Enabling U2F (and FIDO2 WebAuthn) authentication

Randall Mason edited on Feb 22, 2022.

To enable U2F and FIDO2 WebAuthn authentication, you must be serving vaultwarden from an HTTPS domain with a valid certificate (Either using the included HTTPS options or with a reverse proxy). We recommend using a free certificate from Let's Encrypt.

After that, you need to set the DOMAIN environment variable to the same address from where vaultwarden is being served:

docker run -d --name vaultwarden \
  -e DOMAIN=https://vw.domain.tld \
  -v /vw-data/:/data/ \
  -p 80:80 \
  vaultwarden/server:latest

Note that the value has to include the https:// and it may include a port at the end (in the format of https://vw.domain.tld:port) when not using 443.