Notes: Cron schedule of the job that cleans old events from the
|
||
# event table.
|
||
# Values: [ NONE | CRON ] Default: '0 10 0 * * *'
|
||
#
|
||
EVENT_CLEANUP_SCHEDULE='0 10 0 * * *'
|
||
|
||
# Option: [events_days_retain]
|
||
# Notes: Number of days to retain events stored in the database.
|
||
# Values: [ NONE | DAYS ] Default: ''
|
||
#
|
||
EVENTS_DAYS_RETAIN=''
|
||
|
||
# Option: [experimental_client_feature_flags]
|
||
# Notes: Enable experimental feature flags for clients.
|
||
# This is a comma-separated list of flags, e.g. "flag1,flag2,flag3".
|
||
# The following flags are available:
|
||
# - inline-menu-positioning-improvements Enable the use of inline menu password generator
|
||
# and identity suggestions in the browser extension.
|
||
# - inline-menu-totp Enable the inline menu TOTP codes in the browser
|
||
# extension.
|
||
# - ssh-agent Enable SSH agent support on Desktop.
|
||
# - ssh-key-vault-item Enable the creation and use of SSH key vault
|
||
# items.
|
||
# - export-attachments Enable support for exporting attachments.
|
||
# - anon-addy-self-host-alias Enable configuring self-hosted Anon Addy alias
|
||
# generator.
|
||
# - simple-login-self-host-alias Enable configuring self-hosted Simple Login alias
|
||
# generator.
|
||
# - mutual-tls Enable the use of mutual TLS on Android.
|
||
# Values: [ FLAGS ] Default: 'fido2-vault-credentials'
|
||
#
|
||
EXPERIMENTAL_CLIENT_FEATURE_FLAGS='fido2-vault-credentials'
|
||
|
||
# Option: [extended_logging]
|
||
# Notes: State of extended logging.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
EXTENDED_LOGGING='false'
|
||
|
||
# Option: [icon_cache_folder]
|
||
# Notes: Icon Cache folder.
|
||
# Values: [ FOLDER ] Default: '/var/lib/vaultwarden/icon_cache'
|
||
#
|
||
ICON_CACHE_FOLDER='/var/cache/vaultwarden'
|
||
|
||
# Option: [icon_service]
|
||
# Notes: The predefined icon services are:
|
||
# internal | bitwarden | duckduckgo | google
|
||
# To specify a custom icon service, set a URL template with
|
||
# exactly one instance of '{}', which is replaced with the domain.
|
||
# For example: 'https://icon.example.com/domain/{}'
|
||
# 'internal' refers to Vaultwarden's built-in icon fetching
|
||
# implementation. If an external service is set, an icon request
|
||
# to Vaultwarden will return an HTTP redirect to the corresponding
|
||
# icon at the external service.
|
||
# Values: [ INTERNAL | BITWARDEN | DUCKDUCKGO | GOOGLE | IP/FQDN ] Default: 'internal'
|
||
#
|
||
ICON_SERVICE='internal'
|
||
|
||
# Option: [incomplete_2fa_schedule]
|
||
# Notes: Cron schedule of the job that checks for incomplete 2FA logins.
|
||
# Values: [ NONE | CRON ] Default: '30 * * * * *'
|
||
#
|
||
INCOMPLETE_2FA_SCHEDULE='30 * * * * *'
|
||
|
||
# Option: [invitation_expiration_hours]
|
||
# Notes: The number of hours after which an organization invite token,
|
||
# emergency access invite token, email verification token and
|
||
# deletion request token will expire (must be at least 1)
|
||
# Values: [ HOURS ] Default: '3'
|
||
#
|
||
INVITATION_EXPIRATION_HOURS='3'
|
||
|
||
# Option: [job_poll_interval_ms]
|
||
# Notes: How often the job scheduler thread checks for jobs to run.
|
||
# Values: [ 0 | MILLISECONDS ] Default: '30000'
|
||
#
|
||
JOB_POLL_INTERVAL_MS='30000'
|
||
|
||
# Option: [log_file]
|
||
# Notes: Looging output to file.
|
||
# Values: [ FILE ] Default: 'vaultwarden.log'
|
||
#
|
||
LOG_FILE='/var/log/vaultwarden/vaultwarden.log'
|
||
|
||
# Option: loglevel
|
||
# Notes: Set the log level output.
|
||
# ERROR
|
||
# WARN
|
||
# INFO
|
||
# DEBUG
|
||
# TRACE
|
||
# Values: [ LEVEL ] Default: 'info'
|
||
#
|
||
LOG_LEVEL='info'
|
||
|
||
# Option: [login_ratelimit_max_burst]
|
||
# Notes: Allow a burst of requests of up to this size, while maintaining
|
||
# the average indicated by 'login_ratelimit_seconds'.
|
||
# Values: [ NUMBER ] Default: '10'
|
||
#
|
||
LOGIN_RATELIMIT_MAX_BURST='10'
|
||
|
||
# Option: [login_ratelimit_seconds]
|
||
# Notes: Number of seconds, on average, between login and 2FA requests
|
||
# from the same IP address before rate limiting kicks in.
|
||
# Values: [ SECONDS ] Default: '60'
|
||
#
|
||
LOGIN_RATELIMIT_SECONDS='60'
|
||
|
||
# Option: [org_events_enabled]
|
||
# Notes: Set state of event logging for organizations.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
ORG_EVENTS_ENABLED='true'
|
||
|
||
# Option: [org_groups_enabled]
|
||
# Notes: Set state of groups support for organizations.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
ORG_GROUPS_ENABLED='true'
|
||
|
||
# Option: [push_enabled]
|
||
# Notes: State of push notifications.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
PUSH_ENABLED='false'
|
||
|
||
# Option: [push_installation_id]
|
||
# Notes: Installation ID
|
||
# See: https://bitwarden.com/host
|
||
# Values: [ NONE | ID ] Default: ''
|
||
#
|
||
PUSH_INSTALLATION_ID=''
|
||
|
||
# Option: [push_installation_key]
|
||
# Notes: Installation Key
|
||
# See: https://bitwarden.com/host
|
||
# Values: [ NONE | KEY ] Default: ''
|
||
#
|
||
PUSH_INSTALLATION_KEY=''
|
||
|
||
# Option: [push_relay_uri]
|
||
# Notes: Addres for push notifications relay server.
|
||
# Values: [ NONE | IP/FQDN ] Default: 'https://api.bitwarden.eu'
|
||
#
|
||
PUSH_RELAY_URI='https://api.bitwarden.eu'
|
||
|
||
# Option: [push_identity_uri]
|
||
# Notes: Addres for push notifications identity server.
|
||
# Values: [ NONE | IP/FQDN ] Default: 'https://identity.bitwarden.eu'
|
||
#
|
||
PUSH_IDENTITY_URI='https://identity.bitwarden.eu'
|
||
|
||
# Option: [rsa_key_filename]
|
||
# Notes: Name of RSA keyfile.
|
||
# Values: [ FILE ] Default: 'rsa_key'
|
||
#
|
||
RSA_KEY_FILENAME='/var/lib/vaultwarden/vaultwarden'
|
||
|
||
# Option: [send_purge_schedule]
|
||
# Notes: Cron schedule of the job that checks for Sends past their
|
||
# deletion date.
|
||
# Values: [ NONE | CRON ] Default: '0 5 * * * *'
|
||
#
|
||
SEND_PURGE_SCHEDULE='0 5 * * * *'
|
||
|
||
# Option: [sends_folder]
|
||
# Notes: Sends folder.
|
||
# Values: [ FOLDER ] Default: '/var/lib/vaultwarden/sends'
|
||
#
|
||
SENDS_FOLDER='/var/lib/vaultwarden/sends'
|
||
|
||
# Option: [smtp_debug]
|
||
# Notes: State of detailed SMTP messages. This could contain sensitive
|
||
# information like passwords and usernames!
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
SMTP_DEBUG='false'
|
||
|
||
# Option: [sso_enabled]
|
||
# Notes: Controls whether users can login using an OpenID Connect
|
||
# identity provider.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
SSO_ENABLED='false'
|
||
|
||
# Option: [sso_only]
|
||
# Notes: Prevent users from logging in directly without going through
|
||
# SSO.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
SSO_ONLY='false'
|
||
|
||
# Option: [sso_signups_match_email]
|
||
# Notes: On SSO Signup if a user with a matching email already exists
|
||
# make the association.
|
||
# Values: [ TRUE | FALSE ] Default: 'true'
|
||
#
|
||
SSO_SIGNUPS_MATCH_EMAIL='true'
|
||
|
||
# Option: [sso_authority]
|
||
# Notes: Base URL of the OIDC server.
|
||
# Values: [ NONE | IP/FQDN ] Default: ''
|
||
#
|
||
SSO_AUTHORITY=''
|
||
|
||
# Option: [sso_scopes]
|
||
# Notes: Authorization request scopes.
|
||
# Values: [ SCOPES ] Default: 'email profile'
|
||
#
|
||
SSO_SCOPES='email profile'
|
||
|
||
# Option: [sso_authorize_extra_params]
|
||
# Notes: Authorization request scopes.
|
||
# Values: [ PARAMETER ] Default: 'access_type=offline&prompt=consent'
|
||
#
|
||
SSO_AUTHORIZE_EXTRA_PARAMS="access_type=offline&prompt=consent"
|
||
|
||
# Option: [sso_pkce]
|
||
# Notes: Activate PKCE for the Auth Code flow.
|
||
# Values: [ TRUE | FALSE ] Default: 'true'
|
||
#
|
||
SSO_PKCE='true'
|
||
|
||
# Option: [sso_audience_trusted]
|
||
# Notes: Regex for additional trusted Id token audience.
|
||
# Values: [ REGEX ] Default: '^$'
|
||
#
|
||
SSO_AUDIENCE_TRUSTED='^$'
|
||
|
||
# Option: [sso_client_id]
|
||
# Notes: SSO Client ID
|
||
# Values: [ NONE | ID ] Default: ''
|
||
#
|
||
SSO_CLIENT_ID=''
|
||
|
||
# Option: [sso_client_secret]
|
||
# Notes: SSO Client Key.
|
||
# Values: [ NONE | KEY ] Default: ''
|
||
#
|
||
SSO_CLIENT_SECRET=''
|
||
|
||
# Option: [sso_master_password_policy]
|
||
# Notes: Optional Master password policy.
|
||
# Values: [ POLICY ] Default: '{"enforceOnLogin":false,"minComplexity":3,"minLength":12,"requireLower":false,"requireNumbers":false,"requireSpecial":false,"requireUpper":false}'
|
||
#
|
||
SSO_MASTER_PASSWORD_POLICY='{"enforceOnLogin":false,"minComplexity":3,"minLength":12,"requireLower":false,"requireNumbers":false,"requireSpecial":false,"requireUpper":false}'
|
||
|
||
# Option: [sso_auth_only_not_session]
|
||
# Notes: Use sso only for authentication not the session lifecycle.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
SSO_AUTH_ONLY_NOT_SESSION='false'
|
||
|
||
# Option: [sso_client_cache_expiration]
|
||
# Notes: Client cache for discovery endpoint.
|
||
# Values: [ SECONDS ] Default: '0'
|
||
#
|
||
SSO_CLIENT_CACHE_EXPIRATION='0'
|
||
|
||
# Option: [sso_debug_tokens]
|
||
# Notes: Log all the tokens, LOG_LEVEL=debug is required.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
SSO_DEBUG_TOKENS='false'
|
||
|
||
# Option: [templates_folder]
|
||
# Notes: Templates folder.
|
||
# Values: [ FOLDER ] Default: '/usr/lib/vaultwarden/templates'
|
||
#
|
||
TEMPLATES_FOLDER='/usr/lib/vaultwarden/templates'
|
||
|
||
# Option: [tmp_folder]
|
||
# Notes: Temporary folder used for storing temporary file uploads.
|
||
# Values: [ FOLDER ] Default: '/var/lib/vaultwarden/tmp'
|
||
#
|
||
TMP_FOLDER='/tmp'
|
||
|
||
# Option: [trash_purge_schedule]
|
||
# Notes: Cron schedule of the job that checks for trashed items to delete
|
||
# permanently.
|
||
# Values: [ NONE | CRON ] Default: '0 5 0 * * *'
|
||
#
|
||
TRASH_PURGE_SCHEDULE='0 5 0 * * *'
|
||
|
||
# Option: [use_syslog]
|
||
# Notes: State of logging output to syslog.
|
||
# Values: [ TRUE | FALSE ] Default: 'false'
|
||
#
|
||
USE_SYSLOG='false'
|
||
|
||
# Option: [web_vault_enabled]
|
||
# Notes: State of Web Vault.
|
||
# Values: [ TRUE | FALSE ] Default: 'true'
|
||
#
|
||
WEB_VAULT_ENABLED='true'
|
||
|
||
# Option: [web_vault_folder]
|
||
# Notes: Web Vault folder.
|
||
# Values: [ FOLDER ] Default: '/usr/lib/vaultwarden/web-vault'
|
||
#
|
||
WEB_VAULT_FOLDER='/usr/lib/vaultwarden/web-vault'
|