Self-Hosting Overview

Bittery is source-available under the Functional Source License and designed to be self-hosted. You keep complete control over your data — nothing ever leaves your infrastructure.

Architecture

A Bittery deployment consists of three core services:

Service	Description
Server	Rust API server handling authentication, sync, and encrypted vault storage
Web	Static SPA served via nginx — the web vault interface
Caddy	Reverse proxy with automatic HTTPS via Let's Encrypt

Optional services can be enabled via Docker Compose profiles:

Service	Profile	Description
PostgreSQL	`builtin-db`	Built-in database (or bring your own)
MinIO	`storage`	S3-compatible object storage for file attachments
Valkey	`cache`	Redis-compatible cache for rate limiting and pub/sub

Self-hosted deployments do not require Stripe or hosted-cloud billing. In BITTERY_MODE=self-hosted, team sharing, share links, and attachments are available without a subscription gate.

Deployment Options

Tip

If you want the fastest path to a running instance, start with the Railway template — it takes under 5 minutes.

Railway — One-click deploy with managed Postgres. Best for getting started quickly. See Railway Quick Start.
Docker Compose — Full control on any Linux VPS. See Docker Compose Setup.
Custom — Pull the container images and wire them into your own orchestration (Kubernetes, Nomad, etc.). See Configuration Reference for all environment variables.

Requirements

Docker and Docker Compose v2 (for Docker deployments)
A domain name with DNS pointing to your server
1 vCPU / 1 GB RAM minimum (2 vCPU / 2 GB recommended)
PostgreSQL 15+ (built-in or external)

Security

Bittery uses zero-knowledge encryption — your server never sees plaintext vault data. Even on a compromised server, an attacker cannot decrypt user vaults without the master password and secret key.

Warning

Always run Bittery behind HTTPS. The included Caddy configuration handles this automatically with Let's Encrypt certificates.