Bitwarden_rs on Heroku for Free!
Deploy Bitwarden_rs in Heroku for free via Github1
Features
- Build and deploy cutomized Bitwarden_rs image from source to Heroku via Github actions
- Add global Duo Security enablement for replica deployment as needed
- Maintanable updates with Git Hash for future updates
- Easily extendable for future tweaks
Usage
Usage is simple, fast, and user friendly!
Deployment
- Create a fork of this project
- Edit the
.github/workflows/deploy.yml
to enable/disable Duo and/or modify the checkout hash of bitwarden_rs upstream. - Go to your forked repo Settings > Secrets and add secrets for:
- HEROKU_API_KEY (yoru Heroku API key - can be found in Account Setings -> APi Keys)
- HEROKU_APP_NAME (the name of the Heroku application, this must be unqiue across Heroku and will fail if it is not) [Value alphanumerical]
- HEROKU_VERIFIED (required regardless, if you have added a credit card on, your account will be verified to use built in addons, if not please see "NON VERIFIED ACCOUNTS" section) [Value 0/1]
- Go to the Actions tab, select the BitwardenRSOnHerokuAIO_Deploy job and wait!
- Github Actions will run the job and begin deploying the app. This will take around 15 minutes.
- Congrats, you now having a fully functional Bitwarden_rs instance in Heroku!
Update
Updating is simple and can be done one of two ways:
- Running the workflow manually via Github Actions
- Making a commit to the main branch, forcing a Github Actions workflow to initiate
Either one of these will force the Github Actions workflow to run and update the app. If you need to modify to enable/disable settings, you shoudl re run it as well.
Non Verified Heroku Accounts
Non-verified Heroku accounts cannot use the built in Heroku addons, regardless if they are free or not. This just requires you to do a few more steps and use an outside resources. I have not personally vetted this service, but FreeMySQLHosting has free plans comparable to the JawsDB addon and should be sufficient for usage. It is suggested that regardless of whatever route you take, you take regular constructed backups of your Bitwarden Vault for safety.
Another service that @mizzunet has found working is freedb.tech. He has indicated successfuly results and they do not currently cap MySQL connections.
Signup via the website above and navigate to the home page, select your home region for database ("Select where you would like you database located.") and then create database. It will list the server hostname and relevant details. The password will be emailed to you. You will need to add a new Github repository secret for "OFFSITE_HEROKU_DB" in the format of mysql://USERNAME:PASSWORD@SERVER_HOSTNAME:SERVER_PORT/DATABASE_NAME
. If this field is not filled out properly, you will encounter issues and may be troublesome to debug. Verified users of Heroku benefit from having easier settup without issues. Additionally, you will need to modify HEROKU_VERIFIED
to 0 in order to trigger the offsite DB env var.
Why this was started
In this issues request, someone had inquired if it was possible to install Bitwarden_rs in Heroku. Unfortunately the dev team had not done this before and someone had tried but was unsccessful (due to port binding issues).
As my Bitwarden instance is a critical part of my daily workflow and part of acceptance from users in my group whom I need to share passwords with, high availability services are also an important part. I run a replica of Bitwarden on a cheap cloud server where I also take backups as well to S3, but seeing Heroku have a generous free tier, I was inclined to try this out!
Notes to consider
Your Bitwarden instance will go to sleep after 30 minutes of no activity. This should not be too bad of an issue due to the fact that you can maintain a local copy. However if you are adding, you may wish to have a cron job which polls your instance to keep it avaliable (read: Pingdom set to 15 minute intervals or any website status checker).
The JawsDB instance comes with 5MB of storage space. I found this sufficient enough for my own personal backups even with 700+ entries, two orgs, and 4 members. You may find if you are attaching content, that you might exceed this but I suggest attach files in base64 encoded content to preserve portability.