Bitwarden-compatible server running on Cloudflare Workers
Telegram Channel | Telegram Group
中文 | Contributing | Official wiki
Disclaimer
This project is for learning and discussion purposes only. Please back up your vault regularly.
This project is not affiliated with Bitwarden. Please do not report NodeWarden issues to the official Bitwarden team.
| Capability | Bitwarden (free) | NodeWarden | Notes |
|---|---|---|---|
| Web vault | ✅ | ✅ | Original Web Vault UI |
| TOTP | ❌ | ✅ | Includes steam:// support |
| PWA / offline | ❌ | ✅ | Installable, offline use, app shortcuts |
| Passkey login | ✅ | ✅ | WebAuthn/FIDO2 passwordless login |
| API keys | ✅ | ✅ | For Bitwarden CLI; create and rotate |
| Login 2FA | ✅ | ✅ | TOTP, YubiKey, Passkey |
| 2FA recovery codes | ✅ | ✅ | One-time codes to disable 2FA |
| Real-time push sync | ✅ | ✅ | Web, browser extension, desktop, and mobile stay in sync |
| Attachments / Send | ✅ | ✅ | Cloudflare R2 or KV |
| Import / export | ✅ | ✅ | Bitwarden JSON / CSV / ZIP import (including attachments) |
| Cloud backup center | ❌ | ✅ | Scheduled incremental backup via WebDAV / S3 |
| Device management | ✅ | ✅ | Remove devices, revoke trust, permanent trust |
| Login requests | ✅ | ✅ | Passwordless login approval across devices; cross-device unlock requests |
| Multi-user | ✅ | ✅ | Invite-code registration |
| Domain rules | ✅ | ✅ | Custom equivalent domains, global domain exclusions |
| Fill-assist | ✅ | ✅ | POST /fill-assist for client autofill assist; does not bypass vault unlock |
| Organizations / collections / member roles | ✅ | ❌ | Not implemented |
| SSO / SCIM / enterprise directory | ✅ | ❌ | Not implemented |
- ✅ Windows desktop
- ✅ Mobile app
- ✅ Browser extension
- ✅ Linux desktop
⚠️ macOS desktop not fully verified yet
- Fork the NodeWarden repository to your GitHub account
- Open Cloudflare Workers & Pages
- Choose Continue with GitHub and select your fork
- Set build command to
npm run buildand deploy command tonpm run deploy- For KV mode, change the deploy command to
npm run deploy:kv
- For KV mode, change the deploy command to
- After deployment finishes, open the generated Workers URL
-
The default Workers hostname may be unreachable on some networks. To use a custom domain, add it in Workers settings.
-
If the site reports a missing
JWT_SECRET, add it as a Secret in Workers settings. In production use a random string of at least 32 characters; do not use temporary or example values. -
In this flow you hand code to Cloudflare to build and deploy.
wrangler.tomlorwrangler.kv.tomlin the repo defines binding names; the Worker initializes the D1 schema on first request—no manual SQL upload.
Tip
Default R2 vs optional KV:
| Storage | Card required | Max single attachment / Send file | Free tier |
|---|---|---|---|
| R2 | Yes | 100 MB (soft limit, adjustable) | 10 GB |
| KV | No | 25 MiB (Cloudflare limit) | 1 GB |
- Manual: open your fork on GitHub; when the sync banner appears, click Sync fork → Update branch
git clone https://github.com/shuaiplus/NodeWarden.git
cd NodeWarden
npm install
npx wrangler login
# Default: R2 mode
npm run deploy
# Optional: KV mode
npm run deploy:kv
# Local development
npm run dev
npm run dev:kvLGPL-3.0 License
- Bitwarden - Original design and clients
- Vaultwarden - Server implementation reference
- Cloudflare Workers - Serverless platform