MFA methods on Vaultwarden

General forum for ~green, if we get a lot of more users and activity we'll add more topics
Post Reply
User avatar
alexlehm
Posts: 41
Joined: Thu Jun 29, 2023 11:29 pm
Location: Germany
Contact:
Contact alexlehm

MFA methods on Vaultwarden

Post by alexlehm »

I have bought a Yubikey and I am currently trying that out for different login methods, encryption tools and so on.

I have installed a Passkey with the Yubikey on Vaultwarden which is accepted when configuring and as a MFA method after login, but not as the initial login when clicking on Login with Passkey

This gives a 404 page on the url https://vault.tilde.green/identity/acco ... on-options which is used to verify the Passkey access apparently. This also happens when using another Passkey like Windows Hello or Android fingerprint login.

The 2nd thing I have tried is a Yubi OTP code, which is rejected with an error `YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. Yubikey OTP Disabled

I ssume this requires registering the site for a Cloud Security protocol which checks the keys from the hardware key and returns valid or invalid
Top
User avatar
jmjl
System Operator
Posts: 61
Joined: Mon Feb 06, 2023 3:10 pm

Re: MFA methods on Vaultwarden

Post by jmjl »

alexlehm wrote: Sun Jun 22, 2025 11:15 am This gives a 404 page on the url https://vault.tilde.green/identity/acco ... on-options which is used to verify the Passkey access apparently. This also happens when using another Passkey like Windows Hello or Android fingerprint login.
I've found that the project wiki instructs me to set the DOMAIN variable, and I've done that, so I dug a bit deeper, and found vaultwarden-Issue#5889, which was fixed a day after the latest release was made, so when the next release comes, if I don't notice the newsboat entry about it, ping me and i'll upgrade vaultwarden.
Top
User avatar
jmjl
System Operator
Posts: 61
Joined: Mon Feb 06, 2023 3:10 pm

Re: MFA methods on Vaultwarden

Post by jmjl »

alexlehm wrote: Sun Jun 22, 2025 11:15 am The 2nd thing I have tried is a Yubi OTP code, which is rejected with an error `YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. Yubikey OTP Disabled

I ssume this requires registering the site for a Cloud Security protocol which checks the keys from the hardware key and returns valid or invalid
Correct, the wiki requests that I register, and set those variables, but sadly, the API key signup requires that I already have a Yubico key, and I do not. And since this is security related, I'd rather not accept the api keys from other people.
Top
User avatar
alexlehm
Posts: 41
Joined: Thu Jun 29, 2023 11:29 pm
Location: Germany
Contact:
Contact alexlehm

Re: MFA methods on Vaultwarden

Post by alexlehm »

I guess that is intended to be for a company that introduces yubikey and the admin gets to request the API key who obviously will use a Yubikey as well
Top
Post Reply

Return to “General”