Support for Yubikey in Vaultwarden

I have tried to secure my Vaultwarden with my Yubikey.
However, Vaultwarden denies with the error message,

`YUBICO_CLIENT_ID` or `YUBICO_SECRET_KEY` environment variable is not set. 

I did obtain my api YUBICO_CLIENT_ID and YUBICO_SECRET_KEY from here, but I wasn’t able to set the necessary environment variables inside relevant containers. I am able to ssh in to embassy.

Is there any way to access the relevant container to setup the environment variables?
Also I would be delighted if I could just paste the API key in the configurations within the gui.

Maybe this is partly a feature request but I will post it here if anyone has some information.

1 Like

Hi, I want to make sure I understand correctly -

First off if you want to access the container you just need to go root - sudo -i and then docker exec -it vaultwarden.embassy bash

I will point out that containers aren’t allowed to access USB devices so plugging a Yubikey straight into your device won’t work.

Hope that offers some insight.

1 Like

Thanks for the reply.
I was able to get into the vaultwarden docker container by following your instructions. Thank you.
However, I was not able to use my yubikey as 2FA method in vaultwarden settings even after setting environment variables.

export YUBICO_CLIENT_ID="my-client-id"
export YUBICO_SECRET_KEY="my-secret-key" 

The error message in the web client is the same.

1 Like

You are more than welcome to hack around on your device, but keep in mind this is not like a ‘normal’ Linux distribution, and you may find some things don’t work as you expect. We also do not support anything done ‘under-the-hood,’ and you may cause more problems than you solve. The feature you are looking for has already been requested - you may like to add support for the feature on that page to garner it more attention.

If you manage to hack it together, please let us know under DIY/Hacking!

1 Like

Thanks for pointing out the risks of tinkering within the embassy. Also thank you for mentioning the relevant github issue.
I wasn’t able to make it work by simply adding environment variables within the container so there maybe something more to it. I will probably report the result on github.