Vaultwarden is a great application for storing accounts, passwords, attachments and other items safely. Ther is a particular feature in Vaultwarden to store any file types as a attachment to an account you are saving within your vault.
I recently had a client that was using a hosted docker of Vaultwarden. They mentioned that they sometimes will utilize the attachments feature within Vaultwarden to add a file or document to a password or account they are saving in their vault.
Issue: What has happened recently is they are no longer able to download any attachments within their vault. When they open their vault, whether it be on their phones, a desktop computer app, or the website, and then browse to their account which they need to download the attachment for, it would just show a spinning icon next to the attachment name. Downloading an attachment usually was instant.
Fixing the Problem: After doing some analysis, I tried loading their vault on different devices and applications (web app, mobile app, desktop app) in which all instances were not able to download the attachment and showed the same spinning blue icon when I selected the download button. After some research, it seems this issue is related to a domain change to their vault. The client is running a proxy with their vault and they pass through an “A” record from their DNS provider. What had happened was due to the client changing their A record on the DNS side and proxy, but not within their Vault config file.
Steps to fix
Note: Even though the client runs a docker, this can be done in any situation which you modify DNS records and need to update your vault config file.
- Confirm the DNS A record in your DNS provider that is being used for your vault. If you know your A record is correct, make sure you a copy of the A record information. If you A record says “test.mydomain.com”, we need to copy or make note of this entire hostname which will eventually go into our Vaultwarden config file.
- Open your config.json file from your Vaultwarden application. I found this file simply within the parent folder of the system files for the Vaultwarden server/docker.
- You should see a line for “domain” at the very top of this file which is the one we are going to modify.
"domain": "https://test2112.mydomain.com",- Enter your updated “A” record from your DNS provider here. For this issue, I found that the client changed their A record to test1.mydomain.com but their vault had test2112.mydomain.com. So it was not routing traffic correctly.
- After making this change, you need to reboot the docker container for your Vaultwarden so the new config file can be utilized.
- Confirm attachments can be downloaded now