-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Enabling Yubikey OTP authentication
Proxymiity ☆ edited this page Apr 29, 2021
·
6 revisions
To enable YubiKey authentication, you must set the YUBICO_CLIENT_ID and YUBICO_SECRET_KEY env variables.
If YUBICO_SERVER is not specified, it will use the default YubiCloud servers. You can generate YUBICO_CLIENT_ID and YUBICO_SECRET_KEY for the default YubiCloud here.
Notes:
- In order to generate API keys or use a YubiKey with an OTP server, it must be registered. After configuring your key in the YubiKey Personalization Tool, you can register it with the default servers here.
- aarch64 builds of the server version 1.6.0 or older do not support Yubikey functionality due to upstream issues - see #262.
docker run -d --name bitwarden \
-e YUBICO_CLIENT_ID=12345 \
-e YUBICO_SECRET_KEY=ABCDEABCDEABCDEABCDE= \
-v /vw-data/:/data/ \
-p 80:80 \
vaultwarden/server:latest- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration