Skip to content

Disable registration of new users

Jump to bottom Edit New page
Stefan Melmuk edited this page Aug 11, 2025 · 15 revisions

By default, anyone who can access your instance can register for a new account. To disable this, set the SIGNUPS_ALLOWED env variable to false:

docker run -d --name bitwarden \
  -e SIGNUPS_ALLOWED=false \
  -v /vw-data/:/data/ \
  -p 80:80 \
  vaultwarden/server:latest

Disabling organization invitations

Even when SIGNUPS_ALLOWED=false, an existing user who is an organization owner or admin can still invite new users. If you want to disable this as well, see Disable invitations.

Restricting registrations to certain email domains

You can restrict registration to email addresses from certain domains by setting SIGNUPS_DOMAINS_WHITELIST accordingly. For example:

  • SIGNUPS_DOMAINS_WHITELIST=example.com (single domain)
  • SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org (multiple domains)

Warning

If SIGNUPS_DOMAINS_WHITELIST is set, then the value of SIGNUPS_ALLOWED is ignored.

You may also want to set SIGNUPS_VERIFY=true, which would require email verification before a newly-registered user can successfully log in. This would prevent someone from registering with a fake email address that has the proper domain.

Visibility of the Create account link

When SIGNUPS_ALLOWED=false (and the SIGNUPS_DOMAINS_WHITELIST is empty) the Create account link will be hidden in the web vault UI unless you have not configured email and allow invitations (cf. #6109). If you don't want to have the link visible even in the latter case you can hide the link by using Custom CSS.

Invitations via the admin page

The vaultwarden admin can invite anyone via the admin page, regardless of any of the restrictions above. If mail has been disabled and the link is not visible, invited users can still visit https://vaultwarden.example.tld/#/signup and use the email address that was invited to register their account.

Add a custom footer

FAQs

  1. FAQs
  2. Audits
  3. Supporting upstream development

Troubleshooting

  1. Logging
  2. Bitwarden Android troubleshooting
  3. Bitwarden clients troubleshooting

Container Image Usage

  1. Which container image to use
  2. Starting a container
  3. Using Docker Compose
  4. Using Podman
  5. Updating the vaultwarden image

Reverse Proxy

  1. Proxy examples
  2. Using an alternate base dir (subdir/subpath)

HTTPS

  1. Enabling HTTPS
  2. Running a private vaultwarden instance with Let's Encrypt certs

Configuration

  1. Overview
  2. Enabling admin page
  3. SMTP configuration
  4. Disable registration of new users
  5. Disable invitations
  6. Enabling WebSocket notifications
  7. Enabling Mobile Client push notification
  8. Enabling SSO support using OpenId Connect
  9. Other configuration

Database

  1. Using the MariaDB (MySQL) Backend
  2. Using the PostgreSQL Backend
  3. Running without WAL enabled
  4. Migrating from MariaDB (MySQL) to SQLite

Security

  1. Hardening Guide
  2. Password hint display
  3. Enabling U2F and FIDO2 WebAuthn authentication
  4. Enabling YubiKey OTP authentication
  5. Fail2Ban Setup
  6. Fail2Ban + ModSecurity + Traefik + Docker

Performance

  1. Changing the API request size limit
  2. Changing the number of workers

Customization

  1. Translating the email templates
  2. Translating admin page
  3. Customize Vaultwarden CSS
  4. Using custom website icons
  5. Disabling or overriding the Vault interface hosting

Backup

  1. General (not docker)
  2. Backing up your vault

Development

  1. Building binary
  2. Building your own docker image
  3. Git hooks
  4. Differences from the upstream API implementation

Alternative deployments

  1. Pre-built binaries
  2. Creating a systemd service
  3. Third-party packages
  4. Deployment examples
  5. Disable the admin token

Other Information

  1. Importing data from Keepass or KeepassX
  2. Changing persistent data location
  3. Syncing users from LDAP
  4. Caddy 2.x with Cloudflare DNS
  5. Logrotate example

Clone this wiki locally