How to confirm successful hashed Admin Token in Vaultwarden?

Luncheon3462 · March 18, 2024, 4:45pm

I’m setting up Vaultwarden for the first time and trying to set up a hashed ADMIN_TOKEN.

I followed the thread on yunohost forums created by @moses69 at Hashed Admin Token in Vaultwarden HOWTO?.

But after logging out and logging back into the admin panel with the result of the command

echo -n “InitialVaultwardenAdminPasswordGeneratedByYunohost” | argon2 “$(openssl rand -base64 32)” -e -id -k 65540 -t 3 -p 4 | sed ‘s#$#$$#g’

I still get the message:

You are using a plain text ADMIN_TOKEN which is insecure.
Please generate a secure Argon2 PHC string by using vaultwarden hash or argon2.
See: Enabling admin page - Secure the ADMIN_TOKEN

So, I am wondering is my new admin token hashed or not. How to tell for certain?

Merci

moses69 · March 18, 2024, 6:04pm

You have to put the whole output:

e.g.

ADMIN_TOKEN=$argon2id$v=19$m=65536,t=2,p=1$gZiV/M1gPc22ElAH/Jh1Hw$CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno

Luncheon3462 · March 18, 2024, 9:19pm

Thank you. Just so I am clear, on the admin page in the field in the attached document, the field should start with ADMIN_TOKEN=

followed by the output of the command
echo -n “InitialVaultwardenAdminPasswordGeneratedByYunohost” | argon2 “$(openssl rand -base64 32)” -e -id -k 65540 -t 3 -p 4 | sed ‘s#$#$$#g’

?

Merci.

Luncheon3462 · March 19, 2024, 5:47pm

I wound up having success by adapting the instructions from Synology: Install Vaultwarden With Portainer – Marius Hosting. Instead of generating the argon2 hash from my server by installing argon2, I used the following website: https://argon2.online/

What the Marius hosting made clear was:

The admin token generated by yunohost when installing vaultwarden is only temporary if one is going to hash with Argon2.
One chooses a novel password (not the admin token generated by yunohost) when generating the argon2 hash.
One needs to use the admin token generated by yunohost when first logging into the admin panel, which is needed to change the admin token.
in the admin panel replace the admin token with the output (hash) from the https://argon2.online/ and press save. then log out.
when logging back into the admin panel, use the novel password from step 2 above, not the hash which was generated with it on argon2.online

moses69 · March 25, 2024, 7:51am

The field should start with ADMIN_TOKEN=
followed by the output of the command

echo -n “InitialVaultwardenAdminPasswordGeneratedByYunohost” | argon2 “$(openssl rand -base64 32)” -e -id -k 65540 -t 3 -p 4 ~~| sed ‘s#$#$$#g’~~

Without the sed part it should work.

Never determine your master or admin passworts on an public website!

system · April 9, 2024, 7:51am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.