Admin Token NOT Working

[markwwd]

Prerequisites

• I have searched the existing Closed AND Open Issues AND Discussions
• I have searched and read the documentation

Vaultwarden Support String

I’m migrating an existing self-built Vaultwarden installation to Docker on Windows.

A plain text ADMIN_TOKEN works correctly and allows access to /admin.

However, when I use a hashed Argon2 token generated with: /vaultwarden hash

the admin login always fails with: [vaultwarden::api::admin][ERROR] Invalid admin token.

What I have verified:

• /admin is enabled (not showing “admin panel is disabled”)
• docker exec vaultwarden printenv ADMIN_TOKEN shows the full Argon2 hash correctly inside the container
• I recreated the container using docker compose down and docker compose up -d --force-recreate
• I am entering the original plain password used to generate the hash, not the hash itself
• There is no config.json in the data directory overriding settings
• The same setup works immediately when using a plain text ADMIN_TOKEN

Example compose configuration:

environment:
ADMIN_TOKEN: $$argon2id$$v=19$$m=19456,t=2,p=1$$...

Inside the container the variable resolves correctly to:

$argon2id$v=19$m=19456,t=2,p=1$...

Is there anything specific required when using Argon2-hashed admin tokens in Docker Compose on Windows, or any known issues with this setup?

I’m coming from “built from source/w rust” to Docker container. I just copied the token from .env to the compose file.

Vaultwarden Build Version

Latest

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

caddy

Host/Server Operating System

Windows

Operating System Version

Windows 11

Clients

Desktop

Client Version

No response

Steps To Reproduce

Already described.

Expected Result

Already described.

Actual Result

Already described.

Logs

Screenshots or Videos

No response

Additional Context

No response

[stefan0xC]

The entered token is trimmed so if it orginally started or ended with whitespace characters the login will fail.

vaultwarden/src/api/admin.rs

Line 237 in d626ea8

argon2::Argon2::default().verify_password(token.trim().as_ref(), &h).is_ok()

Not sure if there are other known issues.

[markwwd]

Do you have a password with the first or last character which is a white space? If not, then that is not the case

Like I said.. my password starts with a capital letter and ends with a character: !

[BlackDex]

Then i would guess the string is modified by compose.
Enter the docker container and run env to see the actual string

[BlackDex]

If you used environment inside the compose file, and you used vaultwarden as your container name, this should do the trick.

docker exec -it vaultwarden env | grep "ADMIN_TOKEN"

[stefan0xC]

Can you make sure that your keyboard layout is the same in the console and in your browser? You could also try the alternative method of creating the argon2id PHC string and check if that does the trick.

[markwwd]

Solved it. Thanks guys. It was the wrong password.. oopsie 😂