Managed hosting from
£25/month +VAT
Small resource profile: 1 vCPU, 2 GB RAM, 10 GB SSD storage. Typically suits organisations of up to a few hundred vault users. Deployment, upgrades, daily backups, monitoring, SSL and UK hosting included, with no per-user fees. How our pricing works
Every password your company has, on a server someone else runs?
Password managers hold the keys to everything else, which makes the choice of where that vault lives a security decision, not a procurement detail. 1Password and LastPass charge per user per month to hold your credentials in their cloud, and LastPass has shown what a breach of a hosted vault service looks like. Vaultwarden is the open source alternative: a lightweight server compatible with the official Bitwarden apps, self-hosted so your encrypted vaults stay on UK infrastructure you control. Node runs it for you as a managed service.
What Vaultwarden is
Vaultwarden is an open source implementation of the Bitwarden server, written in Rust and light enough to serve a whole company from modest hardware. Because it implements the Bitwarden APIs, your staff use the official Bitwarden clients they may already know: browser extensions with autofill, desktop apps, and mobile apps with biometric unlock, all simply pointed at your own server instead of Bitwarden's cloud.
The security model is end-to-end encryption. Vaults are encrypted and decrypted on the user's device with keys derived from their master password, so the server only ever stores ciphertext. Neither Node nor anyone with access to the infrastructure can read a single credential.
For teams, Vaultwarden supports Bitwarden's organisation model: shared collections with per-team access, so the marketing logins, the finance credentials and the infrastructure secrets each reach exactly the people who should have them. It also supports two-factor authentication, TOTP storage and secure sharing, covering what most organisations buy a commercial password manager for.
Why self-hosted Vaultwarden instead of 1Password or LastPass
No per-user pricing: commercial password managers charge per user per month, at the time of writing typically several pounds per seat for business tiers, so protecting more staff costs more every month, forever. Vaultwarden managed by Node is a flat cost across the whole organisation.
Your vault server, not a shared target: hosted password services concentrate millions of companies' vaults behind one vendor's perimeter, which is precisely why they attract sophisticated attacks. A self-hosted Vaultwarden instance is yours alone: a dramatically smaller and quieter target.
UK data residency: encrypted vault data stays on UK infrastructure with an Article 28 data processing agreement in place, a clean answer for security questionnaires and regulated environments.
The clients people already know: because Vaultwarden works with the official Bitwarden apps and browser extensions, staff get first-class autofill and mobile access with nothing unfamiliar to learn, and adoption is the easy part.
No lock-in: vaults export in standard Bitwarden formats, and the server is open source. If circumstances change you can move to another Bitwarden-compatible setup without ransoming your own credentials.
Password management your staff will actually use
Security tools fail when people route around them, and password managers live or die on convenience. The Bitwarden extensions autofill credentials in the browser, generate strong unique passwords at signup, and sync across desktop and mobile, so the secure path is also the easy path. Shared collections end the spreadsheet of team logins, admins can enforce two-factor authentication, and when someone leaves, their access to shared credentials is revoked in one action rather than a frantic audit of what they knew.
Keycloak and single sign-on
Every application in a Node tenant joins your organisation's own Keycloak realm on our platform, so admin and tenant access is governed by your corporate identity, with MFA and central revocation. Staff vaults themselves are unlocked in the standard Bitwarden apps with each user's master password, which is what keeps the encryption genuinely end-to-end. Vaultwarden sits naturally alongside the rest of our security and identity services.
How Node runs Vaultwarden for you
Deployment: we deploy Vaultwarden in a hardened production configuration with TLS, your domain, admin controls and organisation structure set up, ready for staff to connect their Bitwarden apps.
Upgrades and maintenance: we track Vaultwarden and Bitwarden client compatibility, test and apply server upgrades, and keep the instance patched without interrupting access to vaults.
Monitoring and support: we monitor availability and take encrypted backups of the vault database on a schedule, because a password manager that is down locks your business out of everything else. Our UK team supports your administrators.
Your infrastructure or ours: hosted on Node's UK infrastructure or deployed into your own environment, on-premises or in your cloud accounts, with the same managed service either way.
The economics of per-seat security: commercial password managers bill by headcount, so a 50-person company pays hundreds of pounds a month, every month, to rent access to its own credentials, and the price scales with every hire. A managed Vaultwarden deployment from Node is a flat monthly cost for the whole organisation, with the encrypted vaults on UK infrastructure you control. Protect everyone, pay the same.
Adoption and community
60k+ GitHub stars According to Docker Hub, Vaultwarden's official server image has been pulled more than 300 million times, making it one of the most widely deployed self-hosted password managers.
“It is pretty feature-parity with normal Bitwarden, up to and including the emergency access stuff”
Hacker News
“I also like the fact, that vaultwarden is written in rust and does not consume a lot of resources, which is great for selfhosting.”
Hacker News
“I self-host Vaultwarden and it's great, but I'm not so sure that we can rely on trustworthy forks of the phone app and browser extensions.”
Hacker News
Quotes are from public community discussions, linked to their original sources.
Frequently asked questions
Where are our passwords hosted?
Your encrypted vault data lives on Node's UK infrastructure, or in your own environment if you prefer, backed by an Article 28 data processing agreement. Vaults are end-to-end encrypted on the client, so even the server, and Node as its operator, only ever holds ciphertext.
Can we migrate from 1Password or LastPass to Vaultwarden?
Yes. The Bitwarden clients import directly from 1Password, LastPass and most other password managers, preserving folders and items. Node helps you plan the rollout, set up organisations and collections, and onboard staff so the switch is orderly rather than disruptive.
Does Vaultwarden work with the official Bitwarden apps?
Yes. Vaultwarden implements the Bitwarden server APIs, so your staff use the standard Bitwarden browser extensions, desktop apps and mobile apps, simply pointed at your own server. There is no unfamiliar client to learn and autofill works as expected.
Does Vaultwarden support single sign-on?
Staff unlock their vaults with the standard Bitwarden apps and their master password, as the end-to-end encryption model requires. Keycloak single sign-on in a Node tenant applies to admin and tenant-level access, so platform administration sits behind your corporate identity, MFA and central access control.
What does the managed Vaultwarden service include?
Deployment in a hardened production configuration, upgrades and security patching, TLS and domain setup, encrypted backups of the vault database, monitoring, and UK-based support for administrators. Your team manages users and collections; we run the server.
Can we share passwords across teams securely?
Yes. Vaultwarden supports Bitwarden organisations and collections, so credentials are shared with the right teams rather than pasted into chat. Access is granted per collection, and revoking a user removes their access to shared items immediately.
Talk to us about Vaultwarden.
Drop us a line and our team will discuss company password management and how a managed Vaultwarden deployment replaces per-user SaaS fees.
Our heritage
These projects were delivered by Tokyo Digital, acquired by Node in May 2023 and now a wholly owned subsidiary of Node DT Group. The same team builds and runs the Node platform today.