Self host setup checklist

With self-hosting, your team is responsible for infrastructure, security, and operational responsibilities. Use this checklist to understand the additional overhead involved with self-host deployments.

• Choose self hosted deployment method (Linux standard/manual/offline, Windows standard/offline, or Kubernetes)

• Define server/VM specs and hosting environment (environment variables, firewall or proxy)

• Select database option (packaged MSSQL, separate MSSQL, Unified)

• Decide on SSL certificate approach

• Plan network architecture, firewall or proxy rules, access controls

• Scalability planning

• Certificate selection for secure data in-transit

Support links:

• Self-hosted deployment method

Select key roles:

• Project lead

• Executive sponsor

• Server admin

• Docker admin

• Network admin

• Firewall admin

• Support/help desk admin

• Database admin

• Identity provider admin

• SMTP admin

• Security and compliance admin

• Backups admin

• Business continuity admin

• Disaster recovery admin

• Device management admin

• Choose between SSO integration or Bitwarden authentication

• Select provisioning method (SCIM, Directory Connector)

• Define backup strategy (frequency, retention)

• Identify regulatory compliance needs (HIPAA, SOC2)

• Plan user roles, permissions, and organizational structure

Support links:

• SSO integration

• SCIM

• Directory Connector

• Provision servers/VMs meeting min specs

• Configure Windows-specific requirements

• Install Docker, Docker compose

• Configure database system

• Test database connectivity strings and authentication

• Implement database security best practices

• Obtain installation ID and key from Bitwarden hosting portal

• Create dedicated Bitwarden system user and directory structure

• Configure SSL certificates and HTTPS encryption

Support links:

• Configure environment variables

• Database options

• Certificate options

• Implement backup schedules for server and database

• Configure off-site backup and retention policies

• Test backup integrity and restoration procedures

• Document backup and recovery processes

• Set up monitoring and alerting for backup failures

• Evaluate backup methods

• Create disaster recovery runbooks

Support links:

• Backup options

• Disaster recovery options

• Enable SCIM provisioning in admin console

• Obtain SCIM URL and API key from Bitwarden

• Configure identity provider

• Map user attributes and group memberships

• Test SCIM synchronization

• Download and install directory connector

• Configure server URL and authentication

• Set up directory source connection

• Configure sync filters, user/group mappings

Support links:

• Enable SCIM provisioning

• Microsoft Entra ID SCIM Integration

• JumpCloud SCIM Integration

• OneLogin SCIM Integration

• Ping Identity SCIM Integration

• Complete final security review and sign off from stakeholders

• Set up production monitoring and alerting systems

• Coordinate with network and security teams for go-live

• Monitor system performance and adoption metrics

• Conduct post-implementation review with stakeholders

• Plan ongoing maintenance and update procedures

• Document lessons learned and process improvements

• Schedule regular security audits and policy reviews

Support links:

• Vault health reports

• Develop communication plan for organization

• Create timeline for rollout announcements and milestones

• Prepare exec updates on security benefits and ROI

• Schedule admin and end-user training

• Plan ongoing communication and feedback channels

• Set up support processes and escalation procedures