diff --git a/README.md b/README.md
index fa8045ee..ae1dbe0a 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,7 @@ just a stock Ubuntu install, some clever Ansible config and a bunch of Docker co
 ### Docker Containers Used
 
 * [Airsonic](https://airsonic.github.io/) - catalog and stream music
+* [Bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs) - Self-Hosting port of password manager
 * [Cloudflare DDNS](https://hub.docker.com/r/joshuaavalon/cloudflare-ddns/) - automatically update Cloudflare with your dynamic IP address
 * [CouchPotato](https://couchpota.to/) - for downloading and managing movies
 * [Duplicati](https://www.duplicati.com/) - for backing up your stuff
diff --git a/docs/applications/bitwarden.md b/docs/applications/bitwarden.md
new file mode 100644
index 00000000..f806bebf
--- /dev/null
+++ b/docs/applications/bitwarden.md
@@ -0,0 +1,18 @@
+# Bitwarden(_rs) Password Management
+
+Homepage: [https://github.com/dani-garcia/bitwarden_rs](https://github.com/dani-garcia/bitwarden_rs)
+Bitwarden: [https://bitwarden.com/](https://bitwarden.com/)
+
+This is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
+
+## Usage
+
+Set `bitwarden_enabled: true` in your `group_vars/all.yml` file.
+
+## Specific Configuration
+
+Make sure you set your admin token! It is bitwarden_admin_token in `group_vars/all.yml` file. The string you put here will be the login to the admin section of your bitwarden installation (https://bitwarden.ansiblenasdomain.tld/admin). This token can be anything, but it's recommended to use a long, randomly generated string of characters, for example running: openssl rand -base64 48.
+
+To create a user, you need to change a variable in ./tasks/bitwarden.yml. Set "SIGNUPS_ALLOWED" to "true", and reprovision the container. Once you have created your user, I would reccomend setting it to false and reprovisioning one more time.
+
+There is currently an issue with websockets and this configuration; traefik does not work correctly when enabled. If this issue gets resolved, I will update the file. Until that time, please note that synchronizations between your vault and browser extensions will not be instant. You will need to force a sync or wait on the scheduled sync (approx. 1h).
\ No newline at end of file
diff --git a/docs/configuration/application_ports.md b/docs/configuration/application_ports.md
index be3a5282..090bd7a7 100644
--- a/docs/configuration/application_ports.md
+++ b/docs/configuration/application_ports.md
@@ -5,6 +5,8 @@ By default, applications can be found on the ports listed below.
 | Application     | Port   | Notes     |
 |-----------------|--------|-----------|
 | Couchpotato     | 5050   |           |
+| Bitwarden "hub" | 3012   | Web Not.  |
+| Bitwarden       | 19080  | HTTP      |
 | Duplicati       | 8200   |           |
 | Emby            | 8096   | HTTP      |
 | Emby            | 8920   | HTTPS     |
diff --git a/group_vars/all.yml.dist b/group_vars/all.yml.dist
index 24330eb0..41eeaa56 100644
--- a/group_vars/all.yml.dist
+++ b/group_vars/all.yml.dist
@@ -61,6 +61,9 @@ timemachine_enabled: false
 znc_enabled: false
 thelounge_enabled: false
 
+# Password Management
+bitwarden_enabled: false
+
 ###
 ### General
 ###
@@ -208,10 +211,9 @@ cloudflare_email: "{{ ansible_nas_email }}"
 # Cloudflare 'Global API Key', can be found on the 'My Profile' page
 cloudflare_api_key: abcdeabcdeabcdeabcde1234512345
 
-######################################################################################
-###### Advanced Settings                                                        ######
-###### Ensure you know what you're doing before getting stuck in down here 8-)  ######
-######################################################################################
+##################################################################
+###### You shouldn't need to edit anything below this point ######
+##################################################################
 
 ###
 ### General
@@ -485,4 +487,15 @@ jackett_data_directory: "{{ docker_home }}/jackett"
 ###
 ### The Lounge
 ###
-thelounge_data_directory: "{{ docker_home }}/thelounge"
\ No newline at end of file
+thelounge_data_directory: "{{ docker_home }}/thelounge"
+
+###
+### Bitwarden
+###
+bitwarden_data_directory: "{{ docker_home }}/bitwarden"
+bitwarden_available_externally: "false"
+
+# Keep this token secret, this is password to access admin area of your server!
+# This token can be anything, but it's recommended to use a long, randomly generated string of characters,
+# for example running openssl rand -base64 48
+bitwarden_admin_token: qwertyuiop1234567890poiuytrewq0987654321
\ No newline at end of file
diff --git a/nas.yml b/nas.yml
index 9e4caca1..d4bc0e46 100644
--- a/nas.yml
+++ b/nas.yml
@@ -142,3 +142,7 @@
   - import_tasks: tasks/jackett.yml
     when: (jackett_enabled | default(False))
     tags: jackett
+
+  - import_tasks: tasks/bitwarden.yml
+    when: (bitwarden_enabled | default(False))
+    tags: bitwarden
\ No newline at end of file
diff --git a/tasks/bitwarden.yml b/tasks/bitwarden.yml
new file mode 100644
index 00000000..a362f005
--- /dev/null
+++ b/tasks/bitwarden.yml
@@ -0,0 +1,41 @@
+- name: Create Bitwarden Directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ bitwarden_data_directory }}"
+
+- name: Bitwarden Docker Container
+  docker_container:
+    name: bitwarden
+    image: mprasil/bitwarden:latest
+    pull: true
+    ports:
+      - "19080:80"
+      - "3012:3012"
+    volumes:
+      - "{{ bitwarden_data_directory }}:/data:rw"
+    env:
+      SIGNUPS_ALLOWED: "false"
+      ADMIN_TOKEN: "{{ bitwarden_admin_token }}"
+      LOG_FILE: "/data/bitwarden.log"
+      WEBSOCKET_ENABLED: "true"
+    labels:
+      traefik.backend: "bitwarden"
+      traefik.web.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }}"
+      traefik.enable: "{{ bitwarden_available_externally }}"
+      traefik.web.port: "80"
+      traefik.hub.frontend.rule: "Host:bitwarden.{{ ansible_nas_domain }};Path:/notifications/hub"
+      traefik.hub.port: "3012"
+      traefik.hub.protocol: "ws"
+    restart_policy: unless-stopped
+    #memory: 1g
+
+- name: Bitwarden Backup Container
+  docker_container:
+    name: bitwarden-backup
+    image: bruceforce/bw_backup:latest
+    pull: true
+    restart_policy: unless-stopped
+    volumes_from: bitwarden
+    memory: 1g
\ No newline at end of file
diff --git a/templates/traefik/traefik.toml b/templates/traefik/traefik.toml
index c0e6d4c2..c73de642 100644
--- a/templates/traefik/traefik.toml
+++ b/templates/traefik/traefik.toml
@@ -180,6 +180,7 @@ onDemand = false # create certificate when container is created
 
   # we request a certificate for everything, because why not.
   sans = ["airsonic.{{ ansible_nas_domain }}",
+          "bitwarden.{{ ansible_nas_domain }}",
           "couchpotato.{{ ansible_nas_domain }}",
           "duplicati.{{ ansible_nas_domain }}",
           "emby.{{ ansible_nas_domain }}",