This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/Kalquaro on 2025-06-11 12:44:57+00:00.
Hi,
So I have a first world problem.
I recently spun up authentik for identity management. Seriously love this thing and I've enabled SSO for most of my apps that support it, along with TOTP (2FA)
I wanted to set it up as well for VaultWarden but I started thinking.
My TOTP is in VaultWarden. Which would prevent me from logging in through Authentik, because I would need to unlock VaultWarden to first retrieve my TOTP. Kind of a chicken and egg problem.
I do have my TOTP in Microsoft Authenticator on my phone but I like having the ability for VaultWarden to automatically fill the TOTP password when logging in to Authentik, but I really want to enable SSO in VaultWarden, as I feel it's the safest way to expose it to the internet, so I don't need to connect to a VPN anytime I need to access the password vault.
I've been pondering that issue for a few days. What would you do?