Connect to an External MSSQL Database

By default, self-hosted instances of Bitwarden will use a Microsoft SQL Server (MSSQL) database created as a normal part of installation setup, however you configure Bitwarden to use an external MSSQL database.

Setup

To setup your self-hosted instance with an external database:

1. Create a new MSSQL database named vault.

   warning

   You must use vault as your database name. A different database name will cause migration to fail.

2. (Recommended) Create a dedicated DBO for your vault database.

3. As an administrator of your Bitwarden server, open the global.override.env file in an editor:

   nano bwdata/env/global.override.env

4. Edit the globalSettings__sqlServer__connectionString= value for the following information.

   • Replace "Data Source=tcp:mssql,1443"; with your MSSQL Server name, for example "Data Source=protocol:server_url,port".

   • Replace User ID=sa; with your DBO User ID.

   • Replace Password=<default_pw>; with your DBO password.

5. Save your changes to global.override.env.

6. Start Bitwarden (./bitwarden.sh start).

Once the above steps are complete, you can test the connection by creating a new user through the Web Vault and querying the external vault database for creation of the new user.

Validate a Server Certificate

If you need Bitwarden to validate your MSSQL database server's certificate, mount the certificate into your self-hosted Bitwarden server's containers. To do this:

1. Copy your root CA certificate into ./bwdata/ca-certificates.

2. Run the ./bitwarden.sh restart command to apply the certificate to your containers and restart your server.