After looking through some password managers solutions I came across bitwarden. This password manager can be implemented as virtual machine or as a container. I chose to configure it as a container with. But not with docker but with podman. Both have their strength and weakness but I chose podman because it seems as though it will over take docker in the near future and is mostly tied into kubernetes. I won’t get into the specifics of each here, I’ll save for it another post.

The Setup

OS: fedora 33 server running on a kvm virtual machine. Since its only running a password manager I just gave 2vcpu and 4GB of memory.

I chose fedora cause its been rock solid lately with their releases. Only thing is their release cycle which is every six months but shouldn’t be an issue since I once upgraded from fedora 25 to fedora 30 straight through with no issues.

Install and Encryption:

I went through the installer using all of the 20GB virtual disk (qcow2) and encrypting it with LUKS2 using LVM.

Bitwarden

I initally tried to bypass the use of ssl with bitwarden after going through another tutorial on setting up, but as it turns you need in order for it to run. So you will need to create a ssl key pair and then point to location of both crt and key files.

The command to run the the container ends up looking like this:

podman run -d --name bitwarden -e ROCKET_TLS='{certs="/ssl/bw.crt",key="/ssl/bw.key"}' -v /ssl/keys/:/ssl/ -v /bw-data/:/data/ -p 192.168.1.x:443:80 bitwardenrs/server:latest

In order it for it to be accessable on your network I created an interface and applied to my br0 interface to make routable. I created a script to put everything together and so that I dont have to run the commands every time I want to create the interface and run the container.

#!/bin/bash
set -x

#podman run -d --name bitwarden -e ROCKET_TLS='{certs="/ssl/bw.crt",key="/ssl/bw.key"}' -v /ssl/keys/:/ssl/ -v /bw-data/:/data/ -p 192.168.1.x:443:80 bitwardenrs/server:latest

bwip=`ip -4 a | grep -v lo -A 6 | grep inet | awk '{print $2}' | grep .214`
bwint=$(ip addr add 192.168.1.x dev enp1s0)

echo -e "This is script is intended to start the bitwarden password manager.."
if (( $EUID != 0 )); then
    echo "Please run as root"
    exit
else
    echo -e "proceeding to start bw container, and adding interface to br0"
    sleep 2
    echo -e "adding interface.. $bwint" 
    if [ $? -eq 0 ]; then 
        echo -e "additional interface added.."
        sleep 3
        echo $bwip 
        sleep 2 
        echo -e "starting bw podmang container.."
        podman container start bitwarden
        echo -e "verifying that container is running.."
        podman  ps -a
   fi
fi

To view the if the container is up and running type podman ps -a which should give you the health and status of the container. You should now be able to access it in your browser by going to https://ip.address.of.container