Setting all DUO_ environment variables does not enable duo integration #1680

New Issue

MrUnknownDE · 2026-04-06T02:12:25+02:00

MrUnknownDE commented

2026-04-06 02:12:25 +02:00

Originally created by @tommyalatalo on 3/27/2023

Subject of the issue

There are three Duo related environment variables, DUO_HOST, DUO_IKEY and DUO_SKEY which according to this template should enable the duo integration when all of the variables are set. This is not working and the user actually needs to set the undocumented variable _ENABLE_DUO to true in order to enable the integration.

Deployment environment

    ### Your environment (Generated via diagnostics page)
    * Vaultwarden version: v1.28.0
    * Web-vault version: v2023.3.0b
    * OS/Arch: linux/x86_64
    * Running within Docker: true (Base: Alpine)
    * Environment settings overridden: true
    * Uses a reverse proxy: true
    * IP Header check: true (X-Forwarded-For)
    * Internet access: true
    * Internet access via a proxy: false
    * DNS Check: true
    * Browser/Server Time Check: true
    * Server/NTP Time Check: true
    * Domain Configuration Check: true
    * HTTPS Check: true
    * Database type: PostgreSQL
    * Database version: PostgreSQL 9.6.24 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027, 64-bit
    * Clients used: 
    * Reverse proxy and version: 
    * Other relevant information: 


**Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, SHOW_PASSWORD_HINT, ADMIN_TOKEN, IP_HEADER, DUO_IKEY, DUO_SKEY, DUO_HOST, SMTP_HOST, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD

vaultwarden version: 1.28.0

Install method: Docker
Other relevant details:

Steps to reproduce

Configure container environment variables, including DUO_HOST, DUO_IKEY and DUO_SKEY
Start container
Go to admin panel and check the Global Duo settings and see that Duo is not enabled

Expected behaviour

Duo should be enabled automatically when DUO_HOST, DUO_IKEY and DUO_SKEY are set in the environment

Actual behaviour

Duo is not enabled automatically by the environment variables.

Troubleshooting data

The issue is likely due to this line in the conditional statement checking the Duo variables. It seems to set the conditional to true only if the undocumented variable _ENABLE_DUO is already true. A suggested solution would be to remove this part of the conditional to make the condition work as stated in the template.

*Originally created by @tommyalatalo on 3/27/2023* ### Subject of the issue There are three Duo related environment variables, `DUO_HOST`, `DUO_IKEY` and `DUO_SKEY` which according to [this](https://github.com/dani-garcia/vaultwarden/blob/main/.env.template#L354) template should enable the duo integration when all of the variables are set. This is not working and the user actually needs to set the undocumented variable `_ENABLE_DUO` to `true` in order to enable the integration. ### Deployment environment  ``` ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.28.0 * Web-vault version: v2023.3.0b * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Alpine) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: PostgreSQL * Database version: PostgreSQL 9.6.24 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027, 64-bit * Clients used: * Reverse proxy and version: * Other relevant information: **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, SHOW_PASSWORD_HINT, ADMIN_TOKEN, IP_HEADER, DUO_IKEY, DUO_SKEY, DUO_HOST, SMTP_HOST, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD ```    * vaultwarden version: 1.28.0  * Install method: Docker * Other relevant details: ### Steps to reproduce  1. Configure container environment variables, including `DUO_HOST`, `DUO_IKEY` and `DUO_SKEY` 2. Start container 3. Go to admin panel and check the `Global Duo settings` and see that Duo is not enabled ### Expected behaviour  Duo should be enabled automatically when `DUO_HOST`, `DUO_IKEY` and `DUO_SKEY` are set in the environment ### Actual behaviour  Duo is not enabled automatically by the environment variables. ### Troubleshooting data  The issue is likely due to [this line](https://github.com/dani-garcia/vaultwarden/blob/main/src/config.rs#L727) in the conditional statement checking the Duo variables. It seems to set the conditional to true only if the undocumented variable `_ENABLE_DUO` is already true. A suggested solution would be to remove this part of the conditional to make the condition work as stated in the template.

MrUnknownDE closed this issue

2026-04-06 02:12:25 +02:00

Sign in to join this conversation.

No Label enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement enhancement low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority low priority

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1680