starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1114] Deleting the admin_token in the webpanel deletes the whole admin_token key in the config.json file #787

New issue
Closed
opened 2026-03-03 02:03:12 +03:00 by kerem · 8 comments
kerem commented 2026-03-03 02:03:12 +03:00
Owner
Copy link

Originally created by @szaimen on GitHub (Aug 25, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1114

Subject of the issue

Deleting the admin_token in the webpanel deletes the whole admin_token key in the config.json file

To reproduce:

  1. open the admin panel and change a value and press on save
  2. delete the admin token from admin panel and save again
  3. see that the whole key was removed from the config.json file

Your environment

  • Bitwarden_rs version: 1.16.3
  • Install method: docker
  • Clients used:
  • Reverse proxy and version:
  • Version of mysql/postgresql:
  • Other relevant information:

Steps to reproduce

docker run -d --name bitwarden_rs \
  --user nobody \
  -e ADMIN_TOKEN="$ADMIN_PASS" \
  -e SIGNUPS_VERIFY=true \
  -e DOMAIN="https://$SUBDOMAIN" \
  -e SIGNUPS_ALLOWED=false \
  -p 1024:1024 \
  -e ROCKET_PORT=1024 \
  -e WEBSOCKET_ENABLED=true \
  -p 3012:3012 \
  -e LOG_FILE=/data/bitwarden.log \
  -e LOG_LEVEL=warn \
  -v /home/bitwarden_rs/:/data/ \
  -v /etc/timezone:/etc/timezone:ro \
  -v /etc/localtime:/etc/localtime:ro \
  --restart always \
  bitwardenrs/server:latest

Expected behaviour

Instead of deleting the whole key, it should just restore the default admin_token to the config.json file
(set the value of admin_token to the password-string that was set during the initial startup)

Actual behaviour

it just deletes the whole key, so that this key is missing from the json file.

Relevant logs

Originally created by @szaimen on GitHub (Aug 25, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1114 ### Subject of the issue <!-- Describe your issue here.--> Deleting the admin_token in the webpanel deletes the whole admin_token key in the config.json file To reproduce: 1. open the admin panel and change a value and press on save 2. delete the admin token from admin panel and save again 3. see that the whole key was removed from the config.json file ### Your environment <!-- The version number, obtained from the logs or the admin page --> * Bitwarden_rs version: 1.16.3 <!-- How the server was installed: Docker image / package / built from source --> * Install method: docker * Clients used: <!-- if applicable --> * Reverse proxy and version: <!-- if applicable --> * Version of mysql/postgresql: <!-- if applicable --> * Other relevant information: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start bitwarden_rs? --> ``` docker run -d --name bitwarden_rs \ --user nobody \ -e ADMIN_TOKEN="$ADMIN_PASS" \ -e SIGNUPS_VERIFY=true \ -e DOMAIN="https://$SUBDOMAIN" \ -e SIGNUPS_ALLOWED=false \ -p 1024:1024 \ -e ROCKET_PORT=1024 \ -e WEBSOCKET_ENABLED=true \ -p 3012:3012 \ -e LOG_FILE=/data/bitwarden.log \ -e LOG_LEVEL=warn \ -v /home/bitwarden_rs/:/data/ \ -v /etc/timezone:/etc/timezone:ro \ -v /etc/localtime:/etc/localtime:ro \ --restart always \ bitwardenrs/server:latest ``` ### Expected behaviour <!-- Tell us what should happen --> Instead of deleting the whole key, it should just restore the default admin_token to the config.json file (set the value of admin_token to the password-string that was set during the initial startup) ### Actual behaviour <!-- Tell us what happens instead --> it just deletes the whole key, so that this key is missing from the json file. ### Relevant logs <!-- Share some logfiles, screenshots or output of relevant programs with us. -->
kerem closed this issue 2026-03-03 02:03:13 +03:00
kerem commented 2026-03-03 02:03:13 +03:00
Author
Owner
Copy link

@dani-garcia commented on GitHub (Aug 28, 2020):

What do you mean the default admin token? By default it's disabled, if you configure it with an environment variable, then deleting it from the admin page will use the value from the environment variable, but it won't save it to disk.

<!-- gh-comment-id:682990819 --> @dani-garcia commented on GitHub (Aug 28, 2020): What do you mean the default admin token? By default it's disabled, if you configure it with an environment variable, then deleting it from the admin page will use the value from the environment variable, but it won't save it to disk.
kerem commented 2026-03-03 02:03:13 +03:00
Author
Owner
Copy link

@szaimen commented on GitHub (Aug 30, 2020):

What I mean is the following:

  1. create an admin-token as environmental variable during the initial startup of the container
  2. access the admin panel by using this admin-token
  3. change the admin_token to something else
  4. press save
  5. now the config.json file is existing and the current admin_token is also written to the file
  6. access the admin-panel again
  7. delete the whole admin_token (to reset it to the default)
  8. Save the config
  9. now look into the config.json file and see that the whole admin_token entry is gone

I guess better whould be, if it was just changed back to the initial value and not just deleted

<!-- gh-comment-id:683452324 --> @szaimen commented on GitHub (Aug 30, 2020): What I mean is the following: 1. create an admin-token as environmental variable during the initial startup of the container 2. access the admin panel by using this admin-token 3. change the admin_token to something else 4. press save 5. now the config.json file is existing and the current admin_token is also written to the file 6. access the admin-panel again 7. delete the whole admin_token (to reset it to the default) 8. Save the config 9. now look into the config.json file and see that the whole admin_token entry is gone I guess better whould be, if it was just changed back to the initial value and not just deleted
kerem commented 2026-03-03 02:03:13 +03:00
Author
Owner
Copy link

@szaimen commented on GitHub (Aug 30, 2020):

On the other hand: if the initial admin_token is stored inside the database, I guess it is completely okay, to do it this way.
So is the initial admin_token stored inside the database?
Edit: it doesn't seem to be the case.

<!-- gh-comment-id:683452328 --> @szaimen commented on GitHub (Aug 30, 2020): ~~On the other hand: if the initial admin_token is stored inside the database, I guess it is completely okay, to do it this way. So is the initial admin_token stored inside the database?~~ Edit: it doesn't seem to be the case.
kerem commented 2026-03-03 02:03:14 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Oct 9, 2020):

@szaimen, but are you still able to login using the default admin key set as an env to login? Or are you not able to login at all anymore?

<!-- gh-comment-id:706415974 --> @BlackDex commented on GitHub (Oct 9, 2020): @szaimen, but are you still able to login using the _default_ admin key set as an env to login? Or are you not able to login at all anymore?
kerem commented 2026-03-03 02:03:14 +03:00
Author
Owner
Copy link

@szaimen commented on GitHub (Oct 10, 2020):

but are you still able to login using the default admin key set as an env to login?

Yes, this works but it is bad for restore scenarios if you use docker (not docker-compose) and have lost the initial password.

<!-- gh-comment-id:706588228 --> @szaimen commented on GitHub (Oct 10, 2020): > but are you still able to login using the _default_ admin key set as an env to login? Yes, this works but it is bad for restore scenarios if you use docker (not docker-compose) and have lost the initial password.
kerem commented 2026-03-03 02:03:14 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Oct 11, 2020):

If you use docker then you just lookup the env value in the configuration. Or you start a new docker with a different admin token.

Removing the token means no access at all. So even if we did disregard the env value, you can't login at all anymore. So that is probably as worse as reverting to the previous token.

<!-- gh-comment-id:706662927 --> @BlackDex commented on GitHub (Oct 11, 2020): If you use docker then you just lookup the env value in the configuration. Or you start a new docker with a different admin token. Removing the token means no access at all. So even if we did disregard the env value, you can't login at all anymore. So that is probably as worse as reverting to the previous token.
kerem commented 2026-03-03 02:03:14 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Oct 11, 2020):

ps, if you really want to extract the current env values from a linux host, you could use

ps auxe | grep CONTAINER_NAME
<!-- gh-comment-id:706663313 --> @BlackDex commented on GitHub (Oct 11, 2020): ps, if you really want to extract the current env values from a linux host, you could use ```bash ps auxe | grep CONTAINER_NAME ```
kerem commented 2026-03-03 02:03:14 +03:00
Author
Owner
Copy link

@szaimen commented on GitHub (Oct 11, 2020):

Hey, thanks for the advices! These don't fix the problem but I guess you are not willing to implement this. I will have to workaround this differently. So closing!

<!-- gh-comment-id:706681072 --> @szaimen commented on GitHub (Oct 11, 2020): Hey, thanks for the advices! These don't fix the problem but I guess you are not willing to implement this. I will have to workaround this differently. So closing!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#787
No description provided.