Vaultwarden

Vaultwarden is a Bitwarden server used to store account credentials. It can be accessed at https://vault.cssbham.com.

It is running in a Docker container on tex-drug-den.

An existing admin on Vaultwarden must enrol a new user.

1. Log in to https://vault.cssbham.com
2. Head to the CSS organisation's admin console by clicking on 'Admin Console' in the bottom left
3. Click on 'Members' and add their student email (xxx@student.bham.ac.uk)
   1. If this user is also responsible / capable of administering CSS' infrastructure, then choose the 'Owner' role
   2. Otherwise, choose the 'User' role
4. Click on 'save'.

The user will receive an email invitation within a few minutes, this must be accepted within 5 days. Once they have accepted the invitation:

1. Return to the 'Members' page
2. Click on 'Needs confirmation'
3. Verify the users account fingerprint is correct and confirm the user
   1. This is to make sure the person you sent the invite to is actually them
4. Click on the user, click on collections, and add the 'CSS Credentials' collection at a permission level of 'Can edit' or greater

If someone have forgotten their master password, then it cannot be recovered. You will need to delete the user and follow the steps above again.

The Vaultwarden admin interface can be accessed at https://vault.cssbham.com/admin. The secret token is stored only on the server itself. You can find it within the Docker start parameters.

Note that this is different to the 'Admin Console' which organisations have. This admin interface is concerned with the administration of the actual server itself, unlike the organisation admin interface.

Vaultwarden requires functioning email sending to be able to invite users. It is for this reason we have a Mailjet account.