Connect to an External MSSQL Database

By default, self-hosted instances of Bitwarden will use a Microsoft SQL Server (MSSQL) database created as a normal part of installation setup, however you configure Bitwarden to use an external MSSQL database.


Currently, self-hosted installations of Bitwarden support only MSSQL 2017 (or newer) databases. Stay tuned for future updates on this topic.


To setup your self-hosted instance with an external database:

  1. Create a new MSSQL database.

  2. (Recommended) Create a dedicated DBO for your database.

  3. As an administrator of your Bitwarden server, open the global.override.env file in an editor:

    nano bwdata/env/global.override.env
    Text Copied!
  4. Edit the globalSettings__sqlServer__connectionString= value for the following information:

    • Replace "Data Source=tcp:mssql,1443"; with your MSSQL server name, for example "Data Source=protocol:server_url,port".

    • Replace the vault in Initial Catalog=vault; with your database name.

    • Replace User ID=sa; with your DBO User ID.

    • Replace Password=<default_pw>; with your DBO password.

  5. Save your changes to global.override.env.

  6. Start Bitwarden (./ start).

Once the above steps are complete, you can test the connection by creating a new user through the web vault and querying the external vault database for creation of the new user.

Validate a server certificate

If you need Bitwarden to validate your MSSQL database server's certificate, mount the certificate into your self-hosted Bitwarden server's containers. To do this:

  1. Copy your root CA certificate into ./bwdata/ca-certificates.

  2. Run the ./ restart command to apply the certificate to your containers and restart your server.

© 2023 Bitwarden, Inc.