[GH-ISSUE #7299] Admin Token NOT Working #35622

Closed
opened 2026-07-13 20:28:06 -05:00 by GiteaMirror · 0 comments
Owner

Originally created by @markwwd on GitHub (Jun 4, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7299

Prerequisites

Vaultwarden Support String

I’m migrating an existing self-built Vaultwarden installation to Docker on Windows.

A plain text ADMIN_TOKEN works correctly and allows access to /admin.

However, when I use a hashed Argon2 token generated with: /vaultwarden hash

the admin login always fails with: [vaultwarden::api::admin][ERROR] Invalid admin token.

What I have verified:

  • /admin is enabled (not showing “admin panel is disabled”)
  • docker exec vaultwarden printenv ADMIN_TOKEN shows the full Argon2 hash correctly inside the container
  • I recreated the container using docker compose down and docker compose up -d --force-recreate
  • I am entering the original plain password used to generate the hash, not the hash itself
  • There is no config.json in the data directory overriding settings
  • The same setup works immediately when using a plain text ADMIN_TOKEN

Example compose configuration:

environment:
ADMIN_TOKEN: $argon2idv=19m=19456,t=2,p=1$...

Inside the container the variable resolves correctly to:

$argon2id$v=19$m=19456,t=2,p=1$...

Is there anything specific required when using Argon2-hashed admin tokens in Docker Compose on Windows, or any known issues with this setup?

I’m coming from “built from source/w rust” to Docker container. I just copied the token from .env to the compose file.

Vaultwarden Build Version

Latest

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

caddy

Host/Server Operating System

Windows

Operating System Version

Windows 11

Clients

Desktop

Client Version

No response

Steps To Reproduce

Already described.

Expected Result

Already described.

Actual Result

Already described.

Logs


Screenshots or Videos

No response

Additional Context

No response

Originally created by @markwwd on GitHub (Jun 4, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7299 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String I’m migrating an existing self-built Vaultwarden installation to Docker on Windows. A plain text ADMIN_TOKEN works correctly and allows access to /admin. However, when I use a hashed Argon2 token generated with: /vaultwarden hash the admin login always fails with: [vaultwarden::api::admin][ERROR] Invalid admin token. What I have verified: * /admin is enabled (not showing “admin panel is disabled”) * docker exec vaultwarden printenv ADMIN_TOKEN shows the full Argon2 hash correctly inside the container * I recreated the container using docker compose down and docker compose up -d --force-recreate * I am entering the original plain password used to generate the hash, not the hash itself * There is no config.json in the data directory overriding settings * The same setup works immediately when using a plain text ADMIN_TOKEN Example compose configuration: environment: ADMIN_TOKEN: $$argon2id$$v=19$$m=19456,t=2,p=1$$... Inside the container the variable resolves correctly to: $argon2id$v=19$m=19456,t=2,p=1$... Is there anything specific required when using Argon2-hashed admin tokens in Docker Compose on Windows, or any known issues with this setup? I’m coming from “built from source/w rust” to Docker container. I just copied the token from .env to the compose file. ### Vaultwarden Build Version Latest ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy caddy ### Host/Server Operating System Windows ### Operating System Version Windows 11 ### Clients Desktop ### Client Version _No response_ ### Steps To Reproduce Already described. ### Expected Result Already described. ### Actual Result Already described. ### Logs ```text ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_
GiteaMirror added the bug label 2026-07-13 20:28:06 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#35622