Skip to content
Vaultbase

Vaultbase

A self-hosted backend in a single binary. Collections, REST API, auth, realtime, files, server-side hooks — TypeScript on Bun.
Quick start GitHub

Why Vaultbase

Section titled “Why Vaultbase”

A backend you can ./vaultbase and forget about. No database to provision, no auth service to wire up, no file storage to configure. One binary does it all, with a built-in admin UI.

Collections

Per-collection real SQL tables — not JSON blobs. Fast queries, native indexes, ALTER TABLE diffs on schema edit.

Auth

Email/password, OAuth2 (Google, GitHub, GitLab, +10 more), OTP / magic link, MFA / TOTP, anonymous sessions, admin impersonation.

Realtime

WebSocket with topic-based subscriptions — subscribe to a collection, a specific record, or * for everything.

Files

Local FS storage, MIME + size validation, multi-file fields, on-the-fly image thumbnails, protected-URL tokens.

Hooks

Server-side JS hooks (before/after × CRUD), custom HTTP routes under /api/custom/*, cron jobs — all editable from the admin UI.

Single binary

bun build --compile produces a self-contained binary per platform — Linux, macOS, Windows. No native deps to ship alongside.

What’s in the box

Section titled “What’s in the box”
  • REST API — list/get/create/update/delete with filter, sort, expand (nested), field projection, skipTotal, batch
  • Per-collection tablesvb_<name> SQL tables with native indexes
  • Three collection typesbase, auth, view (read-only, SQL-backed)
  • Rule expression language — typed autocomplete in the admin UI
  • OAuth2 — Google, GitHub, GitLab, Facebook, Microsoft, Discord, Twitch, Spotify, LinkedIn, Slack, Bitbucket, Notion, Patreon
  • Email — SMTP config + verify/reset/OTP templates with {{var}} interpolation
  • Encrypted fields — AES-GCM at rest via VAULTBASE_ENCRYPTION_KEY
  • Logs — JSONL files per UTC day, never deleted, JSONPath search
  • Rate limiting — per-IP token bucket, configurable per-route
  • Backup / migrations — SQLite snapshot + JSON schema snapshot for cross-environment sync
  • Cron jobs — UTC, Monaco editor, run-now button, last-run status

At a glance

Section titled “At a glance”
FeatureVaultbase
Single binary distribution
Embedded DB (SQLite, no server)
Built-in admin UI
Realtime (WebSocket)
TypeScript stack (Bun + Elysia)
Server-side JS hooks + custom routes + cron jobs
OAuth2 providers (Google, GitHub, Apple, Twitter/X, generic OIDC)
File storage (local + S3 / Cloudflare R2)
Encrypted fields (AES-GCM)
MFA / TOTP + recovery codes
Self-hosted, open source

Get started

Section titled “Get started”
Terminal window
bun install
bun run build           # → ./vaultbase
./vaultbase             # starts on :8091
# open http://localhost:8091/_/  → setup wizard

That’s it. Walk through the Quick start for your first collection.