Replies: 1 comment 8 replies
-
There is no Just use |
Beta Was this translation helpful? Give feedback.
8 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Subject of the issue
1.29.0 docker image: VAULTWARDEN_ADMIN_TOKEN vs ADMIN_TOKEN
Deployment environment
Then when I startup Vaultwarden, the log complains that I don't have a secure password:
But I am able to access /admin/
However, if, in order to get rid of the nasty log message, I use only VAULTWARDEN_ADMIN_TOKEN in .env, as such:
VAULTWARDEN_ADMIN_TOKEN=$argon2id$v=19$m=65540,t=3,p=4$MW84Wi9HakowU2c2UjRCYXduNGZUMlpUeS92SXV2eDk3MFgwaTBvNE5UST0$VCMT5AbHh0evoz9fyJEcdXgjRbGTCfyIzYSXz7s42qE
Then the log is clean on startup but a request to access /admin/ results in the following response:
<pre>The admin panel is disabled, please configure the 'ADMIN_TOKEN' variable to enable it</pre>
It seems I can only use ADMIN_TOKEN if I want /admin/ to be available, yet Vaultwarden still thinks it's insecure even though I'm using the
$argon2id$...
format.VAULTWARDEN_ADMIN_TOKEN being set correctly in .env does not make /admin/ available.
Steps to reproduce
We package vaultwarden for Start9's personal servers here so it's kind of a custom docker setup but I believe you can reproduce this if you simply:
Use 1.29.0 docker image and put either ADMIN_TOKEN or VAULTWARDEN_ADMIN_TOKEN only into .env
Expected behaviour
After reading this: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
I expected setting VAULTWARDEN_ADMIN_TOKEN was a valid way to have /admin/ work.
Alternatively, after setting this in .env:
ADMIN_TOKEN=$argon2id$v=19$m=65540,t=3,p=4$MW84Wi9HakowU2c2UjRCYXduNGZUMlpUeS92SXV2eDk3MFgwaTBvNE5UST0$VCMT5AbHh0evoz9fyJEcdXgjRbGTCfyIzYSXz7s42qE
... I expected vaultwarden to not complain in the log that my token is still insecure.
Actual behaviour
Described above
Beta Was this translation helpful? Give feedback.
All reactions