github/vaultwarden
1
1
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-05 20:31:58 +02:00
Code Issues 48 Packages Projects Releases Wiki Activity

Admin token Argon2 hashing support #1723

New Issue
Closed
opened 2026-04-06 02:16:52 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-06 02:16:52 +02:00
Owner
Copy Link

Originally created by @BlackDex on 2/28/2023

Added support for Argon2 hashing support for the ADMIN_TOKEN instead of only supporting a plain text string.

The hash must be a PHC string which can be generated via the argon2 CLI or via the also built-in hash command in Vaultwarden.

You can simply run vaultwarden hash to generate a hash based upon a password the user provides them self.

Added a warning during startup and within the admin settings panel is the ADMIN_TOKEN is not an Argon2 hash.

Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the ADMIN_TOKEN has be converted to an Argon2 hash.

I have also tested this on my RaspberryPi 2b and there the Bitwarden preset takes almost 4.5 seconds to generate/verify the Argon2 hash.

Using the OWASP preset it is below 1 second, which I think should be fine for low-graded hardware.
If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run.
They can always use the argon2 CLI and generate a faster hash.

Examples

ADMIN_TOKEN='$argon2i$v=19$m=4096,t=3,p=1$Saf.....'
ADMIN_TOKEN='$argon2d$v=19$m=4096,t=3,p=1$drh.....'
ADMIN_TOKEN='$argon2id$v=19$m=4096,t=3,p=1$ds.....'

I also created some documentation on the wiki regarding this feature already.
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token

*Originally created by @BlackDex on 2/28/2023* Added support for Argon2 hashing support for the `ADMIN_TOKEN` instead of only supporting a plain text string. The hash must be a PHC string which can be generated via the `argon2` CLI **or** via the also built-in hash command in Vaultwarden. You can simply run `vaultwarden hash` to generate a hash based upon a password the user provides them self. Added a warning during startup and within the admin settings panel is the `ADMIN_TOKEN` is not an Argon2 hash. Within the admin environment a user can ignore that warning and it will not be shown for at least 30 days. After that the warning will appear again unless the `ADMIN_TOKEN` has be converted to an Argon2 hash. I have also tested this on my RaspberryPi 2b and there the `Bitwarden` preset takes almost 4.5 seconds to generate/verify the Argon2 hash. Using the `OWASP` preset it is below 1 second, which I think should be fine for low-graded hardware. If it is needed people could use lower memory settings, but in those cases I even doubt Vaultwarden it self would run. They can always use the `argon2` CLI and generate a faster hash. Examples ```bash ADMIN_TOKEN='$argon2i$v=19$m=4096,t=3,p=1$Saf.....' ADMIN_TOKEN='$argon2d$v=19$m=4096,t=3,p=1$drh.....' ADMIN_TOKEN='$argon2id$v=19$m=4096,t=3,p=1$ds.....' ``` I also created some documentation on the wiki regarding this feature already. https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
SSO
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
Third party
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
better for forum
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
documentation
documentation
documentation
documentation
documentation
duplicate
duplicate
duplicate
duplicate
duplicate
duplicate
duplicate
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
future Vault
future Vault
future Vault
future Vault
future Vault
future Vault
future Vault
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
hacktoberfest-accepted
hacktoberfest-accepted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
low priority
notes
notes
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
question
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
troubleshooting
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/vaultwarden#1723
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?