Add Image information

Update readme for docker hub
2025-09-10 18:55:57 +03:00 · 2018-06-01 15:17:09 +01:00 · 2018-06-01 15:17:09 +01:00
403 changed files with 5343 additions and 78407 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -4,37 +4,15 @@ target
 # Data folder
 data
 # Misc
 .env
 .env.template
 .gitattributes
 .gitignore
 rustfmt.toml
 # IDE files
 .vscode
 .idea
 .editorconfig
 *.iml
 # Git files
 .git
 .gitignore
 # Documentation
 .github
 *.md
 *.txt
 *.yml
 *.yaml
 # Docker
 hooks
 tools
 Dockerfile
 .dockerignore
 docker/**
 !docker/healthcheck.sh
 !docker/start.sh
 # Web vault
 web-vault
 # Vaultwarden Resources
 resources
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,23 +0,0 @@
 # EditorConfig is awesome: https://EditorConfig.org
 # top-most EditorConfig file
 root = true
 [*]
 end_of_line = lf
 charset = utf-8
 [*.{rs,py}]
 indent_style = space
 indent_size = 4
 trim_trailing_whitespace = true
 insert_final_newline = true
 [*.{yml,yaml}]
 indent_style = space
 indent_size = 2
 trim_trailing_whitespace = true
 insert_final_newline = true
 [Makefile]
 indent_style = tab
--- a/.env
+++ b/.env
@@ -0,0 +1,13 @@
 # DATABASE_URL=data/db.sqlite3
 # PRIVATE_RSA_KEY=data/private_rsa_key.der
 # PUBLIC_RSA_KEY=data/public_rsa_key.der
 # ICON_CACHE_FOLDER=data/icon_cache
 # ATTACHMENTS_FOLDER=data/attachments
 # true for yes, anything else for no
 SIGNUPS_ALLOWED=true
 # ROCKET_ENV=production
 # ROCKET_ADDRESS=0.0.0.0 # Enable this to test mobile app
 # ROCKET_PORT=8000
 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
--- a/.env.template
+++ b/.env.template
@@ -1,446 +0,0 @@
 # shellcheck disable=SC2034,SC2148
 ## Vaultwarden Configuration File
 ## Uncomment any of the following lines to change the defaults
 ##
 ## Be aware that most of these settings will be overridden if they were changed
 ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
 ##
 ## By default, Vaultwarden expects for this file to be named ".env" and located
 ## in the current working directory. If this is not the case, the environment
 ## variable ENV_FILE can be set to the location of this file prior to starting
 ## Vaultwarden.
 ## Main data folder
 # DATA_FOLDER=data
 ## Database URL
 ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
 # DATABASE_URL=data/db.sqlite3
 ## When using MySQL, specify an appropriate connection URI.
 ## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html
 # DATABASE_URL=mysql://user:password@host[:port]/database_name
 ## When using PostgreSQL, specify an appropriate connection URI (recommended)
 ## or keyword/value connection string.
 ## Details:
 ## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html
 ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
 # DATABASE_URL=postgresql://user:password@host[:port]/database_name
 ## Database max connections
 ## Define the size of the connection pool used for connecting to the database.
 # DATABASE_MAX_CONNS=10
 ## Database connection initialization
 ## Allows SQL statements to be run whenever a new database connection is created.
 ## This is mainly useful for connection-scoped pragmas.
 ## If empty, a database-specific default is used:
 ## - SQLite: "PRAGMA busy_timeout = 5000; PRAGMA synchronous = NORMAL;"
 ## - MySQL: ""
 ## - PostgreSQL: ""
 # DATABASE_CONN_INIT=""
 ## Individual folders, these override %DATA_FOLDER%
 # RSA_KEY_FILENAME=data/rsa_key
 # ICON_CACHE_FOLDER=data/icon_cache
 # ATTACHMENTS_FOLDER=data/attachments
 # SENDS_FOLDER=data/sends
 # TMP_FOLDER=data/tmp
 ## Templates data folder, by default uses embedded templates
 ## Check source code to see the format
 # TEMPLATES_FOLDER=/path/to/templates
 ## Automatically reload the templates for every request, slow, use only for development
 # RELOAD_TEMPLATES=false
 ## Client IP Header, used to identify the IP of the client, defaults to "X-Real-IP"
 ## Set to the string "none" (without quotes), to disable any headers and just use the remote IP
 # IP_HEADER=X-Real-IP
 ## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever")
 # ICON_CACHE_TTL=2592000
 ## Cache time-to-live for icons which weren't available, in seconds (0 is "forever")
 # ICON_CACHE_NEGTTL=259200
 ## Web vault settings
 # WEB_VAULT_FOLDER=web-vault/
 # WEB_VAULT_ENABLED=true
 ## Enables websocket notifications
 # WEBSOCKET_ENABLED=false
 ## Controls the WebSocket server address and port
 # WEBSOCKET_ADDRESS=0.0.0.0
 # WEBSOCKET_PORT=3012
 ## Enables push notifications (requires key and id from https://bitwarden.com/host)
 # PUSH_ENABLED=true
 # PUSH_INSTALLATION_ID=CHANGEME
 # PUSH_INSTALLATION_KEY=CHANGEME
 ## Don't change this unless you know what you're doing.
 # PUSH_RELAY_BASE_URI=https://push.bitwarden.com
 ## Controls whether users are allowed to create Bitwarden Sends.
 ## This setting applies globally to all users.
 ## To control this on a per-org basis instead, use the "Disable Send" org policy.
 # SENDS_ALLOWED=true
 ## Controls whether users can enable emergency access to their accounts.
 ## This setting applies globally to all users.
 # EMERGENCY_ACCESS_ALLOWED=true
 ## Controls whether event logging is enabled for organizations
 ## This setting applies to organizations.
 ## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings.
 # ORG_EVENTS_ENABLED=false
 ## Number of days to retain events stored in the database.
 ## If unset (the default), events are kept indefinitely and the scheduled job is disabled!
 # EVENTS_DAYS_RETAIN=
 ## BETA FEATURE: Groups
 ## Controls whether group support is enabled for organizations
 ## This setting applies to organizations.
 ## Disabled by default because this is a beta feature, it contains known issues!
 ## KNOW WHAT YOU ARE DOING!
 # ORG_GROUPS_ENABLED=false
 ## Job scheduler settings
 ##
 ## Job schedules use a cron-like syntax (as parsed by https://crates.io/crates/cron),
 ## and are always in terms of UTC time (regardless of your local time zone settings).
 ##
 ## The schedule format is a bit different from crontab as crontab does not contains seconds.
 ## You can test the the format here: https://crontab.guru, but remove the first digit!
 ## SEC  MIN   HOUR   DAY OF MONTH    MONTH   DAY OF WEEK
 ## "0   30   9,12,15     1,15       May-Aug  Mon,Wed,Fri"
 ## "0   30     *          *            *          *     "
 ## "0   30     1          *            *          *     "
 ##
 ## How often (in ms) the job scheduler thread checks for jobs that need running.
 ## Set to 0 to globally disable scheduled jobs.
 # JOB_POLL_INTERVAL_MS=30000
 ##
 ## Cron schedule of the job that checks for Sends past their deletion date.
 ## Defaults to hourly (5 minutes after the hour). Set blank to disable this job.
 # SEND_PURGE_SCHEDULE="0 5 * * * *"
 ##
 ## Cron schedule of the job that checks for trashed items to delete permanently.
 ## Defaults to daily (5 minutes after midnight). Set blank to disable this job.
 # TRASH_PURGE_SCHEDULE="0 5 0 * * *"
 ##
 ## Cron schedule of the job that checks for incomplete 2FA logins.
 ## Defaults to once every minute. Set blank to disable this job.
 # INCOMPLETE_2FA_SCHEDULE="30 * * * * *"
 ##
 ## Cron schedule of the job that sends expiration reminders to emergency access grantors.
 ## Defaults to hourly (3 minutes after the hour). Set blank to disable this job.
 # EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE="0 3 * * * *"
 ##
 ## Cron schedule of the job that grants emergency access requests that have met the required wait time.
 ## Defaults to hourly (7 minutes after the hour). Set blank to disable this job.
 # EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 7 * * * *"
 ##
 ## Cron schedule of the job that cleans old events from the event table.
 ## Defaults to daily. Set blank to disable this job. Also without EVENTS_DAYS_RETAIN set, this job will not start.
 # EVENT_CLEANUP_SCHEDULE="0 10 0 * * *"
 ## Enable extended logging, which shows timestamps and targets in the logs
 # EXTENDED_LOGGING=true
 ## Timestamp format used in extended logging.
 ## Format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime
 # LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f"
 ## Logging to file
 # LOG_FILE=/path/to/log
 ## Logging to Syslog
 ## This requires extended logging
 # USE_SYSLOG=false
 ## Log level
 ## Change the verbosity of the log output
 ## Valid values are "trace", "debug", "info", "warn", "error" and "off"
 ## Setting it to "trace" or "debug" would also show logs for mounted
 ## routes and static file, websocket and alive requests
 # LOG_LEVEL=Info
 ## Enable WAL for the DB
 ## Set to false to avoid enabling WAL during startup.
 ## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
 ## this setting only prevents Vaultwarden from automatically enabling it on start.
 ## Please read project wiki page about this setting first before changing the value as it can
 ## cause performance degradation or might render the service unable to start.
 # ENABLE_DB_WAL=true
 ## Database connection retries
 ## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely
 # DB_CONNECTION_RETRIES=15
 ## Icon service
 ## The predefined icon services are: internal, bitwarden, duckduckgo, google.
 ## To specify a custom icon service, set a URL template with exactly one instance of `{}`,
 ## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
 ##
 ## `internal` refers to Vaultwarden's built-in icon fetching implementation.
 ## If an external service is set, an icon request to Vaultwarden will return an HTTP
 ## redirect to the corresponding icon at the external service. An external service may
 ## be useful if your Vaultwarden instance has no external network connectivity, or if
 ## you are concerned that someone may probe your instance to try to detect whether icons
 ## for certain sites have been cached.
 # ICON_SERVICE=internal
 ## Icon redirect code
 ## The HTTP status code to use for redirects to an external icon service.
 ## The supported codes are 301 (legacy permanent), 302 (legacy temporary), 307 (temporary), and 308 (permanent).
 ## Temporary redirects are useful while testing different icon services, but once a service
 ## has been decided on, consider using permanent redirects for cacheability. The legacy codes
 ## are currently better supported by the Bitwarden clients.
 # ICON_REDIRECT_CODE=302
 ## Disable icon downloading
 ## Set to true to disable icon downloading in the internal icon service.
 ## This still serves existing icons from $ICON_CACHE_FOLDER, without generating any external
 ## network requests. $ICON_CACHE_TTL must also be set to 0; otherwise, the existing icons
 ## will be deleted eventually, but won't be downloaded again.
 # DISABLE_ICON_DOWNLOAD=false
 ## Icon download timeout
 ## Configure the timeout value when downloading the favicons.
 ## The default is 10 seconds, but this could be to low on slower network connections
 # ICON_DOWNLOAD_TIMEOUT=10
 ## Icon blacklist Regex
 ## Any domains or IPs that match this regex won't be fetched by the icon service.
 ## Useful to hide other servers in the local network. Check the WIKI for more details
 ## NOTE: Always enclose this regex withing single quotes!
 # ICON_BLACKLIST_REGEX='^(192\.168\.0\.[0-9]+|192\.168\.1\.[0-9]+)$'
 ## Any IP which is not defined as a global IP will be blacklisted.
 ## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block
 # ICON_BLACKLIST_NON_GLOBAL_IPS=true
 ## Disable 2FA remember
 ## Enabling this would force the users to use a second factor to login every time.
 ## Note that the checkbox would still be present, but ignored.
 # DISABLE_2FA_REMEMBER=false
 ## Maximum attempts before an email token is reset and a new email will need to be sent.
 # EMAIL_ATTEMPTS_LIMIT=3
 ## Token expiration time
 ## Maximum time in seconds a token is valid. The time the user has to open email client and copy token.
 # EMAIL_EXPIRATION_TIME=600
 ## Email token size
 ## Number of digits in an email 2FA token (min: 6, max: 255).
 ## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting!
 # EMAIL_TOKEN_SIZE=6
 ## Controls if new users can register
 # SIGNUPS_ALLOWED=true
 ## Controls if new users need to verify their email address upon registration
 ## Note that setting this option to true prevents logins until the email address has been verified!
 ## The welcome email will include a verification link, and login attempts will periodically
 ## trigger another verification email to be sent.
 # SIGNUPS_VERIFY=false
 ## If SIGNUPS_VERIFY is set to true, this limits how many seconds after the last time
 ## an email verification link has been sent another verification email will be sent
 # SIGNUPS_VERIFY_RESEND_TIME=3600
 ## If SIGNUPS_VERIFY is set to true, this limits how many times an email verification
 ## email will be re-sent upon an attempted login.
 # SIGNUPS_VERIFY_RESEND_LIMIT=6
 ## Controls if new users from a list of comma-separated domains can register
 ## even if SIGNUPS_ALLOWED is set to false
 # SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org
 ## Controls which users can create new orgs.
 ## Blank or 'all' means all users can create orgs (this is the default):
 # ORG_CREATION_USERS=
 ## 'none' means no users can create orgs:
 # ORG_CREATION_USERS=none
 ## A comma-separated list means only those users can create orgs:
 # ORG_CREATION_USERS=admin1@example.com,admin2@example.com
 ## Token for the admin interface, preferably an Argon2 PCH string
 ## Vaultwarden has a built-in generator by calling `vaultwarden hash`
 ## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
 ## If not set, the admin panel is disabled
 ## New Argon2 PHC string
 ## Note that for some environments, like docker-compose you need to escape all the dollar signs `$` with an extra dollar sign like `$$`
 ## Also, use single quotes (') instead of double quotes (") to enclose the string when needed
 # ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78'
 ## Old plain text string (Will generate warnings in favor of Argon2)
 # ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
 ## Enable this to bypass the admin panel security. This option is only
 ## meant to be used with the use of a separate auth layer in front
 # DISABLE_ADMIN_TOKEN=false
 ## Invitations org admins to invite users, even when signups are disabled
 # INVITATIONS_ALLOWED=true
 ## Name shown in the invitation emails that don't come from a specific organization
 # INVITATION_ORG_NAME=Vaultwarden
 ## The number of hours after which an organization invite token, emergency access invite token,
 ## email verification token and deletion request token will expire (must be at least 1)
 # INVITATION_EXPIRATION_HOURS=120
 ## Per-organization attachment storage limit (KB)
 ## Max kilobytes of attachment storage allowed per organization.
 ## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization.
 # ORG_ATTACHMENT_LIMIT=
 ## Per-user attachment storage limit (KB)
 ## Max kilobytes of attachment storage allowed per user.
 ## When this limit is reached, the user will not be allowed to upload further attachments.
 # USER_ATTACHMENT_LIMIT=
 ## Number of days to wait before auto-deleting a trashed item.
 ## If unset (the default), trashed items are not auto-deleted.
 ## This setting applies globally, so make sure to inform all users of any changes to this setting.
 # TRASH_AUTO_DELETE_DAYS=
 ## Number of minutes to wait before a 2FA-enabled login is considered incomplete,
 ## resulting in an email notification. An incomplete 2FA login is one where the correct
 ## master password was provided but the required 2FA step was not completed, which
 ## potentially indicates a master password compromise. Set to 0 to disable this check.
 ## This setting applies globally to all users.
 # INCOMPLETE_2FA_TIME_LIMIT=3
 ## Number of server-side passwords hashing iterations for the password hash.
 ## The default for new users. If changed, it will be updated during login for existing users.
 # PASSWORD_ITERATIONS=350000
 ## Controls whether users can set password hints. This setting applies globally to all users.
 # PASSWORD_HINTS_ALLOWED=true
 ## Controls whether a password hint should be shown directly in the web page if
 ## SMTP service is not configured. Not recommended for publicly-accessible instances
 ## as this provides unauthenticated access to potentially sensitive data.
 # SHOW_PASSWORD_HINT=false
 ## Domain settings
 ## The domain must match the address from where you access the server
 ## It's recommended to configure this value, otherwise certain functionality might not work,
 ## like attachment downloads, email links and U2F.
 ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
 # DOMAIN=https://vw.domain.tld:8443
 ## Allowed iframe ancestors (Know the risks!)
 ## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
 ## Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets
 ## This adds the configured value to the 'Content-Security-Policy' headers 'frame-ancestors' value.
 ## Multiple values must be separated with a whitespace.
 # ALLOWED_IFRAME_ANCESTORS=
 ## Number of seconds, on average, between login requests from the same IP address before rate limiting kicks in.
 # LOGIN_RATELIMIT_SECONDS=60
 ## Allow a burst of requests of up to this size, while maintaining the average indicated by `LOGIN_RATELIMIT_SECONDS`.
 ## Note that this applies to both the login and the 2FA, so it's recommended to allow a burst size of at least 2.
 # LOGIN_RATELIMIT_MAX_BURST=10
 ## Number of seconds, on average, between admin login requests from the same IP address before rate limiting kicks in.
 # ADMIN_RATELIMIT_SECONDS=300
 ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
 # ADMIN_RATELIMIT_MAX_BURST=3
 ## Set the lifetime of admin sessions to this value (in minutes).
 # ADMIN_SESSION_LIFETIME=20
 ## Yubico (Yubikey) Settings
 ## Set your Client ID and Secret Key for Yubikey OTP
 ## You can generate it here: https://upgrade.yubico.com/getapikey/
 ## You can optionally specify a custom OTP server
 # YUBICO_CLIENT_ID=11111
 # YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA
 # YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify
 ## Duo Settings
 ## You need to configure all options to enable global Duo support, otherwise users would need to configure it themselves
 ## Create an account and protect an application as mentioned in this link (only the first step, not the rest):
 ## https://help.bitwarden.com/article/setup-two-step-login-duo/#create-a-duo-security-account
 ## Then set the following options, based on the values obtained from the last step:
 # DUO_IKEY=<Integration Key>
 # DUO_SKEY=<Secret Key>
 # DUO_HOST=<API Hostname>
 ## After that, you should be able to follow the rest of the guide linked above,
 ## ignoring the fields that ask for the values that you already configured beforehand.
 ## Authenticator Settings
 ## Disable authenticator time drifted codes to be valid.
 ## TOTP codes of the previous and next 30 seconds will be invalid
 ##
 ## According to the RFC6238 (https://tools.ietf.org/html/rfc6238),
 ## we allow by default the TOTP code which was valid one step back and one in the future.
 ## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes.
 ## You can disable this, so that only the current TOTP Code is allowed.
 ## Keep in mind that when a sever drifts out of time, valid codes could be marked as invalid.
 ## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid.
 # AUTHENTICATOR_DISABLE_TIME_DRIFT=false
 ## Rocket specific settings
 ## See https://rocket.rs/v0.4/guide/configuration/ for more details.
 # ROCKET_ADDRESS=0.0.0.0
 # ROCKET_PORT=80  # Defaults to 80 in the Docker images, or 8000 otherwise.
 # ROCKET_WORKERS=10
 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
 ## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service.
 ## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
 ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
 # SMTP_HOST=smtp.domain.tld
 # SMTP_FROM=vaultwarden@domain.tld
 # SMTP_FROM_NAME=Vaultwarden
 # SMTP_SECURITY=starttls # ("starttls", "force_tls", "off") Enable a secure connection. Default is "starttls" (Explicit - ports 587 or 25), "force_tls" (Implicit - port 465) or "off", no encryption (port 25)
 # SMTP_PORT=587          # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS).
 # SMTP_USERNAME=username
 # SMTP_PASSWORD=password
 # SMTP_TIMEOUT=15
 # Whether to send mail via the `sendmail` command
 # USE_SENDMAIL=false
 # Which sendmail command to use. The one found in the $PATH is used if not specified.
 # SENDMAIL_COMMAND="/path/to/sendmail"
 ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
 ## Possible values: ["Plain", "Login", "Xoauth2"].
 ## Multiple options need to be separated by a comma ','.
 # SMTP_AUTH_MECHANISM="Plain"
 ## Server name sent during the SMTP HELO
 ## By default this value should be is on the machine's hostname,
 ## but might need to be changed in case it trips some anti-spam filters
 # HELO_NAME=
 ## Embed images as email attachments
 # SMTP_EMBED_IMAGES=false
 ## SMTP debugging
 ## When set to true this will output very detailed SMTP messages.
 ## WARNING: This could contain sensitive information like passwords and usernames! Only enable this during troubleshooting!
 # SMTP_DEBUG=false
 ## Accept Invalid Hostnames
 ## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks!
 ## Only use this as a last resort if you are not able to use a valid certificate.
 # SMTP_ACCEPT_INVALID_HOSTNAMES=false
 ## Accept Invalid Certificates
 ## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks!
 ## Only use this as a last resort if you are not able to use a valid certificate.
 ## If the Certificate is valid but the hostname doesn't match, please use SMTP_ACCEPT_INVALID_HOSTNAMES instead.
 # SMTP_ACCEPT_INVALID_CERTS=false
 ## Require new device emails. When a user logs in an email is required to be sent.
 ## If sending the email fails the login attempt will fail!!
 # REQUIRE_DEVICE_EMAIL=false
 ## HIBP Api Key
 ## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key
 # HIBP_API_KEY=
 # vim: syntax=ini
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +0,0 @@
 # Ignore vendored scripts in GitHub stats
 src/static/scripts/* linguist-vendored
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,3 +0,0 @@
 github: dani-garcia
 liberapay: dani-garcia
 custom: ["https://paypal.me/DaniGG"]
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,66 +0,0 @@
 ---
 name: Bug report
 about: Use this ONLY for bugs in vaultwarden itself. Use the Discourse forum (link below) to request features or get help with usage/configuration. If in doubt, use the forum.
 title: ''
 labels: ''
 assignees: ''
 ---
 <!--
    # ###
    NOTE: Please update to the latest version of vaultwarden before reporting an issue!
    This saves you and us a lot of time and troubleshooting.
    See:
    * https://github.com/dani-garcia/vaultwarden/issues/1180
    * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image
    # ###
 -->
 <!--
 Please fill out the following template to make solving your problem easier and faster for us.
 This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them.
 Remember to hide/redact personal or confidential information,
 such as passwords, IP addresses, and DNS names as appropriate.
 -->
 ### Subject of the issue
 <!-- Describe your issue here. -->
 ### Deployment environment
 <!--
    =========================================================================================
    Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab.
    That will auto-generate most of the info requested in this section.
    =========================================================================================
 -->
 <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page -->
 <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden -->
 <!-- Remember to check if your issue exists on the latest version first! -->
 * vaultwarden version:
 <!-- How the server was installed: Docker image, OS package, built from source, etc. -->
 * Install method:
 * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) -->
 * Reverse proxy and version: <!-- if applicable -->
 * MySQL/MariaDB or PostgreSQL version: <!-- if applicable -->
 * Other relevant details:
 ### Steps to reproduce
 <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults)
 and how did you start vaultwarden? -->
 ### Expected behaviour
 <!-- Tell us what you expected to happen -->
 ### Actual behaviour
 <!-- Tell us what actually happened -->
 ### Troubleshooting data
 <!-- Share any log files, screenshots, or other relevant troubleshooting data -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +0,0 @@
 blank_issues_enabled: false
 contact_links:
  - name: Discourse forum for vaultwarden
    url: https://vaultwarden.discourse.group/
    about: Use this forum to request features or get help with usage/configuration.
  - name: GitHub Discussions for vaultwarden
    url: https://github.com/dani-garcia/vaultwarden/discussions
    about: An alternative to the Discourse forum, if this is easier for you.
--- a/.github/security-contact.gif
+++ b/.github/security-contact.gif
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,202 +0,0 @@
 name: Build
 on:
  push:
    paths:
      - ".github/workflows/build.yml"
      - "src/**"
      - "migrations/**"
      - "Cargo.*"
      - "build.rs"
      - "rust-toolchain"
      - "rustfmt.toml"
      - "diesel.toml"
  pull_request:
    paths:
      - ".github/workflows/build.yml"
      - "src/**"
      - "migrations/**"
      - "Cargo.*"
      - "build.rs"
      - "rust-toolchain"
      - "rustfmt.toml"
      - "diesel.toml"
 jobs:
  build:
    runs-on: ubuntu-20.04
    timeout-minutes: 120
    # Make warnings errors, this is to prevent warnings slipping through.
    # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
    env:
      RUSTFLAGS: "-D warnings"
      CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
    strategy:
      fail-fast: false
      matrix:
        channel:
          - "rust-toolchain" # The version defined in rust-toolchain
          - "msrv" # The supported MSRV
    name: Build and Test ${{ matrix.channel }}
    steps:
      # Checkout the repo
      - name: "Checkout"
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      # End Checkout the repo
      # Install dependencies
      - name: "Install dependencies Ubuntu"
        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends openssl sqlite build-essential libmariadb-dev-compat libpq-dev libssl-dev pkg-config
      # End Install dependencies
      # Determine rust-toolchain version
      - name: Init Variables
        id: toolchain
        shell: bash
        run: |
          if [[ "${{ matrix.channel }}" == 'rust-toolchain' ]]; then
            RUST_TOOLCHAIN="$(cat rust-toolchain)"
          elif [[ "${{ matrix.channel }}" == 'msrv' ]]; then
            RUST_TOOLCHAIN="$(grep -oP 'rust-version.*"(\K.*?)(?=")' Cargo.toml)"
          else
            RUST_TOOLCHAIN="${{ matrix.channel }}"
          fi
          echo "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" | tee -a "${GITHUB_OUTPUT}"
      # End Determine rust-toolchain version
      # Only install the clippy and rustfmt components on the default rust-toolchain
      - name: "Install rust-toolchain version"
        uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d # master @ 2023-03-28 - 06:32 GMT+2
        if: ${{ matrix.channel == 'rust-toolchain' }}
        with:
          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
          components: clippy, rustfmt
      # End Uses the rust-toolchain file to determine version
      # Install the any other channel to be used for which we do not execute clippy and rustfmt
      - name: "Install MSRV version"
        uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d # master @ 2023-03-28 - 06:32 GMT+2
        if: ${{ matrix.channel != 'rust-toolchain' }}
        with:
          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
      # End Install the MSRV channel to be used
      # Enable Rust Caching
      - uses: Swatinem/rust-cache@2656b87321093db1cb55fbd73183d195214fdfd1 # v2.5.0
      # End Enable Rust Caching
      # Show environment
      - name: "Show environment"
        run: |
          rustc -vV
          cargo -vV
      # End Show environment
      # Run cargo tests (In release mode to speed up future builds)
      # First test all features together, afterwards test them separately.
      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
        id: test_sqlite_mysql_postgresql_mimalloc
        if: $${{ always() }}
        run: |
          cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc
      - name: "test features: sqlite,mysql,postgresql"
        id: test_sqlite_mysql_postgresql
        if: $${{ always() }}
        run: |
          cargo test --release --features sqlite,mysql,postgresql
      - name: "test features: sqlite"
        id: test_sqlite
        if: $${{ always() }}
        run: |
          cargo test --release --features sqlite
      - name: "test features: mysql"
        id: test_mysql
        if: $${{ always() }}
        run: |
          cargo test --release --features mysql
      - name: "test features: postgresql"
        id: test_postgresql
        if: $${{ always() }}
        run: |
          cargo test --release --features postgresql
      # End Run cargo tests
      # Run cargo clippy, and fail on warnings (In release mode to speed up future builds)
      - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
        id: clippy
        if: ${{ always() && matrix.channel == 'rust-toolchain' }}
        run: |
          cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
      # End Run cargo clippy
      # Run cargo fmt (Only run on rust-toolchain defined version)
      - name: "check formatting"
        id: formatting
        if: ${{ always() && matrix.channel == 'rust-toolchain' }}
        run: |
          cargo fmt --all -- --check
      # End Run cargo fmt
      # Check for any previous failures, if there are stop, else continue.
      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
      - name: "Some checks failed"
        if: ${{ failure() }}
        run: |
          echo "### :x: Checks Failed!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "|Job|Status|" >> $GITHUB_STEP_SUMMARY
          echo "|---|------|" >> $GITHUB_STEP_SUMMARY
          echo "|test (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.test_sqlite_mysql_postgresql_mimalloc.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (sqlite,mysql,postgresql)|${{ steps.test_sqlite_mysql_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (sqlite)|${{ steps.test_sqlite.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (mysql)|${{ steps.test_mysql.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|test (postgresql)|${{ steps.test_postgresql.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|clippy (sqlite,mysql,postgresql,enable_mimalloc)|${{ steps.clippy.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "|fmt|${{ steps.formatting.outcome }}|" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "Please check the failed jobs and fix where needed." >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          exit 1
      # Check for any previous failures, if there are stop, else continue.
      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
      - name: "All checks passed"
        if: ${{ success() }}
        run: |
          echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
      # Build the binary to upload to the artifacts
      - name: "build features: sqlite,mysql,postgresql"
        if: ${{ matrix.channel == 'rust-toolchain' }}
        run: |
          cargo build --release --features sqlite,mysql,postgresql
      # End Build the binary
      # Upload artifact to Github Actions
      - name: "Upload artifact"
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        if: ${{ matrix.channel == 'rust-toolchain' }}
        with:
          name: vaultwarden
          path: target/release/vaultwarden
      # End Upload artifact to Github Actions
--- a/.github/workflows/hadolint.yml
+++ b/.github/workflows/hadolint.yml
@@ -1,34 +0,0 @@
 name: Hadolint
 on: [
      push,
      pull_request
    ]
 jobs:
  hadolint:
    name: Validate Dockerfile syntax
    runs-on: ubuntu-20.04
    timeout-minutes: 30
    steps:
      # Checkout the repo
      - name: Checkout
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      # End Checkout the repo
      # Download hadolint - https://github.com/hadolint/hadolint/releases
      - name: Download hadolint
        shell: bash
        run: |
          sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \
          sudo chmod +x /usr/local/bin/hadolint
        env:
          HADOLINT_VERSION: 2.12.0
      # End Download hadolint
      # Test Dockerfiles
      - name: Run hadolint
        shell: bash
        run:  git ls-files --exclude='docker/*/Dockerfile*' --ignored --cached | xargs hadolint
      # End Test Dockerfiles
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,235 +0,0 @@
 name: Release
 on:
  push:
    paths:
      - ".github/workflows/release.yml"
      - "src/**"
      - "migrations/**"
      - "hooks/**"
      - "docker/**"
      - "Cargo.*"
      - "build.rs"
      - "diesel.toml"
      - "rust-toolchain"
    branches: # Only on paths above
      - main
    tags: # Always, regardless of paths above
      - '*'
 jobs:
  # https://github.com/marketplace/actions/skip-duplicate-actions
  # Some checks to determine if we need to continue with building a new docker.
  # We will skip this check if we are creating a tag, because that has the same hash as a previous run already.
  skip_check:
    runs-on: ubuntu-20.04
    if: ${{ github.repository == 'dani-garcia/vaultwarden' }}
    outputs:
      should_skip: ${{ steps.skip_check.outputs.should_skip }}
    steps:
      - name: Skip Duplicates Actions
        id: skip_check
        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0
        with:
          cancel_others: 'true'
        # Only run this when not creating a tag
        if: ${{ startsWith(github.ref, 'refs/heads/') }}
  docker-build:
    runs-on: ubuntu-20.04
    timeout-minutes: 120
    needs: skip_check
    # Start a local docker registry to be used to generate multi-arch images.
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    env:
      # Use BuildKit (https://docs.docker.com/build/buildkit/) for better
      # build performance and the ability to copy extended file attributes
      # (e.g., for executable capabilities) across build phases.
      DOCKER_BUILDKIT: 1
      SOURCE_COMMIT: ${{ github.sha }}
      SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
      # The *_REPO variables need to be configured as repository variables
      # Append `/settings/variables/actions` to your repo url
      # DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
      # Check for Docker hub credentials in secrets
      HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
      # GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
      # Check for Github credentials in secrets
      HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
      # QUAY_REPO needs to be 'quay.io/<user>/<repo>'
      # Check for Quay.io credentials in secrets
      HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
    if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
    strategy:
      matrix:
        base_image: ["debian","alpine"]
    steps:
      # Checkout the repo
      - name: Checkout
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          fetch-depth: 0
      # Determine Docker Tag
      - name: Init Variables
        id: vars
        shell: bash
        run: |
          # Check which main tag we are going to build determined by github.ref
          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
            echo "DOCKER_TAG=${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}"
          elif [[ "${{ github.ref }}" == refs/heads/* ]]; then
            echo "DOCKER_TAG=testing" | tee -a "${GITHUB_OUTPUT}"
          fi
      # End Determine Docker Tag
      # Login to Docker Hub
      - name: Login to Docker Hub
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
        if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
      # Login to GitHub Container Registry
      - name: Login to GitHub Container Registry
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
        if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
      # Login to Quay.io
      - name: Login to Quay.io
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_TOKEN }}
        if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
      # Debian
      # Docker Hub
      - name: Build Debian based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
      - name: Push Debian based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
      # GitHub Container Registry
      - name: Build Debian based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
      - name: Push Debian based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
      # Quay.io
      - name: Build Debian based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
      - name: Push Debian based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
      # Alpine
      # Docker Hub
      - name: Build Alpine based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
      - name: Push Alpine based images (docker.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
      # GitHub Container Registry
      - name: Build Alpine based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
      - name: Push Alpine based images (ghcr.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
      # Quay.io
      - name: Build Alpine based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/build
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
      - name: Push Alpine based images (quay.io)
        shell: bash
        env:
          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/push
        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,7 @@ data
 *.iml
 # Environment file
-.env
+# .env
 # Web vault
-web-vault
+web-vault
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@@ -1,11 +0,0 @@
 ignored:
  # disable explicit version for apt install
  - DL3008
  # disable explicit version for apk install
  - DL3018
  # disable check for consecutive `RUN` instructions
  - DL3059
 trustedRegistries:
  - docker.io
  - ghcr.io
  - quay.io
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,44 +0,0 @@
 ---
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.4.0
    hooks:
    - id: check-yaml
    - id: check-json
    - id: check-toml
    - id: mixed-line-ending
      args: ["--fix=no"]
    - id: end-of-file-fixer
      exclude: "(.*js$|.*css$)"
    - id: check-case-conflict
    - id: check-merge-conflict
    - id: detect-private-key
    - id: check-symlinks
    - id: forbid-submodules
 -   repo: local
    hooks:
    - id: fmt
      name: fmt
      description: Format files with cargo fmt.
      entry: cargo fmt
      language: system
      types: [rust]
      args: ["--", "--check"]
    - id: cargo-test
      name: cargo test
      description: Test the package for errors.
      entry: cargo test
      language: system
      args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--"]
      types_or: [rust, file]
      files: (Cargo.toml|Cargo.lock|rust-toolchain|.*\.rs$)
      pass_filenames: false
    - id: cargo-clippy
      name: cargo clippy
      description: Lint Rust sources
      entry: cargo clippy
      language: system
      args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--", "-D", "warnings"]
      types_or: [rust, file]
      files: (Cargo.toml|Cargo.lock|rust-toolchain|clippy.toml|.*\.rs$)
      pass_filenames: false
--- a/BUILD.md
+++ b/BUILD.md
@@ -0,0 +1,69 @@
 ## How to compile bitwarden_rs
 Install `rust nightly`, in Windows the recommended way is through `rustup`.
 Install the `openssl` library, in Windows the best option is Microsoft's `vcpkg`,
 on other systems use their respective package managers.
 Then run:
 ```sh
 cargo run
 # or
 cargo build
 ```
 ## How to install the web-vault locally
 If you're using docker image, you can just update `VAULT_VERSION` variable in Dockerfile and rebuild the image.
 Install `node.js` and either `yarn` or `npm` (usually included with node)
 Clone the web-vault outside the project:
 ```
 git clone https://github.com/bitwarden/web.git web-vault
 ```
 Modify `web-vault/settings.Production.json` to look like this:
 ```json
 {
  "appSettings": {
    "apiUri": "/api",
    "identityUri": "/identity",
    "iconsUri": "/icons",
    "stripeKey": "",
    "braintreeKey": ""
  }
 }
 ```
 Then, run the following from the `web-vault` dir:
 ```sh
 # With yarn (recommended)
 yarn
 yarn gulp dist:selfHosted
 # With npm
 npm install
 npx gulp dist:selfHosted
 ```
 Finally copy the contents of the `web-vault/dist` folder into the `bitwarden_rs/web-vault` folder.
 ## How to recreate database schemas
 Install diesel-cli with cargo:
 ```sh
 cargo install diesel_cli --no-default-features --features sqlite-bundled # Or use only sqlite to use the system version
 ```
 Make sure that the correct path to the database is in the `.env` file.
 If you want to modify the schemas, create a new migration with:
 ```
 diesel migration generate <name>
 ```
 Modify the *.sql files, making sure that any changes are reverted in the down.sql file.
 Apply the migrations and save the generated schemas as follows:
 ```
 diesel migration redo
 diesel print-schema > src/db/schema.rs
 ```
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,183 +1,55 @@
 [package]
-name = "vaultwarden"
+name = "bitwarden_rs"
-version = "1.0.0"
+version = "0.9.0"
 authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
 edition = "2021"
 rust-version = "1.68.2"
 resolver = "2"
 repository = "https://github.com/dani-garcia/vaultwarden"
 readme = "README.md"
 license = "AGPL-3.0-only"
 publish = false
 build = "build.rs"
 [features]
 # default = ["sqlite"]
 # Empty to keep compatibility, prefer to set USE_SYSLOG=true
 enable_syslog = []
 mysql = ["diesel/mysql", "diesel_migrations/mysql"]
 postgresql = ["diesel/postgres", "diesel_migrations/postgres"]
 sqlite = ["diesel/sqlite", "diesel_migrations/sqlite", "libsqlite3-sys"]
 # Enable to use a vendored and statically linked openssl
 vendored_openssl = ["openssl/vendored"]
 # Enable MiMalloc memory allocator to replace the default malloc
 # This can improve performance for Alpine builds
 enable_mimalloc = ["mimalloc"]
 # This is a development dependency, and should only be used during development!
 # It enables the usage of the diesel_logger crate, which is able to output the generated queries.
 # You also need to set an env variable `QUERY_LOGGER=1` to fully activate this so you do not have to re-compile
 # if you want to turn off the logging for a specific run.
 query_logger = ["diesel_logger"]
 # Enable unstable features, requires nightly
 # Currently only used to enable rusts official ip support
 unstable = []
 [target."cfg(not(windows))".dependencies]
 # Logging
 syslog = "6.1.0"
 [dependencies]
-# Logging
+# Web framework for nightly with a focus on ease-of-use, expressibility, and speed.
-log = "0.4.19"
+rocket = { version = "0.3.12", features = ["tls"] }
-fern = { version = "0.6.2", features = ["syslog-6"] }
+rocket_codegen = "0.3.12"
-tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
+rocket_contrib = "0.3.12"
-# A `dotenv` implementation for Rust
+# HTTP client
-dotenvy = { version = "0.15.7", default-features = false }
+reqwest = "0.8.6"
-# Lazy initialization
+# multipart/form-data support
-once_cell = "1.18.0"
+multipart = "0.14.2"
 # Numerical libraries
 num-traits = "0.2.15"
 num-derive = "0.4.0"
 # Web framework
 rocket = { version = "0.5.0-rc.3", features = ["tls", "json"], default-features = false }
 # rocket_ws = { version ="0.1.0-rc.3" }
 rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = "ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa" } # v0.5 branch
 # WebSockets libraries
 tokio-tungstenite = "0.19.0"
 rmpv = "1.0.0" # MessagePack library
 # Concurrent HashMap used for WebSocket messaging and favicons
 dashmap = "5.4.0"
 # Async futures
 futures = "0.3.28"
 tokio = { version = "1.29.1", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
 # A generic serialization/deserialization framework
-serde = { version = "1.0.166", features = ["derive"] }
+serde = "1.0.64"
-serde_json = "1.0.99"
+serde_derive = "1.0.64"
 serde_json = "1.0.19"
 # A safe, extensible ORM and Query builder
-diesel = { version = "2.1.0", features = ["chrono", "r2d2"] }
+diesel = { version = "~1.2.2", features = ["sqlite", "chrono", "r2d2"] }
-diesel_migrations = "2.1.0"
+diesel_migrations = { version = "~1.2.0", features = ["sqlite"] }
 diesel_logger = { version = "0.3.0", optional = true }
-# Bundled/Static SQLite
+# Bundled SQLite
-libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true }
+libsqlite3-sys = { version = "0.9.1", features = ["bundled"] }
-# Crypto-related libraries
+# Crypto library
-rand = { version = "0.8.5", features = ["small_rng"] }
+ring = { version = "= 0.11.0", features = ["rsa_signing"] }
 ring = "0.16.20"
 # UUID generation
-uuid = { version = "1.4.0", features = ["v4"] }
+uuid = { version = "0.6.5", features = ["v4"] }
-# Date and time libraries
+# Date and time library for Rust
-chrono = { version = "0.4.26", features = ["clock", "serde"], default-features = false }
+chrono = "0.4.2"
 chrono-tz = "0.8.3"
 time = "0.3.22"
 # Job scheduler
 job_scheduler_ng = "2.0.4"
 # Data encoding library Hex/Base32/Base64
 data-encoding = "2.4.0"
 # JWT library
 jsonwebtoken = "8.3.0"
 # TOTP library
-totp-lite = "2.0.0"
+oath = "0.10.2"
-# Yubico Library
+# Data encoding library
-yubico = { version = "0.11.0", features = ["online-tokio"], default-features = false }
+data-encoding = "2.1.1"
-# WebAuthn libraries
+# JWT library
-webauthn-rs = "0.3.2"
+jsonwebtoken = "= 4.0.1"
-# Handling of URL's for WebAuthn and favicons
+# A `dotenv` implementation for Rust
-url = "2.4.0"
+dotenv = { version = "0.13.0", default-features = false }
-# Email libraries
+# Lazy static macro
-lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+lazy_static = "1.0.1"
 percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"
 # HTML Template library
 handlebars = { version = "4.3.7", features = ["dir_source"] }
 # HTTP client (Used for favicons, version check, DUO and HIBP API)
 reqwest = { version = "0.11.18", features = ["stream", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] }
 # Favicon extraction libraries
 html5gum = "0.5.3"
 regex = { version = "1.8.4", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.0"
 bytes = "1.4.0"
 # Cache function results (Used for version check and favicon fetching)
 cached = "0.44.0"
 # Used for custom short lived cookie jar during favicon extraction
 cookie = "0.16.2"
 cookie_store = "0.19.1"
 # Used by U2F, JWT and PostgreSQL
 openssl = "0.10.55"
 # CLI argument parsing
 pico-args = "0.5.0"
 # Macro ident concatenation
 paste = "1.0.13"
 governor = "0.5.1"
 # Check client versions for specific features.
 semver = "1.0.17"
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
 mimalloc = { version = "0.1.37", features = ["secure"], default-features = false, optional = true }
 which = "4.4.0"
 # Argon2 library with support for the PHC format
 argon2 = "0.5.0"
 # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN
 rpassword = "7.2.0"
 [patch.crates-io]
-rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch
+jsonwebtoken = { path = "libs/jsonwebtoken" } # Make jwt use ring 0.11, to match rocket
 # rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch
 # Strip debuginfo from the release builds
 # Also enable thin LTO for some optimizations
 [profile.release]
 strip = "debuginfo"
 lto = "thin"
 # Always build argon2 using opt-level 3
 # This is a huge speed improvement during testing
 [profile.dev.package.argon2]
 opt-level = 3
 # A little bit of a speedup
 [profile.dev]
 split-debuginfo = "unpacked"
--- a/1
+++ b/1
@@ -1 +0,0 @@
 docker/amd64/Dockerfile
--- a/88
+++ b/88
@@ -0,0 +1,88 @@
 # Using multistage build: 
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 FROM node:9-alpine as vault
 ENV VAULT_VERSION "1.26.0"
 ENV URL "https://github.com/bitwarden/web/archive/v${VAULT_VERSION}.tar.gz"
 RUN apk add --update-cache --upgrade \
    curl \
    git \
    tar \
    && npm install -g \
        gulp-cli \
        gulp
 RUN mkdir /web-build \
    && cd /web-build \
    && curl -L "${URL}" | tar -xvz --strip-components=1
 WORKDIR /web-build
 COPY /docker/settings.Production.json /web-build/
 RUN git config --global url."https://github.com/".insteadOf ssh://git@github.com/ \
    && npm install \
    && gulp dist:selfHosted \
    && mv dist /web-vault
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
 # we need the Rust compiler and Cargo tooling
 FROM rustlang/rust:nightly as build
 # Using bundled SQLite, no need to install it
 # RUN apt-get update && apt-get install -y\
 #    sqlite3\
 #    --no-install-recommends\
 # && rm -rf /var/lib/apt/lists/*
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin app
 WORKDIR /app
 # Copies over *only* your manifests and vendored dependencies
 COPY ./Cargo.* ./
 COPY ./libs ./libs
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --release
 RUN find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM debian:stretch-slim
 # Install needed libraries
 RUN apt-get update && apt-get install -y\
    openssl\
    --no-install-recommends\
 && rm -rf /var/lib/apt/lists/*
 RUN mkdir /data
 VOLUME /data
 EXPOSE 80
 # Copies the files from the context (env file and web-vault)
 # and the binary from the "build" stage to the current stage
 COPY .env .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .
 # Configures the startup!
 # Use production to disable Rocket logging
 #CMD ROCKET_ENV=production ./bitwarden_rs
 CMD ROCKET_ENV=staging ./bitwarden_rs
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,5 +1,5 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
+                       Version 3, 29 June 2007
 Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
@@ -7,15 +7,17 @@
                            Preamble
-  The GNU Affero General Public License is a free, copyleft license for
+  The GNU General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
+software and other kinds of works.
 cooperation with the community in the case of network server software.
  The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
+the GNU General Public License is intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.
+software for all its users.  We, the Free Software Foundation, use the
 GNU General Public License for most of our software; it applies also to
 any other work released this way by its authors.  You can apply it to
 your programs, too.
  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -24,34 +26,44 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.
-  Developers that use our General Public Licenses protect your rights
+  To protect your rights, we need to prevent others from denying you
-with two steps: (1) assert copyright on the software, and (2) offer
+these rights or asking you to surrender the rights.  Therefore, you have
-you this License which gives you legal permission to copy, distribute
+certain responsibilities if you distribute copies of the software, or if
-and/or modify the software.
+you modify it: responsibilities to respect the freedom of others.
-  A secondary benefit of defending all users' freedom is that
+  For example, if you distribute copies of such a program, whether
-improvements made in alternate versions of the program, if they
+gratis or for a fee, you must pass on to the recipients the same
-receive widespread use, become available for other developers to
+freedoms that you received.  You must make sure that they, too, receive
-incorporate.  Many developers of free software are heartened and
+or can get the source code.  And you must show them these terms so they
-encouraged by the resulting cooperation.  However, in the case of
+know their rights.
 software used on network servers, this result may fail to come about.
 The GNU General Public License permits making a modified version and
 letting the public access it on a server without ever releasing its
 source code to the public.
-  The GNU Affero General Public License is designed specifically to
+  Developers that use the GNU GPL protect your rights with two steps:
-ensure that, in such cases, the modified source code becomes available
+(1) assert copyright on the software, and (2) offer you this License
-to the community.  It requires the operator of a network server to
+giving you legal permission to copy, distribute and/or modify it.
 provide the source code of the modified version running there to the
 users of that server.  Therefore, public use of a modified version, on
 a publicly accessible server, gives the public access to the source
 code of the modified version.
-  An older license, called the Affero General Public License and
+  For the developers' and authors' protection, the GPL clearly explains
-published by Affero, was designed to accomplish similar goals.  This is
+that there is no warranty for this free software.  For both users' and
-a different license, not a version of the Affero GPL, but Affero has
+authors' sake, the GPL requires that modified versions be marked as
-released a new version of the Affero GPL which permits relicensing under
+changed, so that their problems will not be attributed erroneously to
-this license.
+authors of previous versions.
  Some devices are designed to deny users access to install or run
 modified versions of the software inside them, although the manufacturer
 can do so.  This is fundamentally incompatible with the aim of
 protecting users' freedom to change the software.  The systematic
 pattern of such abuse occurs in the area of products for individuals to
 use, which is precisely where it is most unacceptable.  Therefore, we
 have designed this version of the GPL to prohibit the practice for those
 products.  If such problems arise substantially in other domains, we
 stand ready to extend this provision to those domains in future versions
 of the GPL, as needed to protect the freedom of users.
  Finally, every program is threatened constantly by software patents.
 States should not allow patents to restrict development and use of
 software on general-purpose computers, but in those that do, we wish to
 avoid the special danger that patents applied to a free program could
 make it effectively proprietary.  To prevent this, the GPL assures that
 patents cannot be used to render the program non-free.
  The precise terms and conditions for copying, distribution and
 modification follow.
@@ -60,7 +72,7 @@ modification follow.
  0. Definitions.
-  "This License" refers to version 3 of the GNU Affero General Public License.
+  "This License" refers to version 3 of the GNU General Public License.
  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -537,45 +549,35 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
-  13. Remote Network Interaction; Use with the GNU General Public License.
+  13. Use with the GNU Affero General Public License.
  Notwithstanding any other provision of this License, if you modify the
 Program, your modified version must prominently offer all users
 interacting with it remotely through a computer network (if your version
 supports such interaction) an opportunity to receive the Corresponding
 Source of your version by providing access to the Corresponding Source
 from a network server at no charge, through some standard or customary
 means of facilitating copying of software.  This Corresponding Source
 shall include the Corresponding Source for any work covered by version 3
 of the GNU General Public License that is incorporated pursuant to the
 following paragraph.
  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
+under version 3 of the GNU Affero General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
+but the special requirements of the GNU Affero General Public License,
-3 of the GNU General Public License.
+section 13, concerning interaction through a network will apply to the
 combination as such.
  14. Revised Versions of this License.
  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
+the GNU General Public License from time to time.  Such new versions will
-will be similar in spirit to the present version, but may differ in detail to
+be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
+Program specifies that a certain numbered version of the GNU General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
+GNU General Public License, you may choose any version ever published
 by the Free Software Foundation.
  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
+versions of the GNU General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
@@ -633,29 +635,40 @@ the "copyright" line and a pointer to where the full notice is found.
    Copyright (C) <year>  <name of author>
    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
+    it under the terms of the GNU General Public License as published by
-    by the Free Software Foundation, either version 3 of the License, or
+    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
+    GNU General Public License for more details.
-    You should have received a copy of the GNU Affero General Public License
+    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 Also add information on how to contact you by electronic and paper mail.
-  If your software can interact with users remotely through a computer
+  If the program does terminal interaction, make it output a short
-network, you should also make sure that it provides a way for users to
+notice like this when it starts in an interactive mode:
-get its source.  For example, if your program is a web application, its
+
-interface could display a "Source" link that leads users to an archive
+    <program>  Copyright (C) <year>  <name of author>
-of the code.  There are many ways you could offer source, and different
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-solutions will be better for different programs; see section 13 for the
+    This is free software, and you are welcome to redistribute it
-specific requirements.
+    under certain conditions; type `show c' for details.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, your program's commands
 might be different; for a GUI interface, you would use an "about box".
  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
+For more information on this, and how to apply and follow the GNU GPL, see
 <https://www.gnu.org/licenses/>.
  The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
 <https://www.gnu.org/licenses/why-not-lgpl.html>.
--- a/README.md
+++ b/README.md
@@ -1,95 +1,148 @@
-### Alternative implementation of the Bitwarden server API written in Rust and compatible with [upstream Bitwarden clients](https://bitwarden.com/download/)*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
+This is Bitwarden server API implementation written in rust compatible with [upstream Bitwarden clients](https://bitwarden.com/#download)*, ideal for self-hosted deployment where running official resource-heavy service might not be ideal.
-📢 Note: This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues. Please see [#1642](https://github.com/dani-garcia/vaultwarden/discussions/1642) for more explanation.
+Image is based on [Rust implementation of Bitwarden API](https://github.com/dani-garcia/bitwarden_rs).
---
+_*Note, that this project is not associated with the [Bitwarden](https://bitwarden.com/) project nor 8bit Solutions LLC._
 [![Build](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml/badge.svg)](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml)
 [![ghcr.io](https://img.shields.io/badge/ghcr.io-download-blue)](https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden)
 [![Docker Pulls](https://img.shields.io/docker/pulls/vaultwarden/server.svg)](https://hub.docker.com/r/vaultwarden/server)
 [![Quay.io](https://img.shields.io/badge/Quay.io-download-blue)](https://quay.io/repository/vaultwarden/server)
 [![Dependency Status](https://deps.rs/repo/github/dani-garcia/vaultwarden/status.svg)](https://deps.rs/repo/github/dani-garcia/vaultwarden)
 [![GitHub Release](https://img.shields.io/github/release/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/releases/latest)
 [![AGPL-3.0 Licensed](https://img.shields.io/github/license/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/blob/main/LICENSE.txt)
 [![Matrix Chat](https://img.shields.io/matrix/vaultwarden:matrix.org.svg?logo=matrix)](https://matrix.to/#/#vaultwarden:matrix.org)
 Image is based on [Rust implementation of Bitwarden API](https://github.com/dani-garcia/vaultwarden).
 **This project is not associated with the [Bitwarden](https://bitwarden.com/) project nor Bitwarden, Inc.**
 #### ⚠️**IMPORTANT**⚠️: When using this server, please report any bugs or suggestions to us directly (look at the bottom of this page for ways to get in touch), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.
 ---
 ## Features
 Basically full implementation of Bitwarden API is provided including:
 * Basic single user functionality
 * Organizations support
- * Attachments and Send
+ * Attachments
- * Vault API support
+ * Vault API support 
 * Serving the static files for Vault interface
 * Website icons API
 * Authenticator and U2F support
 * YubiKey and Duo support
 * Emergency Access
-## Installation
+## Docker image usage
-Pull the docker image and mount a volume from the host for persistent storage:
+
 ### Starting a container
 The persistent data is stored under /data inside the container, so the only requirement for persistent deployment using Docker is to mount persistent volume at the path:
 ```
 docker run -d --name bitwarden -v /bw-data/:/data/ -p 80:80 mprasil/bitwarden:latest
 ```
 This will preserve any persistent data under `/bw-data/`, you can adapt the path to whatever suits you.
 The service will be exposed on port 80.
 ### Updating the bitwarden image
 Updating is straightforward, you just make sure to preserve the mounted volume. If you used the bind-mounted path as in the example above, you just need to `pull` the latest image, `stop` and `rm` the current container and then start a new one the same way as before:
 ```sh
-docker pull vaultwarden/server:latest
+# Pull the latest version
-docker run -d --name vaultwarden -v /vw-data/:/data/ --restart unless-stopped -p 80:80 vaultwarden/server:latest
+docker pull mprasil/bitwarden:latest
 # Stop and remove the old container
 docker stop bitwarden
 docker rm bitwarden
 # Start new container with the data mounted
 docker run -d --name bitwarden -v /bw-data/:/data/ -p 80:80 mprasil/bitwarden:latest
 ```
 This will preserve any persistent data under /vw-data/, you can adapt the path to whatever suits you.
-**IMPORTANT**: Most modern web browsers, disallow the use of Web Crypto APIs in insecure contexts. In this case, you might get an error like `Cannot read property 'importKey'`. To solve this problem, you need to access the web vault via HTTPS or localhost.
+In case you didn't bind mount the volume for persistent data, you need an intermediate step where you preserve the data with an intermediate container:
-This can be configured in [vaultwarden directly](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS) or using a third-party reverse proxy ([some examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples)).
+```sh
 # Pull the latest version
 docker pull mprasil/bitwarden:latest
-If you have an available domain name, you can get HTTPS certificates with [Let's Encrypt](https://letsencrypt.org/), or you can generate self-signed certificates with utilities like [mkcert](https://github.com/FiloSottile/mkcert). Some proxies automatically do this step, like Caddy (see examples linked above).
+# Create intermediate container to preserve data
 docker run --volumes-from bitwarden --name bitwarden_data busybox true
-## Usage
+# Stop and remove the old container
-See the [vaultwarden wiki](https://github.com/dani-garcia/vaultwarden/wiki) for more information on how to configure and run the vaultwarden server.
+docker stop bitwarden
 docker rm bitwarden
-## Get in touch
+# Start new container with the data mounted
-To ask a question, offer suggestions or new features or to get help configuring or installing the software, please use [GitHub Discussions](https://github.com/dani-garcia/vaultwarden/discussions) or [the forum](https://vaultwarden.discourse.group/).
+docker run -d --volumes-from bitwarden_data --name bitwarden -p 80:80 mprasil/bitwarden:latest
-If you spot any bugs or crashes with vaultwarden itself, please [create an issue](https://github.com/dani-garcia/vaultwarden/issues/). Make sure you are on the latest version and there aren't any similar issues open, though!
+# Optionally remove the intermediate container
 docker rm bitwarden_data
-If you prefer to chat, we're usually hanging around at [#vaultwarden:matrix.org](https://matrix.to/#/#vaultwarden:matrix.org) room on Matrix. Feel free to join us!
+# Alternatively you can keep data container around for future updates in which case you can skip last step.
 ```
-### Sponsors
+## Configuring bitwarden service
 Thanks for your contribution to the project!
-<!--
+### Changing persistent data location
 <table>
  <tr>
    <td align="center">
      <a href="https://github.com/username">
        <img src="https://avatars.githubusercontent.com/u/725423?s=75&v=4" width="75px;" alt="username"/>
        <br />
        <sub><b>username</b></sub>
      </a>
  </td>
  </tr>
 </table>
-<br/>
+#### /data prefix:
 -->
-<table>
+By default all persistent data is saved under `/data`, you can override this path by setting the `DATA_FOLDER` env variable:
-  <tr>
+
-    <td align="center">
+```sh
-       <a href="https://github.com/themightychris" style="width: 75px">
+docker run -d --name bitwarden \
-        <sub><b>Chris Alfano</b></sub>
+  -e DATA_FOLDER=/persistent \
-      </a>
+  -v /bw-data/:/persistent/ \
-    </td>
+  -p 80:80 \
-  </tr>
+  mprasil/bitwarden:latest
-  <tr>
+```
-    <td align="center">
+
-      <a href="https://github.com/numberly" style="width: 75px">
+Notice, that you need to adapt your volume mount accordingly.
-        <sub><b>Numberly</b></sub>
+
-      </a>
+#### database name and location
-    </td>
+
-  </tr>
+Default is `$DATA_FOLDER/db.sqlite3`, you can change the path specifically for database using `DATABASE_URL` variable:
-</table>
+
 ```sh
 docker run -d --name bitwarden \
  -e DATABASE_URL=/database/bitwarden.sqlite3 \
  -v /bw-data/:/data/ \
  -v /bw-database/:/database/ \
  -p 80:80 \
  mprasil/bitwarden:latest
 ```
 Note, that you need to remember to mount the volume for both database and other persistent data if they are different.
 #### attachments location
 Default is `$DATA_FOLDER/attachments`, you can change the path using `ATTACHMENTS_FOLDER` variable:
 ```sh
 docker run -d --name bitwarden \
  -e ATTACHMENTS_FOLDER=/attachments \
  -v /bw-data/:/data/ \
  -v /bw-attachments/:/attachments/ \
  -p 80:80 \
  mprasil/bitwarden:latest
 ```
 Note, that you need to remember to mount the volume for both attachments and other persistent data if they are different.
 #### icons cache
 Default is `$DATA_FOLDER/icon_cache`, you can change the path using `ICON_CACHE_FOLDER` variable:
 ```sh
 docker run -d --name bitwarden \
  -e ICON_CACHE_FOLDER=/icon_cache \
  -v /bw-data/:/data/ \
  -v /icon_cache/ \
  -p 80:80 \
  mprasil/bitwarden:latest
 ```
 Note, that in the above example we don't mount the volume locally, which means it won't be persisted during the upgrade unless you use intermediate data container using `--volumes-from`. This will impact performance as bitwarden will have to re-dowload the icons on restart, but might save you from having stale icons in cache as they are not automatically cleaned.
 ### Other configuration
 Though this is unlikely to be required in small deployment, you can fine-tune some other settings like number of workers using environment variables that are processed by [Rocket](https://rocket.rs), please see details in [documentation](https://rocket.rs/guide/configuration/#environment-variables).
 ## Building your own image
 Clone the repository, then from the root of the repository run:
 ```sh
 # Build the docker image:
 docker build -t bitwarden_rs .
 ```
 ## Building binary
 For building binary outside the Docker environment and running it locally without docker, please see [build instructions](BUILD.md).
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,45 +0,0 @@
 Vaultwarden tries to prevent security issues but there could always slip something through.
 If you believe you've found a security issue in our application, we encourage you to
 notify us. We welcome working with you to resolve the issue promptly. Thanks in advance!
 # Disclosure Policy
 - Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
  effort to quickly resolve the issue.
 - Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a
  third-party. We may publicly disclose the issue before resolving it, if appropriate.
 - Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
  degradation of our service. Only interact with accounts you own or with explicit permission of the
  account holder.
 # In-scope
 - Security issues in any current release of Vaultwarden. Source code is available at https://github.com/dani-garcia/vaultwarden. This includes the current `latest` release and `main / testing` release.
 # Exclusions
 The following bug classes are out-of scope:
 - Bugs that are already reported on Vaultwarden's issue tracker (https://github.com/dani-garcia/vaultwarden/issues)
 - Bugs that are not part of Vaultwarden, like on the the web-vault or mobile and desktop clients. These issues need to be reported in the respective project issue tracker at https://github.com/bitwarden to which we are not associated
 - Issues in an upstream software dependency (ex: Rust, or External Libraries) which are already reported to the upstream maintainer
 - Attacks requiring physical access to a user's device
 - Issues related to software or protocols not under Vaultwarden's control
 - Vulnerabilities in outdated versions of Vaultwarden
 - Missing security best practices that do not directly lead to a vulnerability (You may still report them as a normal issue)
 - Issues that do not have any impact on the general public
 While researching, we'd like to ask you to refrain from:
 - Denial of service
 - Spamming
 - Social engineering (including phishing) of Vaultwarden developers, contributors or users
 Thank you for helping keep Vaultwarden and our users safe!
 # How to contact us
 - You can contact us on Matrix https://matrix.to/#/#vaultwarden:matrix.org (user: `@danig:matrix.org`)
 - You can send an ![security-contact](/.github/security-contact.gif) to report a security issue.
  - If you want to send an encrypted email you can use the following GPG key:<br>
    https://keyserver.ubuntu.com/pks/lookup?search=0xB9B7A108373276BF3C0406F9FC8A7D14C3CD543A&fingerprint=on&op=index
--- a/build.rs
+++ b/build.rs
@@ -1,80 +0,0 @@
 use std::env;
 use std::process::Command;
 fn main() {
    // This allow using #[cfg(sqlite)] instead of #[cfg(feature = "sqlite")], which helps when trying to add them through macros
    #[cfg(feature = "sqlite")]
    println!("cargo:rustc-cfg=sqlite");
    #[cfg(feature = "mysql")]
    println!("cargo:rustc-cfg=mysql");
    #[cfg(feature = "postgresql")]
    println!("cargo:rustc-cfg=postgresql");
    #[cfg(feature = "query_logger")]
    println!("cargo:rustc-cfg=query_logger");
    #[cfg(not(any(feature = "sqlite", feature = "mysql", feature = "postgresql")))]
    compile_error!(
        "You need to enable one DB backend. To build with previous defaults do: cargo build --features sqlite"
    );
    #[cfg(all(not(debug_assertions), feature = "query_logger"))]
    compile_error!("Query Logging is only allowed during development, it is not intented for production usage!");
    // Support $BWRS_VERSION for legacy compatibility, but default to $VW_VERSION.
    // If neither exist, read from git.
    let maybe_vaultwarden_version =
        env::var("VW_VERSION").or_else(|_| env::var("BWRS_VERSION")).or_else(|_| version_from_git_info());
    if let Ok(version) = maybe_vaultwarden_version {
        println!("cargo:rustc-env=VW_VERSION={version}");
        println!("cargo:rustc-env=CARGO_PKG_VERSION={version}");
    }
 }
 fn run(args: &[&str]) -> Result<String, std::io::Error> {
    let out = Command::new(args[0]).args(&args[1..]).output()?;
    if !out.status.success() {
        use std::io::{Error, ErrorKind};
        return Err(Error::new(ErrorKind::Other, "Command not successful"));
    }
    Ok(String::from_utf8(out.stdout).unwrap().trim().to_string())
 }
 /// This method reads info from Git, namely tags, branch, and revision
 /// To access these values, use:
 ///    - env!("GIT_EXACT_TAG")
 ///    - env!("GIT_LAST_TAG")
 ///    - env!("GIT_BRANCH")
 ///    - env!("GIT_REV")
 ///    - env!("VW_VERSION")
 fn version_from_git_info() -> Result<String, std::io::Error> {
    // The exact tag for the current commit, can be empty when
    // the current commit doesn't have an associated tag
    let exact_tag = run(&["git", "describe", "--abbrev=0", "--tags", "--exact-match"]).ok();
    if let Some(ref exact) = exact_tag {
        println!("cargo:rustc-env=GIT_EXACT_TAG={exact}");
    }
    // The last available tag, equal to exact_tag when
    // the current commit is tagged
    let last_tag = run(&["git", "describe", "--abbrev=0", "--tags"])?;
    println!("cargo:rustc-env=GIT_LAST_TAG={last_tag}");
    // The current branch name
    let branch = run(&["git", "rev-parse", "--abbrev-ref", "HEAD"])?;
    println!("cargo:rustc-env=GIT_BRANCH={branch}");
    // The current git commit hash
    let rev = run(&["git", "rev-parse", "HEAD"])?;
    let rev_short = rev.get(..8).unwrap_or_default();
    println!("cargo:rustc-env=GIT_REV={rev_short}");
    // Combined version
    if let Some(exact) = exact_tag {
        Ok(exact)
    } else if &branch != "main" && &branch != "master" && &branch != "HEAD" {
        Ok(format!("{last_tag}-{rev_short} ({branch})"))
    } else {
        Ok(format!("{last_tag}-{rev_short}"))
    }
 }
--- a/diesel.toml
+++ b/diesel.toml
@@ -1,5 +0,0 @@
 # For documentation on how to configure this file,
 # see diesel.rs/guides/configuring-diesel-cli
 [print_schema]
 file = "src/db/schema.rs"
--- a/docker/Dockerfile.buildx
+++ b/docker/Dockerfile.buildx
@@ -1,34 +0,0 @@
 # syntax=docker/dockerfile:1
 # The cross-built images have the build arch (`amd64`) embedded in the image
 # manifest, rather than the target arch. For example:
 #
 #   $ docker inspect vaultwarden/server:latest-armv7 | jq -r '.[]|.Architecture'
 #   amd64
 #
 # Recent versions of Docker have started printing a warning when the image's
 # claimed arch doesn't match the host arch. For example:
 #
 #   WARNING: The requested image's platform (linux/amd64) does not match the
 #   detected host platform (linux/arm/v7) and no specific platform was requested
 #
 # The image still works fine, but the spurious warning creates confusion.
 #
 # Docker doesn't seem to provide a way to directly set the arch of an image
 # at build time. To resolve the build vs. target arch discrepancy, we use
 # Docker Buildx to build a new set of images with the correct target arch.
 #
 # Docker Buildx uses this Dockerfile to build an image for each requested
 # platform. Since the Dockerfile basically consists of a single `FROM`
 # instruction, we're effectively telling Buildx to build a platform-specific
 # image by simply copying the existing cross-built image and setting the
 # correct target arch as a side effect.
 #
 # References:
 #
 # - https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images
 # - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 # - https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
 #
 ARG LOCAL_REPO
 ARG DOCKER_TAG
 FROM ${LOCAL_REPO}:${DOCKER_TAG}-${TARGETARCH}${TARGETVARIANT}
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@@ -1,244 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 {% set rust_version = "1.70.0" %}
 {% set debian_version = "bullseye" %}
 {% set alpine_version = "3.17" %}
 {% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %}
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
 {%     set build_stage_base_image = "docker.io/blackdex/rust-musl:x86_64-musl-stable-%s" % rust_version %}
 {%     set runtime_stage_base_image = "docker.io/library/alpine:%s" % alpine_version %}
 {%     set package_arch_target = "x86_64-unknown-linux-musl" %}
 {%   elif "armv7" in target_file %}
 {%     set build_stage_base_image = "docker.io/blackdex/rust-musl:armv7-musleabihf-stable-%s" % rust_version %}
 {%     set runtime_stage_base_image = "docker.io/balenalib/armv7hf-alpine:%s" % alpine_version %}
 {%     set package_arch_target = "armv7-unknown-linux-musleabihf" %}
 {%   elif "armv6" in target_file %}
 {%     set build_stage_base_image = "docker.io/blackdex/rust-musl:arm-musleabi-stable-%s" % rust_version %}
 {%     set runtime_stage_base_image = "docker.io/balenalib/rpi-alpine:%s" % alpine_version %}
 {%     set package_arch_target = "arm-unknown-linux-musleabi" %}
 {%   elif "arm64" in target_file %}
 {%     set build_stage_base_image = "docker.io/blackdex/rust-musl:aarch64-musl-stable-%s" % rust_version %}
 {%     set runtime_stage_base_image = "docker.io/balenalib/aarch64-alpine:%s" % alpine_version %}
 {%     set package_arch_target = "aarch64-unknown-linux-musl" %}
 {%   endif %}
 {% elif "amd64" in target_file %}
 {%   set runtime_stage_base_image = "docker.io/library/debian:%s-slim" % debian_version %}
 {% elif "arm64" in target_file %}
 {%   set runtime_stage_base_image = "docker.io/balenalib/aarch64-debian:%s" % debian_version %}
 {%   set package_arch_name = "arm64" %}
 {%   set package_arch_target = "aarch64-unknown-linux-gnu" %}
 {%   set package_cross_compiler = "aarch64-linux-gnu" %}
 {% elif "armv6" in target_file %}
 {%   set runtime_stage_base_image = "docker.io/balenalib/rpi-debian:%s" % debian_version %}
 {%   set package_arch_name = "armel" %}
 {%   set package_arch_target = "arm-unknown-linux-gnueabi" %}
 {%   set package_cross_compiler = "arm-linux-gnueabi" %}
 {% elif "armv7" in target_file %}
 {%   set runtime_stage_base_image = "docker.io/balenalib/armv7hf-debian:%s" % debian_version %}
 {%   set package_arch_name = "armhf" %}
 {%   set package_arch_target = "armv7-unknown-linux-gnueabihf" %}
 {%   set package_cross_compiler = "arm-linux-gnueabihf" %}
 {% endif %}
 {% if package_arch_name is defined %}
 {%   set package_arch_prefix = ":" + package_arch_name %}
 {% else %}
 {%   set package_arch_prefix = "" %}
 {% endif %}
 {% if package_arch_target is defined %}
 {%   set package_arch_target_param = " --target=" + package_arch_target %}
 {% else %}
 {%   set package_arch_target_param = "" %}
 {% endif %}
 {% if "buildkit" in target_file %}
 {%   set mount_rust_cache = "--mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry " %}
 {% else %}
 {%   set mount_rust_cache = "" %}
 {% endif %}
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 {% set vault_version = "v2023.5.0" %}
 {% set vault_image_digest = "sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085" %}
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:{{ vault_version }}
 #     $ docker image inspect --format "{{ '{{' }}.RepoDigests}}" docker.io/vaultwarden/web-vault:{{ vault_version }}
 #     [docker.io/vaultwarden/web-vault@{{ vault_image_digest }}]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{ '{{' }}.RepoTags}}" docker.io/vaultwarden/web-vault@{{ vault_image_digest }}
 #     [docker.io/vaultwarden/web-vault:{{ vault_version }}]
 #
 FROM docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault
 ########################## BUILD IMAGE  ##########################
 FROM {{ build_stage_base_image }} as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 {% if "alpine" in target_file %}
 {%   if "armv6" in target_file %}
 # To be able to build the armv6 image with mimalloc we need to specifically specify the libatomic.a file location
 ENV RUSTFLAGS='-Clink-arg=/usr/local/musl/{{ package_arch_target }}/lib/libatomic.a'
 {%   endif %}
 {% elif "arm" in target_file %}
 # Install build dependencies for the {{ package_arch_name }} architecture
 RUN dpkg --add-architecture {{ package_arch_name }} \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-{{ package_cross_compiler }} \
        libc6-dev{{ package_arch_prefix }} \
        libmariadb-dev{{ package_arch_prefix }} \
        libmariadb-dev-compat{{ package_arch_prefix }} \
        libmariadb3{{ package_arch_prefix }} \
        libpq-dev{{ package_arch_prefix }} \
        libpq5{{ package_arch_prefix }} \
        libssl-dev{{ package_arch_prefix }} \
    #
    # Make sure cargo has the right target config
    && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \
    && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \
    && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config"
 # Set arm specific environment values
 ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \
    OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}"
 {% elif "amd64" in target_file %}
 # Install build dependencies
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libmariadb-dev \
        libpq-dev
 {% endif %}
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 {% if package_arch_target is defined %}
 RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }}
 {% endif %}
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 {% if "alpine" in target_file %}
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 {% else %}
 ARG DB=sqlite,mysql,postgresql
 {% endif %}
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }}
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM {{ runtime_stage_base_image }}
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 {%- if "alpine" in runtime_stage_base_image %} \
    SSL_CERT_DIR=/etc/ssl/certs
 {% endif %}
 {% if "amd64" not in target_file %}
 RUN [ "cross-build-start" ]
 {% endif %}
 # Create data folder and Install needed libraries
 RUN mkdir /data \
 {% if "alpine" in runtime_stage_base_image %}
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 {% else %}
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 {% endif %}
 {% if "armv6" in target_file and "alpine" not in target_file %}
 # In the Balena Bullseye images for armv6/rpi-debian there is a missing symlink.
 # This symlink was there in the buster images, and for some reason this is needed.
 RUN ln -v -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3
 {% endif -%}
 {% if "amd64" not in target_file %}
 RUN [ "cross-build-end" ]
 {% endif %}
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 {% if package_arch_target is defined %}
 COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden .
 {% else %}
 COPY --from=build /app/target/release/vaultwarden .
 {% endif %}
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -1,15 +0,0 @@
 OBJECTS := $(shell find ./ -mindepth 2 -name 'Dockerfile*')
 all: $(OBJECTS)
 %/Dockerfile: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
 %/Dockerfile.alpine: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
 %/Dockerfile.buildkit: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
 %/Dockerfile.buildkit.alpine: Dockerfile.j2 render_template
 	./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,3 +0,0 @@
 The arch-specific directory names follow the arch identifiers used by the Docker official images:
 https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64
--- a/docker/amd64/Dockerfile
+++ b/docker/amd64/Dockerfile
@@ -1,118 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libmariadb-dev \
        libpq-dev
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/library/debian:bullseye-slim
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.alpine
+++ b/docker/amd64/Dockerfile.alpine
@@ -1,112 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add x86_64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/library/alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.buildkit
+++ b/docker/amd64/Dockerfile.buildkit
@@ -1,118 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies
 RUN apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        libmariadb-dev \
        libpq-dev
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/library/debian:bullseye-slim
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/amd64/Dockerfile.buildkit.alpine
+++ b/docker/amd64/Dockerfile.buildkit.alpine
@@ -1,112 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/library/alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile
+++ b/docker/arm64/Dockerfile
@@ -1,139 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies for the arm64 architecture
 RUN dpkg --add-architecture arm64 \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-aarch64-linux-gnu \
        libc6-dev:arm64 \
        libmariadb-dev:arm64 \
        libmariadb-dev-compat:arm64 \
        libmariadb3:arm64 \
        libpq-dev:arm64 \
        libpq5:arm64 \
        libssl-dev:arm64 \
    #
    # Make sure cargo has the right target config
    && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
    && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \
    && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config"
 # Set arm specific environment values
 ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
    OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add aarch64-unknown-linux-gnu
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/aarch64-debian:bullseye
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.alpine
+++ b/docker/arm64/Dockerfile.alpine
@@ -1,114 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add aarch64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/aarch64-alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.buildkit
+++ b/docker/arm64/Dockerfile.buildkit
@@ -1,139 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies for the arm64 architecture
 RUN dpkg --add-architecture arm64 \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-aarch64-linux-gnu \
        libc6-dev:arm64 \
        libmariadb-dev:arm64 \
        libmariadb-dev-compat:arm64 \
        libmariadb3:arm64 \
        libpq-dev:arm64 \
        libpq5:arm64 \
        libssl-dev:arm64 \
    #
    # Make sure cargo has the right target config
    && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
    && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \
    && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config"
 # Set arm specific environment values
 ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
    OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-gnu
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/aarch64-debian:bullseye
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/arm64/Dockerfile.buildkit.alpine
+++ b/docker/arm64/Dockerfile.buildkit.alpine
@@ -1,114 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/aarch64-alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile
+++ b/docker/armv6/Dockerfile
@@ -1,143 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies for the armel architecture
 RUN dpkg --add-architecture armel \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabi \
        libc6-dev:armel \
        libmariadb-dev:armel \
        libmariadb-dev-compat:armel \
        libmariadb3:armel \
        libpq-dev:armel \
        libpq5:armel \
        libssl-dev:armel \
    #
    # Make sure cargo has the right target config
    && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
    && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config"
 # Set arm specific environment values
 ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add arm-unknown-linux-gnueabi
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/rpi-debian:bullseye
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # In the Balena Bullseye images for armv6/rpi-debian there is a missing symlink.
 # This symlink was there in the buster images, and for some reason this is needed.
 RUN ln -v -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.alpine
+++ b/docker/armv6/Dockerfile.alpine
@@ -1,116 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # To be able to build the armv6 image with mimalloc we need to specifically specify the libatomic.a file location
 ENV RUSTFLAGS='-Clink-arg=/usr/local/musl/arm-unknown-linux-musleabi/lib/libatomic.a'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add arm-unknown-linux-musleabi
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/rpi-alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.buildkit
+++ b/docker/armv6/Dockerfile.buildkit
@@ -1,143 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies for the armel architecture
 RUN dpkg --add-architecture armel \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabi \
        libc6-dev:armel \
        libmariadb-dev:armel \
        libmariadb-dev-compat:armel \
        libmariadb3:armel \
        libpq-dev:armel \
        libpq5:armel \
        libssl-dev:armel \
    #
    # Make sure cargo has the right target config
    && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
    && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config"
 # Set arm specific environment values
 ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-gnueabi
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/rpi-debian:bullseye
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 # In the Balena Bullseye images for armv6/rpi-debian there is a missing symlink.
 # This symlink was there in the buster images, and for some reason this is needed.
 RUN ln -v -s /lib/ld-linux-armhf.so.3 /lib/ld-linux.so.3
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv6/Dockerfile.buildkit.alpine
+++ b/docker/armv6/Dockerfile.buildkit.alpine
@@ -1,116 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # To be able to build the armv6 image with mimalloc we need to specifically specify the libatomic.a file location
 ENV RUSTFLAGS='-Clink-arg=/usr/local/musl/arm-unknown-linux-musleabi/lib/libatomic.a'
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/rpi-alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile
+++ b/docker/armv7/Dockerfile
@@ -1,139 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies for the armhf architecture
 RUN dpkg --add-architecture armhf \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabihf \
        libc6-dev:armhf \
        libmariadb-dev:armhf \
        libmariadb-dev-compat:armhf \
        libmariadb3:armhf \
        libpq-dev:armhf \
        libpq5:armhf \
        libssl-dev:armhf \
    #
    # Make sure cargo has the right target config
    && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config"
 # Set arm specific environment values
 ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add armv7-unknown-linux-gnueabihf
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/armv7hf-debian:bullseye
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.alpine
+++ b/docker/armv7/Dockerfile.alpine
@@ -1,114 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN rustup target add armv7-unknown-linux-musleabihf
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/armv7hf-alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.buildkit
+++ b/docker/armv7/Dockerfile.buildkit
@@ -1,139 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/library/rust:1.70.0-bullseye as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Install build dependencies for the armhf architecture
 RUN dpkg --add-architecture armhf \
    && apt-get update \
    && apt-get install -y \
        --no-install-recommends \
        gcc-arm-linux-gnueabihf \
        libc6-dev:armhf \
        libmariadb-dev:armhf \
        libmariadb-dev-compat:armhf \
        libmariadb3:armhf \
        libpq-dev:armhf \
        libpq5:armhf \
        libssl-dev:armhf \
    #
    # Make sure cargo has the right target config
    && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
    && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \
    && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config"
 # Set arm specific environment values
 ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
    CROSS_COMPILE="1" \
    OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
    OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-gnueabihf
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 ARG DB=sqlite,mysql,postgresql
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/armv7hf-debian:bullseye
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apt-get update && apt-get install -y \
    --no-install-recommends \
    ca-certificates \
    curl \
    libmariadb-dev-compat \
    libpq5 \
    openssl \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/armv7/Dockerfile.buildkit.alpine
+++ b/docker/armv7/Dockerfile.buildkit.alpine
@@ -1,114 +0,0 @@
 # syntax=docker/dockerfile:1
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 # Using multistage build:
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
 # The web-vault digest specifies a particular web-vault build on Docker Hub.
 # Using the digest instead of the tag name provides better security,
 # as the digest of an image is immutable, whereas a tag name can later
 # be changed to point to a malicious image.
 #
 # To verify the current digest for a given tag name:
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
 #     $ docker pull docker.io/vaultwarden/web-vault:v2023.5.0
 #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.5.0
 #     [docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085]
 #
 # - Conversely, to get the tag name from the digest:
 #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085
 #     [docker.io/vaultwarden/web-vault:v2023.5.0]
 #
 FROM docker.io/vaultwarden/web-vault@sha256:e5b5e99d132d50dc73176afb65f41cf3b834fb06bfa1d621ac16c705c3f10085 as vault
 ########################## BUILD IMAGE  ##########################
 FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.70.0 as build
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 \
    TZ=UTC \
    TERM=xterm-256color \
    CARGO_HOME="/root/.cargo" \
    USER="root"
 # Create CARGO_HOME folder and don't download rust docs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
    && rustup set profile minimal
 # Creates a dummy project used to grab dependencies
 RUN USER=root cargo new --bin /app
 WORKDIR /app
 # Copies over *only* your manifests and build files
 COPY ./Cargo.* ./
 COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf
 # Configure the DB ARG as late as possible to not invalidate the cached layers above
 # Enable MiMalloc to improve performance on Alpine builds
 ARG DB=sqlite,mysql,postgresql,enable_mimalloc
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \
    && find . -not -path "./target*" -delete
 # Copies the complete project
 # To avoid copying unneeded files, use .dockerignore
 COPY . .
 # Make sure that we actually build the project
 RUN touch src/main.rs
 # Builds again, this time it'll just be
 # your actual source files being built
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM docker.io/balenalib/armv7hf-alpine:3.17
 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
    ROCKET_PORT=80 \
    SSL_CERT_DIR=/etc/ssl/certs
 RUN [ "cross-build-start" ]
 # Create data folder and Install needed libraries
 RUN mkdir /data \
    && apk add --no-cache \
        ca-certificates \
        curl \
        openssl \
        tzdata
 RUN [ "cross-build-end" ]
 VOLUME /data
 EXPOSE 80
 EXPOSE 3012
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
 COPY docker/healthcheck.sh /healthcheck.sh
 COPY docker/start.sh /start.sh
 HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 CMD ["/start.sh"]
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -1,57 +0,0 @@
 #!/bin/sh
 # Use the value of the corresponding env var (if present),
 # or a default value otherwise.
 : "${DATA_FOLDER:="data"}"
 : "${ROCKET_PORT:="80"}"
 CONFIG_FILE="${DATA_FOLDER}"/config.json
 # Given a config key, return the corresponding config value from the
 # config file. If the key doesn't exist, return an empty string.
 get_config_val() {
    local key="$1"
    # Extract a line of the form:
    #   "domain": "https://bw.example.com/path",
    grep "\"${key}\":" "${CONFIG_FILE}" |
    # To extract just the value (https://bw.example.com/path), delete:
    # (1) everything up to and including the first ':',
    # (2) whitespace and '"' from the front,
    # (3) ',' and '"' from the back.
    sed -e 's/[^:]\+://' -e 's/^[ "]\+//' -e 's/[,"]\+$//'
 }
 # Extract the base path from a domain URL. For example:
 # - `` -> ``
 # - `https://bw.example.com` -> ``
 # - `https://bw.example.com/` -> ``
 # - `https://bw.example.com/path` -> `/path`
 # - `https://bw.example.com/multi/path` -> `/multi/path`
 get_base_path() {
    echo "$1" |
    # Delete:
    # (1) everything up to and including '://',
    # (2) everything up to '/',
    # (3) trailing '/' from the back.
    sed -e 's|.*://||' -e 's|[^/]\+||' -e 's|/*$||'
 }
 # Read domain URL from config.json, if present.
 if [ -r "${CONFIG_FILE}" ]; then
    domain="$(get_config_val 'domain')"
    if [ -n "${domain}" ]; then
        # config.json 'domain' overrides the DOMAIN env var.
        DOMAIN="${domain}"
    fi
 fi
 addr="${ROCKET_ADDRESS}"
 if [ -z "${addr}" ] || [ "${addr}" = '0.0.0.0' ] || [ "${addr}" = '::' ]; then
    addr='localhost'
 fi
 base_path="$(get_base_path "${DOMAIN}")"
 if [ -n "${ROCKET_TLS}" ]; then
    s='s'
 fi
 curl --insecure --fail --silent --show-error \
     "http${s}://${addr}:${ROCKET_PORT}${base_path}/alive" || exit 1
--- a/docker/render_template
+++ b/docker/render_template
@@ -1,17 +0,0 @@
 #!/usr/bin/env python3
 import os, argparse, json
 import jinja2
 args_parser = argparse.ArgumentParser()
 args_parser.add_argument('template_file', help='Jinja2 template file to render.')
 args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.')
 cli_args = args_parser.parse_args()
 render_vars = json.loads(cli_args.render_vars)
 environment = jinja2.Environment(
 	loader=jinja2.FileSystemLoader(os.getcwd()),
 	trim_blocks=True,
 )
 print(environment.get_template(cli_args.template_file).render(render_vars))
--- a/docker/settings.Production.json
+++ b/docker/settings.Production.json
@@ -0,0 +1,9 @@
 {
  "appSettings": {
    "apiUri": "/api",
    "identityUri": "/identity",
    "iconsUri": "/icons",
    "stripeKey": "",
    "braintreeKey": ""
  }
 }
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,25 +0,0 @@
 #!/bin/sh
 if [ -r /etc/vaultwarden.sh ]; then
    . /etc/vaultwarden.sh
 elif [ -r /etc/bitwarden_rs.sh ]; then
    echo "### You are using the old /etc/bitwarden_rs.sh script, please migrate to /etc/vaultwarden.sh ###"
    . /etc/bitwarden_rs.sh
 fi
 if [ -d /etc/vaultwarden.d ]; then
    for f in /etc/vaultwarden.d/*.sh; do
        if [ -r "${f}" ]; then
            . "${f}"
        fi
    done
 elif [ -d /etc/bitwarden_rs.d ]; then
    echo "### You are using the old /etc/bitwarden_rs.d script directory, please migrate to /etc/vaultwarden.d ###"
    for f in /etc/bitwarden_rs.d/*.sh; do
        if [ -r "${f}" ]; then
            . "${f}"
        fi
    done
 fi
 exec /vaultwarden "${@}"
--- a/hooks/README.md
+++ b/hooks/README.md
@@ -1,20 +0,0 @@
 The hooks in this directory are used to create multi-arch images using Docker Hub automated builds.
 Docker Hub hooks provide these predefined [environment variables](https://docs.docker.com/docker-hub/builds/advanced/#environment-variables-for-building-and-testing):
 * `SOURCE_BRANCH`: the name of the branch or the tag that is currently being tested.
 * `SOURCE_COMMIT`: the SHA1 hash of the commit being tested.
 * `COMMIT_MSG`: the message from the commit being tested and built.
 * `DOCKER_REPO`: the name of the Docker repository being built.
 * `DOCKERFILE_PATH`: the dockerfile currently being built.
 * `DOCKER_TAG`: the Docker repository tag being built.
 * `IMAGE_NAME`: the name and tag of the Docker repository being built. (This variable is a combination of `DOCKER_REPO:DOCKER_TAG`.)
 The current multi-arch image build relies on the original vaultwarden Dockerfiles, which use cross-compilation for architectures other than `amd64`, and don't yet support all arch/distro combinations. However, cross-compilation is much faster than QEMU-based builds (e.g., using `docker buildx`). This situation may need to be revisited at some point.
 ## References
 * https://docs.docker.com/docker-hub/builds/advanced/
 * https://docs.docker.com/engine/reference/commandline/manifest/
 * https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
 * https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api
--- a/hooks/arches.sh
+++ b/hooks/arches.sh
@@ -1,15 +0,0 @@
 #!/usr/bin/env bash
 # The default Debian-based images support these arches for all database backends.
 arches=(
    amd64
    armv6
    armv7
    arm64
 )
 export arches
 if [[ "${DOCKER_TAG}" == *alpine ]]; then
    distro_suffix=.alpine
 fi
 export distro_suffix
--- a/hooks/build
+++ b/hooks/build
@@ -1,51 +0,0 @@
 #!/usr/bin/env bash
 echo ">>> Building images..."
 # shellcheck source=arches.sh
 source ./hooks/arches.sh
 if [[ -z "${SOURCE_COMMIT}" ]]; then
    # This var is typically predefined by Docker Hub, but it won't be
    # when testing locally.
    SOURCE_COMMIT="$(git rev-parse HEAD)"
 fi
 # Construct a version string in the style of `build.rs`.
 GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
 if [[ -n "${GIT_EXACT_TAG}" ]]; then
    SOURCE_VERSION="${GIT_EXACT_TAG}"
 else
    GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
    SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}"
 fi
 LABELS=(
    # https://github.com/opencontainers/image-spec/blob/master/annotations.md
    org.opencontainers.image.created="$(date --utc --iso-8601=seconds)"
    org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki"
    org.opencontainers.image.licenses="AGPL-3.0-only"
    org.opencontainers.image.revision="${SOURCE_COMMIT}"
    org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}"
    org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
    org.opencontainers.image.version="${SOURCE_VERSION}"
 )
 LABEL_ARGS=()
 for label in "${LABELS[@]}"; do
    LABEL_ARGS+=(--label "${label}")
 done
 # Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildkit as template
 if [[ -n "${DOCKER_BUILDKIT}" ]]; then
    buildkit_suffix=.buildkit
 fi
 set -ex
 for arch in "${arches[@]}"; do
    docker build \
           "${LABEL_ARGS[@]}" \
           -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \
           -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \
           .
 done
--- a/hooks/pre_build
+++ b/hooks/pre_build
@@ -1,28 +0,0 @@
 #!/usr/bin/env bash
 set -ex
 # If requested, print some environment info for troubleshooting.
 if [[ -n "${DOCKER_HUB_DEBUG}" ]]; then
    id
    pwd
    df -h
    env
    docker info
    docker version
 fi
 # Install build dependencies.
 deps=(
    jq
 )
 apt-get update
 apt-get install -y "${deps[@]}"
 # Docker Hub uses a shallow clone and doesn't fetch tags, which breaks some
 # Git operations that we perform later, so fetch the complete history and
 # tags first. Note that if the build is cached, the clone may have been
 # unshallowed already; if so, unshallowing will fail, so skip it.
 if [[ -f .git/shallow ]]; then
    git fetch --unshallow --tags
 fi
--- a/hooks/push
+++ b/hooks/push
@@ -1,111 +0,0 @@
 #!/usr/bin/env bash
 # shellcheck source=arches.sh
 source ./hooks/arches.sh
 export DOCKER_CLI_EXPERIMENTAL=enabled
 # Join a list of args with a single char.
 # Ref: https://stackoverflow.com/a/17841619
 join() { local IFS="$1"; shift; echo "$*"; }
 set -ex
 echo ">>> Starting local Docker registry when needed..."
 # Docker Buildx's `docker-container` driver is needed for multi-platform
 # builds, but it can't access existing images on the Docker host (like the
 # cross-compiled ones we just built). Those images first need to be pushed to
 # a registry -- Docker Hub could be used, but since it's not trivial to clean
 # up those intermediate images on Docker Hub, it's easier to just run a local
 # Docker registry, which gets cleaned up automatically once the build job ends.
 #
 # https://docs.docker.com/registry/deploying/
 # https://hub.docker.com/_/registry
 #
 # Use host networking so the buildx container can access the registry via
 # localhost.
 #
 # First check if there already is a registry container running, else skip it.
 # This will only happen either locally or running it via Github Actions
 #
 if ! timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/5000'; then
    # defaults to port 5000
    docker run -d --name registry --network host registry:2
 fi
 # Docker Hub sets a `DOCKER_REPO` env var with the format `index.docker.io/user/repo`.
 # Strip the registry portion to construct a local repo path for use in `Dockerfile.buildx`.
 LOCAL_REGISTRY="localhost:5000"
 REPO="${DOCKER_REPO#*/}"
 LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}"
 echo ">>> Pushing images to local registry..."
 for arch in "${arches[@]}"; do
    docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}"
    local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}"
    docker tag "${docker_image}" "${local_image}"
    docker push "${local_image}"
 done
 echo ">>> Setting up Docker Buildx..."
 # Same as earlier, use host networking so the buildx container can access the
 # registry via localhost.
 #
 # Ref: https://github.com/docker/buildx/issues/94#issuecomment-534367714
 #
 # Check if there already is a builder running, else skip this and use the existing.
 # This will only happen either locally or running it via Github Actions
 #
 if ! docker buildx inspect builder > /dev/null 2>&1 ; then
    docker buildx create --name builder --use --driver-opt network=host
 fi
 echo ">>> Running Docker Buildx..."
 tags=("${DOCKER_REPO}:${DOCKER_TAG}")
 # If the Docker tag starts with a version number, assume the latest release
 # is being pushed. Add an extra tag (`latest` or `alpine`, as appropriate)
 # to make it easier for users to track the latest release.
 if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
    if [[ "${DOCKER_TAG}" == *alpine ]]; then
        tags+=("${DOCKER_REPO}:alpine")
    else
        tags+=("${DOCKER_REPO}:latest")
    fi
 fi
 tag_args=()
 for tag in "${tags[@]}"; do
    tag_args+=(--tag "${tag}")
 done
 # Docker Buildx takes a list of target platforms (OS/arch/variant), so map
 # the arch list to a platform list (assuming the OS is always `linux`).
 declare -A arch_to_platform=(
    [amd64]="linux/amd64"
    [armv6]="linux/arm/v6"
    [armv7]="linux/arm/v7"
    [arm64]="linux/arm64"
 )
 platforms=()
 for arch in "${arches[@]}"; do
    platforms+=("${arch_to_platform[$arch]}")
 done
 platform="$(join "," "${platforms[@]}")"
 # Run the build, pushing the resulting images and multi-arch manifest list to
 # Docker Hub. The Dockerfile is read from stdin to avoid sending any build
 # context, which isn't needed here since the actual cross-compiled images
 # have already been built.
 docker buildx build \
       --network host \
       --build-arg LOCAL_REPO="${LOCAL_REPO}" \
       --build-arg DOCKER_TAG="${DOCKER_TAG}" \
       --platform "${platform}" \
       "${tag_args[@]}" \
       --push \
       - < ./docker/Dockerfile.buildx
--- a/libs/jsonwebtoken/Cargo.toml
+++ b/libs/jsonwebtoken/Cargo.toml
@@ -0,0 +1,20 @@
 [package]
 name = "jsonwebtoken"
 version = "4.0.1"
 authors = ["Vincent Prouillet <prouillet.vincent@gmail.com>"]
 license = "MIT"
 readme = "README.md"
 description = "Create and parse JWT in a strongly typed way."
 homepage = "https://github.com/Keats/rust-jwt"
 repository = "https://github.com/Keats/rust-jwt"
 keywords = ["jwt", "web", "api", "token", "json"]
 [dependencies]
 error-chain = { version = "0.11", default-features = false }
 serde_json = "1.0"
 serde_derive = "1.0"
 serde = "1.0"
 ring = { version = "0.11.0", features = ["rsa_signing", "dev_urandom_fallback"] }
 base64 = "0.9"
 untrusted = "0.5"
 chrono = "0.4"
--- a/libs/jsonwebtoken/LICENSE
+++ b/libs/jsonwebtoken/LICENSE
@@ -0,0 +1,21 @@
 The MIT License (MIT)
 Copyright (c) 2015 Vincent Prouillet
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/libs/jsonwebtoken/src/crypto.rs
+++ b/libs/jsonwebtoken/src/crypto.rs
@@ -0,0 +1,120 @@
 use std::sync::Arc;
 use base64;
 use ring::{rand, digest, hmac, signature};
 use ring::constant_time::verify_slices_are_equal;
 use untrusted;
 use errors::{Result, ErrorKind};
 /// The algorithms supported for signing/verifying
 #[derive(Debug, PartialEq, Copy, Clone, Serialize, Deserialize)]
 pub enum Algorithm {
    /// HMAC using SHA-256
    HS256,
    /// HMAC using SHA-384
    HS384,
    /// HMAC using SHA-512
    HS512,
    /// RSASSA-PKCS1-v1_5 using SHA-256
    RS256,
    /// RSASSA-PKCS1-v1_5 using SHA-384
    RS384,
    /// RSASSA-PKCS1-v1_5 using SHA-512
    RS512,
 }
 /// The actual HS signing + encoding
 fn sign_hmac(alg: &'static digest::Algorithm, key: &[u8], signing_input: &str) -> Result<String> {
    let signing_key = hmac::SigningKey::new(alg, key);
    let digest = hmac::sign(&signing_key, signing_input.as_bytes());
    Ok(
        base64::encode_config::<hmac::Signature>(&digest, base64::URL_SAFE_NO_PAD)
    )
 }
 /// The actual RSA signing + encoding
 /// Taken from Ring doc https://briansmith.org/rustdoc/ring/signature/index.html
 fn sign_rsa(alg: Algorithm, key: &[u8], signing_input: &str) -> Result<String> {
    let ring_alg = match alg {
        Algorithm::RS256 => &signature::RSA_PKCS1_SHA256,
        Algorithm::RS384 => &signature::RSA_PKCS1_SHA384,
        Algorithm::RS512 => &signature::RSA_PKCS1_SHA512,
        _ => unreachable!(),
    };
    let key_pair = Arc::new(
        signature::RSAKeyPair::from_der(untrusted::Input::from(key))
            .map_err(|_| ErrorKind::InvalidKey)?
    );
    let mut signing_state = signature::RSASigningState::new(key_pair)
        .map_err(|_| ErrorKind::InvalidKey)?;
    let mut signature = vec![0; signing_state.key_pair().public_modulus_len()];
    let rng = rand::SystemRandom::new();
    signing_state.sign(ring_alg, &rng, signing_input.as_bytes(), &mut signature)
        .map_err(|_| ErrorKind::InvalidKey)?;
    Ok(
        base64::encode_config::<[u8]>(&signature, base64::URL_SAFE_NO_PAD)
    )
 }
 /// Take the payload of a JWT, sign it using the algorithm given and return
 /// the base64 url safe encoded of the result.
 ///
 /// Only use this function if you want to do something other than JWT.
 pub fn sign(signing_input: &str, key: &[u8], algorithm: Algorithm) -> Result<String> {
    match algorithm {
        Algorithm::HS256 => sign_hmac(&digest::SHA256, key, signing_input),
        Algorithm::HS384 => sign_hmac(&digest::SHA384, key, signing_input),
        Algorithm::HS512 => sign_hmac(&digest::SHA512, key, signing_input),
        Algorithm::RS256 | Algorithm::RS384 | Algorithm::RS512 => sign_rsa(algorithm, key, signing_input),
 //        TODO: if PKCS1 is made prublic, remove the line above and uncomment below
 //        Algorithm::RS256 => sign_rsa(&signature::RSA_PKCS1_SHA256, key, signing_input),
 //        Algorithm::RS384 => sign_rsa(&signature::RSA_PKCS1_SHA384, key, signing_input),
 //        Algorithm::RS512 => sign_rsa(&signature::RSA_PKCS1_SHA512, key, signing_input),
    }
 }
 /// See Ring RSA docs for more details
 fn verify_rsa(alg: &signature::RSAParameters, signature: &str, signing_input: &str, key: &[u8]) -> Result<bool> {
    let signature_bytes = base64::decode_config(signature, base64::URL_SAFE_NO_PAD)?;
    let public_key_der = untrusted::Input::from(key);
    let message = untrusted::Input::from(signing_input.as_bytes());
    let expected_signature = untrusted::Input::from(signature_bytes.as_slice());
    let res = signature::verify(alg, public_key_der, message, expected_signature);
    Ok(res.is_ok())
 }
 /// Compares the signature given with a re-computed signature for HMAC or using the public key
 /// for RSA.
 ///
 /// Only use this function if you want to do something other than JWT.
 ///
 /// `signature` is the signature part of a jwt (text after the second '.')
 ///
 /// `signing_input` is base64(header) + "." + base64(claims)
 pub fn verify(signature: &str, signing_input: &str, key: &[u8], algorithm: Algorithm) -> Result<bool> {
    match algorithm {
        Algorithm::HS256 | Algorithm::HS384 | Algorithm::HS512 => {
            // we just re-sign the data with the key and compare if they are equal
            let signed = sign(signing_input, key, algorithm)?;
            Ok(verify_slices_are_equal(signature.as_ref(), signed.as_ref()).is_ok())
        },
        Algorithm::RS256 => verify_rsa(&signature::RSA_PKCS1_2048_8192_SHA256, signature, signing_input, key),
        Algorithm::RS384 => verify_rsa(&signature::RSA_PKCS1_2048_8192_SHA384, signature, signing_input, key),
        Algorithm::RS512 => verify_rsa(&signature::RSA_PKCS1_2048_8192_SHA512, signature, signing_input, key),
    }
 }
 impl Default for Algorithm {
    fn default() -> Self {
        Algorithm::HS256
    }
 }
--- a/libs/jsonwebtoken/src/errors.rs
+++ b/libs/jsonwebtoken/src/errors.rs
@@ -0,0 +1,68 @@
 use base64;
 use serde_json;
 use ring;
 error_chain! {
    errors {
        /// When a token doesn't have a valid JWT shape
        InvalidToken {
            description("invalid token")
            display("Invalid token")
        }
        /// When the signature doesn't match
        InvalidSignature {
            description("invalid signature")
            display("Invalid signature")
        }
        /// When the secret given is not a valid RSA key
        InvalidKey {
            description("invalid key")
            display("Invalid Key")
        }
        // Validation error
        /// When a token’s `exp` claim indicates that it has expired
        ExpiredSignature {
            description("expired signature")
            display("Expired Signature")
        }
        /// When a token’s `iss` claim does not match the expected issuer
        InvalidIssuer {
            description("invalid issuer")
            display("Invalid Issuer")
        }
        /// When a token’s `aud` claim does not match one of the expected audience values
        InvalidAudience {
            description("invalid audience")
            display("Invalid Audience")
        }
        /// When a token’s `aud` claim does not match one of the expected audience values
        InvalidSubject {
            description("invalid subject")
            display("Invalid Subject")
        }
        /// When a token’s `iat` claim is in the future
        InvalidIssuedAt {
            description("invalid issued at")
            display("Invalid Issued At")
        }
        /// When a token’s nbf claim represents a time in the future
        ImmatureSignature {
            description("immature signature")
            display("Immature Signature")
        }
        /// When the algorithm in the header doesn't match the one passed to `decode`
        InvalidAlgorithm {
            description("Invalid algorithm")
            display("Invalid Algorithm")
        }
    }
    foreign_links {
        Unspecified(ring::error::Unspecified) #[doc = "An error happened while signing/verifying a token with RSA"];
        Base64(base64::DecodeError) #[doc = "An error happened while decoding some base64 text"];
        Json(serde_json::Error) #[doc = "An error happened while serializing/deserializing JSON"];
        Utf8(::std::string::FromUtf8Error) #[doc = "An error happened while trying to convert the result of base64 decoding to a String"];
    }
 }
--- a/libs/jsonwebtoken/src/header.rs
+++ b/libs/jsonwebtoken/src/header.rs
@@ -0,0 +1,64 @@
 use crypto::Algorithm;
 /// A basic JWT header, the alg defaults to HS256 and typ is automatically
 /// set to `JWT`. All the other fields are optional.
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub struct Header {
    /// The type of JWS: it can only be "JWT" here
    ///
    /// Defined in [RFC7515#4.1.9](https://tools.ietf.org/html/rfc7515#section-4.1.9).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub typ: Option<String>,
    /// The algorithm used
    ///
    /// Defined in [RFC7515#4.1.1](https://tools.ietf.org/html/rfc7515#section-4.1.1).
    pub alg: Algorithm,
    /// Content type
    ///
    /// Defined in [RFC7519#5.2](https://tools.ietf.org/html/rfc7519#section-5.2).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub cty: Option<String>,
    /// JSON Key URL
    ///
    /// Defined in [RFC7515#4.1.2](https://tools.ietf.org/html/rfc7515#section-4.1.2).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub jku: Option<String>,
    /// Key ID
    ///
    /// Defined in [RFC7515#4.1.4](https://tools.ietf.org/html/rfc7515#section-4.1.4).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub kid: Option<String>,
    /// X.509 URL
    ///
    /// Defined in [RFC7515#4.1.5](https://tools.ietf.org/html/rfc7515#section-4.1.5).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub x5u: Option<String>,
    /// X.509 certificate thumbprint
    ///
    /// Defined in [RFC7515#4.1.7](https://tools.ietf.org/html/rfc7515#section-4.1.7).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub x5t: Option<String>,
 }
 impl Header {
    /// Returns a JWT header with the algorithm given
    pub fn new(algorithm: Algorithm) -> Header {
        Header {
            typ: Some("JWT".to_string()),
            alg: algorithm,
            cty: None,
            jku: None,
            kid: None,
            x5u: None,
            x5t: None,
        }
    }
 }
 impl Default for Header {
    /// Returns a JWT header using the default Algorithm, HS256
    fn default() -> Self {
        Header::new(Algorithm::default())
    }
 }
--- a/libs/jsonwebtoken/src/lib.rs
+++ b/libs/jsonwebtoken/src/lib.rs
@@ -0,0 +1,142 @@
 //! Create and parses JWT (JSON Web Tokens)
 //!
 //! Documentation:  [stable](https://docs.rs/jsonwebtoken/)
 #![recursion_limit = "300"]
 #![deny(missing_docs)]
 #![allow(unused_doc_comments)]
 #![allow(renamed_and_removed_lints)]
 #[macro_use]
 extern crate error_chain;
 #[macro_use]
 extern crate serde_derive;
 extern crate serde_json;
 extern crate serde;
 extern crate base64;
 extern crate ring;
 extern crate untrusted;
 extern crate chrono;
 /// All the errors, generated using error-chain
 pub mod errors;
 mod header;
 mod crypto;
 mod serialization;
 mod validation;
 pub use header::Header;
 pub use crypto::{
    Algorithm,
    sign,
    verify,
 };
 pub use validation::Validation;
 pub use serialization::TokenData;
 use serde::de::DeserializeOwned;
 use serde::ser::Serialize;
 use errors::{Result, ErrorKind};
 use serialization::{from_jwt_part, from_jwt_part_claims, to_jwt_part};
 use validation::{validate};
 /// Encode the header and claims given and sign the payload using the algorithm from the header and the key
 ///
 /// ```rust,ignore
 /// #[macro_use]
 /// extern crate serde_derive;
 /// use jsonwebtoken::{encode, Algorithm, Header};
 ///
 /// /// #[derive(Debug, Serialize, Deserialize)]
 /// struct Claims {
 ///    sub: String,
 ///    company: String
 /// }
 ///
 /// let my_claims = Claims {
 ///     sub: "b@b.com".to_owned(),
 ///     company: "ACME".to_owned()
 /// };
 ///
 /// // my_claims is a struct that implements Serialize
 /// // This will create a JWT using HS256 as algorithm
 /// let token = encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap();
 /// ```
 pub fn encode<T: Serialize>(header: &Header, claims: &T, key: &[u8]) -> Result<String> {
    let encoded_header = to_jwt_part(&header)?;
    let encoded_claims = to_jwt_part(&claims)?;
    let signing_input = [encoded_header.as_ref(), encoded_claims.as_ref()].join(".");
    let signature = sign(&*signing_input, key.as_ref(), header.alg)?;
    Ok([signing_input, signature].join("."))
 }
 /// Used in decode: takes the result of a rsplit and ensure we only get 2 parts
 /// Errors if we don't
 macro_rules! expect_two {
    ($iter:expr) => {{
        let mut i = $iter;
        match (i.next(), i.next(), i.next()) {
            (Some(first), Some(second), None) => (first, second),
            _ => return Err(ErrorKind::InvalidToken.into())
        }
    }}
 }
 /// Decode a token into a struct containing 2 fields: `claims` and `header`.
 ///
 /// If the token or its signature is invalid or the claims fail validation, it will return an error.
 ///
 /// ```rust,ignore
 /// #[macro_use]
 /// extern crate serde_derive;
 /// use jsonwebtoken::{decode, Validation, Algorithm};
 ///
 /// #[derive(Debug, Serialize, Deserialize)]
 /// struct Claims {
 ///    sub: String,
 ///    company: String
 /// }
 ///
 /// let token = "a.jwt.token".to_string();
 /// // Claims is a struct that implements Deserialize
 /// let token_data = decode::<Claims>(&token, "secret", &Validation::new(Algorithm::HS256));
 /// ```
 pub fn decode<T: DeserializeOwned>(token: &str, key: &[u8], validation: &Validation) -> Result<TokenData<T>> {
    let (signature, signing_input) = expect_two!(token.rsplitn(2, '.'));
    let (claims, header) = expect_two!(signing_input.rsplitn(2, '.'));
    let header: Header = from_jwt_part(header)?;
    if !verify(signature, signing_input, key, header.alg)? {
        return Err(ErrorKind::InvalidSignature.into());
    }
    if !validation.algorithms.contains(&header.alg) {
        return Err(ErrorKind::InvalidAlgorithm.into());
    }
    let (decoded_claims, claims_map): (T, _)  = from_jwt_part_claims(claims)?;
    validate(&claims_map, validation)?;
    Ok(TokenData { header: header, claims: decoded_claims })
 }
 /// Decode a token and return the Header. This is not doing any kind of validation: it is meant to be
 /// used when you don't know which `alg` the token is using and want to find out.
 ///
 /// If the token has an invalid format, it will return an error.
 ///
 /// ```rust,ignore
 /// use jsonwebtoken::decode_header;
 ///
 /// let token = "a.jwt.token".to_string();
 /// let header = decode_header(&token);
 /// ```
 pub fn decode_header(token: &str) -> Result<Header> {
    let (_, signing_input) = expect_two!(token.rsplitn(2, '.'));
    let (_, header) = expect_two!(signing_input.rsplitn(2, '.'));
    from_jwt_part(header)
 }
--- a/libs/jsonwebtoken/src/serialization.rs
+++ b/libs/jsonwebtoken/src/serialization.rs
@@ -0,0 +1,42 @@
 use base64;
 use serde::de::DeserializeOwned;
 use serde::ser::Serialize;
 use serde_json::{from_str, to_string, Value};
 use serde_json::map::Map;
 use errors::{Result};
 use header::Header;
 /// The return type of a successful call to decode
 #[derive(Debug)]
 pub struct TokenData<T> {
    /// The decoded JWT header
    pub header: Header,
    /// The decoded JWT claims
    pub claims: T
 }
 /// Serializes to JSON and encodes to base64
 pub fn to_jwt_part<T: Serialize>(input: &T) -> Result<String> {
    let encoded = to_string(input)?;
    Ok(base64::encode_config(encoded.as_bytes(), base64::URL_SAFE_NO_PAD))
 }
 /// Decodes from base64 and deserializes from JSON to a struct
 pub fn from_jwt_part<B: AsRef<str>, T: DeserializeOwned>(encoded: B) -> Result<T> {
    let decoded = base64::decode_config(encoded.as_ref(), base64::URL_SAFE_NO_PAD)?;
    let s = String::from_utf8(decoded)?;
    Ok(from_str(&s)?)
 }
 /// Decodes from base64 and deserializes from JSON to a struct AND a hashmap
 pub fn from_jwt_part_claims<B: AsRef<str>, T: DeserializeOwned>(encoded: B) -> Result<(T, Map<String, Value>)> {
    let decoded = base64::decode_config(encoded.as_ref(), base64::URL_SAFE_NO_PAD)?;
    let s = String::from_utf8(decoded)?;
    let claims: T = from_str(&s)?;
    let map: Map<_,_> = from_str(&s)?;
    Ok((claims, map))
 }
--- a/libs/jsonwebtoken/src/validation.rs
+++ b/libs/jsonwebtoken/src/validation.rs
@@ -0,0 +1,377 @@
 use chrono::Utc;
 use serde::ser::Serialize;
 use serde_json::{Value, from_value, to_value};
 use serde_json::map::Map;
 use errors::{Result, ErrorKind};
 use crypto::Algorithm;
 /// Contains the various validations that are applied after decoding a token.
 ///
 /// All time validation happen on UTC timestamps.
 ///
 /// ```rust
 /// use jsonwebtoken::Validation;
 ///
 /// // Default value
 /// let validation = Validation::default();
 ///
 /// // Changing one parameter
 /// let mut validation = Validation {leeway: 60, ..Default::default()};
 ///
 /// // Setting audience
 /// let mut validation = Validation::default();
 /// validation.set_audience(&"Me"); // string
 /// validation.set_audience(&["Me", "You"]); // array of strings
 /// ```
 #[derive(Debug, Clone, PartialEq)]
 pub struct Validation {
    /// Add some leeway (in seconds) to the `exp`, `iat` and `nbf` validation to
    /// account for clock skew.
    ///
    /// Defaults to `0`.
    pub leeway: i64,
    /// Whether to validate the `exp` field.
    ///
    /// It will return an error if the time in the `exp` field is past.
    ///
    /// Defaults to `true`.
    pub validate_exp: bool,
    /// Whether to validate the `iat` field.
    ///
    /// It will return an error if the time in the `iat` field is in the future.
    ///
    /// Defaults to `true`.
    pub validate_iat: bool,
    /// Whether to validate the `nbf` field.
    ///
    /// It will return an error if the current timestamp is before the time in the `nbf` field.
    ///
    /// Defaults to `true`.
    pub validate_nbf: bool,
    /// If it contains a value, the validation will check that the `aud` field is the same as the
    /// one provided and will error otherwise.
    /// Since `aud` can be either a String or a Vec<String> in the JWT spec, you will need to use
    /// the [set_audience](struct.Validation.html#method.set_audience) method to set it.
    ///
    /// Defaults to `None`.
    pub aud: Option<Value>,
    /// If it contains a value, the validation will check that the `iss` field is the same as the
    /// one provided and will error otherwise.
    ///
    /// Defaults to `None`.
    pub iss: Option<String>,
    /// If it contains a value, the validation will check that the `sub` field is the same as the
    /// one provided and will error otherwise.
    ///
    /// Defaults to `None`.
    pub sub: Option<String>,
    /// If it contains a value, the validation will check that the `alg` of the header is contained
    /// in the ones provided and will error otherwise.
    ///
    /// Defaults to `vec![Algorithm::HS256]`.
    pub algorithms: Vec<Algorithm>,
 }
 impl Validation {
    /// Create a default validation setup allowing the given alg
    pub fn new(alg: Algorithm) -> Validation {
        let mut validation = Validation::default();
        validation.algorithms = vec![alg];
        validation
    }
    /// Since `aud` can be either a String or an array of String in the JWT spec, this method will take
    /// care of serializing the value.
    pub fn set_audience<T: Serialize>(&mut self, audience: &T) {
        self.aud = Some(to_value(audience).unwrap());
    }
 }
 impl Default for Validation {
    fn default() -> Validation {
        Validation {
            leeway: 0,
            validate_exp: true,
            validate_iat: true,
            validate_nbf: true,
            iss: None,
            sub: None,
            aud: None,
            algorithms: vec![Algorithm::HS256],
        }
    }
 }
 pub fn validate(claims: &Map<String, Value>, options: &Validation) -> Result<()> {
    let now = Utc::now().timestamp();
    if let Some(iat) = claims.get("iat") {
        if options.validate_iat && from_value::<i64>(iat.clone())? > now + options.leeway {
            return Err(ErrorKind::InvalidIssuedAt.into());
        }
    }
    if let Some(exp) = claims.get("exp") {
        if options.validate_exp && from_value::<i64>(exp.clone())? < now - options.leeway {
            return Err(ErrorKind::ExpiredSignature.into());
        }
    }
    if let Some(nbf) = claims.get("nbf") {
        if options.validate_nbf && from_value::<i64>(nbf.clone())? > now + options.leeway {
            return Err(ErrorKind::ImmatureSignature.into());
        }
    }
    if let Some(iss) = claims.get("iss") {
        if let Some(ref correct_iss) = options.iss {
            if from_value::<String>(iss.clone())? != *correct_iss {
                return Err(ErrorKind::InvalidIssuer.into());
            }
        }
    }
    if let Some(sub) = claims.get("sub") {
        if let Some(ref correct_sub) = options.sub {
            if from_value::<String>(sub.clone())? != *correct_sub {
                return Err(ErrorKind::InvalidSubject.into());
            }
        }
    }
    if let Some(aud) = claims.get("aud") {
        if let Some(ref correct_aud) = options.aud {
            if aud != correct_aud {
                return Err(ErrorKind::InvalidAudience.into());
            }
        }
    }
    Ok(())
 }
 #[cfg(test)]
 mod tests {
    use serde_json::{to_value};
    use serde_json::map::Map;
    use chrono::Utc;
    use super::{validate, Validation};
    use errors::ErrorKind;
    #[test]
    fn iat_in_past_ok() {
        let mut claims = Map::new();
        claims.insert("iat".to_string(), to_value(Utc::now().timestamp() - 10000).unwrap());
        let res = validate(&claims, &Validation::default());
        assert!(res.is_ok());
    }
    #[test]
    fn iat_in_future_fails() {
        let mut claims = Map::new();
        claims.insert("iat".to_string(), to_value(Utc::now().timestamp() + 100000).unwrap());
        let res = validate(&claims, &Validation::default());
        assert!(res.is_err());
        match res.unwrap_err().kind() {
            &ErrorKind::InvalidIssuedAt => (),
            _ => assert!(false),
        };
    }
    #[test]
    fn iat_in_future_but_in_leeway_ok() {
        let mut claims = Map::new();
        claims.insert("iat".to_string(), to_value(Utc::now().timestamp() + 50).unwrap());
        let validation = Validation {
            leeway: 1000 * 60,
            ..Default::default()
        };
        let res = validate(&claims, &validation);
        assert!(res.is_ok());
    }
    #[test]
    fn exp_in_future_ok() {
        let mut claims = Map::new();
        claims.insert("exp".to_string(), to_value(Utc::now().timestamp() + 10000).unwrap());
        let res = validate(&claims, &Validation::default());
        assert!(res.is_ok());
    }
    #[test]
    fn exp_in_past_fails() {
        let mut claims = Map::new();
        claims.insert("exp".to_string(), to_value(Utc::now().timestamp() - 100000).unwrap());
        let res = validate(&claims, &Validation::default());
        assert!(res.is_err());
        match res.unwrap_err().kind() {
            &ErrorKind::ExpiredSignature => (),
            _ => assert!(false),
        };
    }
    #[test]
    fn exp_in_past_but_in_leeway_ok() {
        let mut claims = Map::new();
        claims.insert("exp".to_string(), to_value(Utc::now().timestamp() - 500).unwrap());
        let validation = Validation {
            leeway: 1000 * 60,
            ..Default::default()
        };
        let res = validate(&claims, &validation);
        assert!(res.is_ok());
    }
    #[test]
    fn nbf_in_past_ok() {
        let mut claims = Map::new();
        claims.insert("nbf".to_string(), to_value(Utc::now().timestamp() - 10000).unwrap());
        let res = validate(&claims, &Validation::default());
        assert!(res.is_ok());
    }
    #[test]
    fn nbf_in_future_fails() {
        let mut claims = Map::new();
        claims.insert("nbf".to_string(), to_value(Utc::now().timestamp() + 100000).unwrap());
        let res = validate(&claims, &Validation::default());
        assert!(res.is_err());
        match res.unwrap_err().kind() {
            &ErrorKind::ImmatureSignature => (),
            _ => assert!(false),
        };
    }
    #[test]
    fn nbf_in_future_but_in_leeway_ok() {
        let mut claims = Map::new();
        claims.insert("nbf".to_string(), to_value(Utc::now().timestamp() + 500).unwrap());
        let validation = Validation {
            leeway: 1000 * 60,
            ..Default::default()
        };
        let res = validate(&claims, &validation);
        assert!(res.is_ok());
    }
    #[test]
    fn iss_ok() {
        let mut claims = Map::new();
        claims.insert("iss".to_string(), to_value("Keats").unwrap());
        let validation = Validation {
            iss: Some("Keats".to_string()),
            ..Default::default()
        };
        let res = validate(&claims, &validation);
        assert!(res.is_ok());
    }
    #[test]
    fn iss_not_matching_fails() {
        let mut claims = Map::new();
        claims.insert("iss".to_string(), to_value("Hacked").unwrap());
        let validation = Validation {
            iss: Some("Keats".to_string()),
            ..Default::default()
        };
        let res = validate(&claims, &validation);
        assert!(res.is_err());
        match res.unwrap_err().kind() {
            &ErrorKind::InvalidIssuer => (),
            _ => assert!(false),
        };
    }
    #[test]
    fn sub_ok() {
        let mut claims = Map::new();
        claims.insert("sub".to_string(), to_value("Keats").unwrap());
        let validation = Validation {
            sub: Some("Keats".to_string()),
            ..Default::default()
        };
        let res = validate(&claims, &validation);
        assert!(res.is_ok());
    }
    #[test]
    fn sub_not_matching_fails() {
        let mut claims = Map::new();
        claims.insert("sub".to_string(), to_value("Hacked").unwrap());
        let validation = Validation {
            sub: Some("Keats".to_string()),
            ..Default::default()
        };
        let res = validate(&claims, &validation);
        assert!(res.is_err());
        match res.unwrap_err().kind() {
            &ErrorKind::InvalidSubject => (),
            _ => assert!(false),
        };
    }
    #[test]
    fn aud_string_ok() {
        let mut claims = Map::new();
        claims.insert("aud".to_string(), to_value("Everyone").unwrap());
        let mut validation = Validation::default();
        validation.set_audience(&"Everyone");
        let res = validate(&claims, &validation);
        assert!(res.is_ok());
    }
    #[test]
    fn aud_array_of_string_ok() {
        let mut claims = Map::new();
        claims.insert("aud".to_string(), to_value(["UserA", "UserB"]).unwrap());
        let mut validation = Validation::default();
        validation.set_audience(&["UserA", "UserB"]);
        let res = validate(&claims, &validation);
        assert!(res.is_ok());
    }
    #[test]
    fn aud_type_mismatch_fails() {
        let mut claims = Map::new();
        claims.insert("aud".to_string(), to_value("Everyone").unwrap());
        let mut validation = Validation::default();
        validation.set_audience(&["UserA", "UserB"]);
        let res = validate(&claims, &validation);
        assert!(res.is_err());
        match res.unwrap_err().kind() {
            &ErrorKind::InvalidAudience => (),
            _ => assert!(false),
        };
    }
    #[test]
    fn aud_correct_type_not_matching_fails() {
        let mut claims = Map::new();
        claims.insert("aud".to_string(), to_value("Everyone").unwrap());
        let mut validation = Validation::default();
        validation.set_audience(&"None");
        let res = validate(&claims, &validation);
        assert!(res.is_err());
        match res.unwrap_err().kind() {
            &ErrorKind::InvalidAudience => (),
            _ => assert!(false),
        };
    }
 }
--- a/migrations/mysql/2018-01-14-171611_create_tables/down.sql
+++ b/migrations/mysql/2018-01-14-171611_create_tables/down.sql
--- a/migrations/sqlite/2018-01-14-171611_create_tables/up.sql
+++ b/migrations/sqlite/2018-01-14-171611_create_tables/up.sql
--- a/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/down.sql
+++ b/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/down.sql
--- a/migrations/sqlite/2018-02-17-205753_create_collections_and_orgs/up.sql
+++ b/migrations/sqlite/2018-02-17-205753_create_collections_and_orgs/up.sql
--- a/migrations/mysql/2018-04-27-155151_create_users_ciphers/down.sql
+++ b/migrations/mysql/2018-04-27-155151_create_users_ciphers/down.sql
--- a/migrations/sqlite/2018-04-27-155151_create_users_ciphers/up.sql
+++ b/migrations/sqlite/2018-04-27-155151_create_users_ciphers/up.sql
--- a/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/down.sql
+++ b/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/down.sql
--- a/migrations/sqlite/2018-05-08-161616_create_collection_cipher_map/up.sql
+++ b/migrations/sqlite/2018-05-08-161616_create_collection_cipher_map/up.sql
--- a/migrations/mysql/2018-05-25-232323_update_attachments_reference/down.sql
+++ b/migrations/mysql/2018-05-25-232323_update_attachments_reference/down.sql
--- a/migrations/sqlite/2018-05-25-232323_update_attachments_reference/up.sql
+++ b/migrations/sqlite/2018-05-25-232323_update_attachments_reference/up.sql
--- a/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/down.sql
+++ b/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/down.sql
--- a/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/up.sql
+++ b/migrations/mysql/2018-06-01-112529_update_devices_twofactor_remember/up.sql
--- a/migrations/mysql/2018-01-14-171611_create_tables/up.sql
+++ b/migrations/mysql/2018-01-14-171611_create_tables/up.sql
@@ -1,62 +0,0 @@
 CREATE TABLE users (
  uuid                CHAR(36) NOT NULL PRIMARY KEY,
  created_at          DATETIME NOT NULL,
  updated_at          DATETIME NOT NULL,
  email               VARCHAR(255) NOT NULL UNIQUE,
  name                TEXT     NOT NULL,
  password_hash       BLOB     NOT NULL,
  salt                BLOB     NOT NULL,
  password_iterations INTEGER  NOT NULL,
  password_hint       TEXT,
  `key`               TEXT     NOT NULL,
  private_key         TEXT,
  public_key          TEXT,
  totp_secret         TEXT,
  totp_recover        TEXT,
  security_stamp      TEXT     NOT NULL,
  equivalent_domains  TEXT     NOT NULL,
  excluded_globals    TEXT     NOT NULL
 );
 CREATE TABLE devices (
  uuid          CHAR(36) NOT NULL PRIMARY KEY,
  created_at    DATETIME NOT NULL,
  updated_at    DATETIME NOT NULL,
  user_uuid     CHAR(36) NOT NULL REFERENCES users (uuid),
  name          TEXT     NOT NULL,
  type          INTEGER  NOT NULL,
  push_token    TEXT,
  refresh_token TEXT     NOT NULL
 );
 CREATE TABLE ciphers (
  uuid              CHAR(36) NOT NULL PRIMARY KEY,
  created_at        DATETIME NOT NULL,
  updated_at        DATETIME NOT NULL,
  user_uuid         CHAR(36) NOT NULL REFERENCES users (uuid),
  folder_uuid       CHAR(36) REFERENCES folders (uuid),
  organization_uuid CHAR(36),
  type              INTEGER  NOT NULL,
  name              TEXT     NOT NULL,
  notes             TEXT,
  fields            TEXT,
  data              TEXT     NOT NULL,
  favorite          BOOLEAN  NOT NULL
 );
 CREATE TABLE attachments (
  id          CHAR(36) NOT NULL PRIMARY KEY,
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  file_name   TEXT    NOT NULL,
  file_size   INTEGER NOT NULL
 );
 CREATE TABLE folders (
  uuid       CHAR(36) NOT NULL PRIMARY KEY,
  created_at DATETIME NOT NULL,
  updated_at DATETIME NOT NULL,
  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
  name       TEXT     NOT NULL
 );
--- a/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/up.sql
+++ b/migrations/mysql/2018-02-17-205753_create_collections_and_orgs/up.sql
@@ -1,30 +0,0 @@
 CREATE TABLE collections (
  uuid     VARCHAR(40) NOT NULL PRIMARY KEY,
  org_uuid VARCHAR(40) NOT NULL REFERENCES organizations (uuid),
  name     TEXT NOT NULL
 );
 CREATE TABLE organizations (
  uuid          VARCHAR(40) NOT NULL PRIMARY KEY,
  name          TEXT NOT NULL,
  billing_email TEXT NOT NULL
 );
 CREATE TABLE users_collections (
  user_uuid       CHAR(36) NOT NULL REFERENCES users (uuid),
  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
  PRIMARY KEY (user_uuid, collection_uuid)
 );
 CREATE TABLE users_organizations (
  uuid       CHAR(36) NOT NULL PRIMARY KEY,
  user_uuid  CHAR(36) NOT NULL REFERENCES users (uuid),
  org_uuid   CHAR(36) NOT NULL REFERENCES organizations (uuid),
  access_all BOOLEAN NOT NULL,
  `key`      TEXT    NOT NULL,
  status     INTEGER NOT NULL,
  type       INTEGER NOT NULL,
  UNIQUE (user_uuid, org_uuid)
 );
--- a/migrations/mysql/2018-04-27-155151_create_users_ciphers/up.sql
+++ b/migrations/mysql/2018-04-27-155151_create_users_ciphers/up.sql
@@ -1,34 +0,0 @@
 ALTER TABLE ciphers RENAME TO oldCiphers;
 CREATE TABLE ciphers (
  uuid              CHAR(36) NOT NULL PRIMARY KEY,
  created_at        DATETIME NOT NULL,
  updated_at        DATETIME NOT NULL,
  user_uuid         CHAR(36) REFERENCES users (uuid), -- Make this optional
  organization_uuid CHAR(36) REFERENCES organizations (uuid), -- Add reference to orgs table
  -- Remove folder_uuid
  type              INTEGER  NOT NULL,
  name              TEXT     NOT NULL,
  notes             TEXT,
  fields            TEXT,
  data              TEXT     NOT NULL,
  favorite          BOOLEAN  NOT NULL
 );
 CREATE TABLE folders_ciphers (
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  folder_uuid CHAR(36) NOT NULL REFERENCES folders (uuid),
  PRIMARY KEY (cipher_uuid, folder_uuid)
 );
 INSERT INTO ciphers (uuid, created_at, updated_at, user_uuid, organization_uuid, type, name, notes, fields, data, favorite) 
 SELECT uuid, created_at, updated_at, user_uuid, organization_uuid, type, name, notes, fields, data, favorite FROM oldCiphers;
 INSERT INTO folders_ciphers (cipher_uuid, folder_uuid)
 SELECT uuid, folder_uuid FROM oldCiphers WHERE folder_uuid IS NOT NULL;
 DROP TABLE oldCiphers;
 ALTER TABLE users_collections ADD COLUMN read_only BOOLEAN NOT NULL DEFAULT 0; -- False
--- a/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/up.sql
+++ b/migrations/mysql/2018-05-08-161616_create_collection_cipher_map/up.sql
@@ -1,5 +0,0 @@
 CREATE TABLE ciphers_collections (
  cipher_uuid       CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  collection_uuid CHAR(36) NOT NULL REFERENCES collections (uuid),
  PRIMARY KEY (cipher_uuid, collection_uuid)
 );
--- a/migrations/mysql/2018-05-25-232323_update_attachments_reference/up.sql
+++ b/migrations/mysql/2018-05-25-232323_update_attachments_reference/up.sql
@@ -1,14 +0,0 @@
 ALTER TABLE attachments RENAME TO oldAttachments;
 CREATE TABLE attachments (
  id          CHAR(36) NOT NULL PRIMARY KEY,
  cipher_uuid CHAR(36) NOT NULL REFERENCES ciphers (uuid),
  file_name   TEXT    NOT NULL,
  file_size   INTEGER NOT NULL
 );
 INSERT INTO attachments (id, cipher_uuid, file_name, file_size) 
 SELECT id, cipher_uuid, file_name, file_size FROM oldAttachments;
 DROP TABLE oldAttachments;
--- a/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/down.sql
+++ b/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/down.sql
@@ -1,8 +0,0 @@
 UPDATE users
 SET totp_secret = (
    SELECT twofactor.data FROM twofactor
    WHERE twofactor.type = 0 
    AND twofactor.user_uuid = users.uuid
 );
 DROP TABLE twofactor;
--- a/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/up.sql
+++ b/migrations/mysql/2018-07-11-181453_create_u2f_twofactor/up.sql
@@ -1,15 +0,0 @@
 CREATE TABLE twofactor (
  uuid      CHAR(36) NOT NULL PRIMARY KEY,
  user_uuid CHAR(36) NOT NULL REFERENCES users (uuid),
  type      INTEGER  NOT NULL,
  enabled   BOOLEAN  NOT NULL,
  data      TEXT     NOT NULL,
  UNIQUE (user_uuid, type)
 );
 INSERT INTO twofactor (uuid, user_uuid, type, enabled, data) 
 SELECT UUID(), uuid, 0, 1, u.totp_secret FROM users u where u.totp_secret IS NOT NULL;
 UPDATE users SET totp_secret = NULL; -- Instead of recreating the table, just leave the columns empty
--- a/migrations/mysql/2018-08-27-172114_update_ciphers/down.sql
+++ b/migrations/mysql/2018-08-27-172114_update_ciphers/down.sql
--- a/migrations/mysql/2018-08-27-172114_update_ciphers/up.sql
+++ b/migrations/mysql/2018-08-27-172114_update_ciphers/up.sql
@@ -1,3 +0,0 @@
 ALTER TABLE ciphers
    ADD COLUMN
    password_history TEXT;
--- a/migrations/mysql/2018-09-10-111213_add_invites/down.sql
+++ b/migrations/mysql/2018-09-10-111213_add_invites/down.sql
@@ -1 +0,0 @@
 DROP TABLE invitations;
--- a/migrations/mysql/2018-09-10-111213_add_invites/up.sql
+++ b/migrations/mysql/2018-09-10-111213_add_invites/up.sql
@@ -1,3 +0,0 @@
 CREATE TABLE invitations (
    email   VARCHAR(255) NOT NULL PRIMARY KEY
 );
--- a/migrations/mysql/2018-09-19-144557_add_kdf_columns/down.sql
+++ b/migrations/mysql/2018-09-19-144557_add_kdf_columns/down.sql
--- a/migrations/mysql/2018-09-19-144557_add_kdf_columns/up.sql
+++ b/migrations/mysql/2018-09-19-144557_add_kdf_columns/up.sql
@@ -1,7 +0,0 @@
 ALTER TABLE users
    ADD COLUMN
    client_kdf_type INTEGER NOT NULL DEFAULT 0; -- PBKDF2
 ALTER TABLE users
    ADD COLUMN
    client_kdf_iter INTEGER NOT NULL DEFAULT 100000;
--- a/migrations/mysql/2018-11-27-152651_add_att_key_columns/down.sql
+++ b/migrations/mysql/2018-11-27-152651_add_att_key_columns/down.sql
--- a/migrations/mysql/2018-11-27-152651_add_att_key_columns/up.sql
+++ b/migrations/mysql/2018-11-27-152651_add_att_key_columns/up.sql
@@ -1,3 +0,0 @@
 ALTER TABLE attachments
    ADD COLUMN
    `key` TEXT;
--- a/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/down.sql
+++ b/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/down.sql
@@ -1,7 +0,0 @@
 ALTER TABLE attachments CHANGE COLUMN akey `key` TEXT;
 ALTER TABLE ciphers CHANGE COLUMN atype type INTEGER NOT NULL;
 ALTER TABLE devices CHANGE COLUMN atype type INTEGER NOT NULL;
 ALTER TABLE twofactor CHANGE COLUMN atype type INTEGER NOT NULL;
 ALTER TABLE users CHANGE COLUMN akey `key` TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN akey `key` TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN atype type INTEGER NOT NULL;
--- a/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/up.sql
+++ b/migrations/mysql/2019-05-26-216651_rename_key_and_type_columns/up.sql
@@ -1,7 +0,0 @@
 ALTER TABLE attachments CHANGE COLUMN `key` akey TEXT;
 ALTER TABLE ciphers CHANGE COLUMN type atype INTEGER NOT NULL;
 ALTER TABLE devices CHANGE COLUMN type atype INTEGER NOT NULL;
 ALTER TABLE twofactor CHANGE COLUMN type atype INTEGER NOT NULL;
 ALTER TABLE users CHANGE COLUMN `key` akey TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN `key` akey TEXT;
 ALTER TABLE users_organizations CHANGE COLUMN type atype INTEGER NOT NULL;
--- a/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/down.sql
+++ b/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/down.sql
--- a/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/up.sql
+++ b/migrations/mysql/2019-10-10-083032_add_column_to_twofactor/up.sql
@@ -1 +0,0 @@
 ALTER TABLE twofactor ADD COLUMN last_used INTEGER NOT NULL DEFAULT 0;
--- a/migrations/mysql/2019-11-17-011009_add_email_verification/down.sql
+++ b/migrations/mysql/2019-11-17-011009_add_email_verification/down.sql
@@ -1 +0,0 @@
--- a/migrations/mysql/2019-11-17-011009_add_email_verification/up.sql
+++ b/migrations/mysql/2019-11-17-011009_add_email_verification/up.sql
@@ -1,5 +0,0 @@
 ALTER TABLE users ADD COLUMN verified_at DATETIME DEFAULT NULL;
 ALTER TABLE users ADD COLUMN last_verifying_at DATETIME DEFAULT NULL;
 ALTER TABLE users ADD COLUMN login_verify_count INTEGER NOT NULL DEFAULT 0;
 ALTER TABLE users ADD COLUMN email_new VARCHAR(255) DEFAULT NULL;
 ALTER TABLE users ADD COLUMN email_new_token VARCHAR(16) DEFAULT NULL;
--- a/migrations/mysql/2020-03-13-205045_add_policy_table/down.sql
+++ b/migrations/mysql/2020-03-13-205045_add_policy_table/down.sql
@@ -1 +0,0 @@
 DROP TABLE org_policies;
--- a/migrations/mysql/2020-03-13-205045_add_policy_table/up.sql
+++ b/migrations/mysql/2020-03-13-205045_add_policy_table/up.sql
@@ -1,9 +0,0 @@
 CREATE TABLE org_policies (
  uuid      CHAR(36) NOT NULL PRIMARY KEY,
  org_uuid  CHAR(36) NOT NULL REFERENCES organizations (uuid),
  atype     INTEGER  NOT NULL,
  enabled   BOOLEAN  NOT NULL,
  data      TEXT     NOT NULL,
  UNIQUE (org_uuid, atype)
 );
--- a/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/down.sql
+++ b/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/down.sql
@@ -1 +0,0 @@
--- a/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/up.sql
+++ b/migrations/mysql/2020-04-09-235005_add_cipher_delete_date/up.sql
@@ -1,3 +0,0 @@
 ALTER TABLE ciphers
    ADD COLUMN
    deleted_at DATETIME;
--- a/migrations/mysql/2020-07-01-214531_add_hide_passwords/down.sql
+++ b/migrations/mysql/2020-07-01-214531_add_hide_passwords/down.sql
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Miroslav Prasil	ebb30229f1	Add Image information	2018-06-01 15:17:09 +01:00
Miroslav Prasil	936af5431a	Update readme for docker hub	2018-06-01 15:17:09 +01:00
		`@@ -1,3 +0,0 @@`
			`# Ignore vendored scripts in GitHub stats`
			`src/static/scripts/* linguist-vendored`
		`@@ -1,3 +0,0 @@`
			`The arch-specific directory names follow the arch identifiers used by the Docker official images:`

			`https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64`
		`@@ -1 +0,0 @@`
			`ALTER TABLE twofactor ADD COLUMN last_used INTEGER NOT NULL DEFAULT 0;`