diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix
index 3ef0bfb090a..aaa3f5507f7 100644
--- a/nixos/modules/services/security/vaultwarden/default.nix
+++ b/nixos/modules/services/security/vaultwarden/default.nix
@@ -162,8 +162,8 @@ in {
 
     webVaultPackage = mkOption {
       type = package;
-      default = pkgs.vaultwarden-vault;
-      defaultText = literalExpression "pkgs.vaultwarden-vault";
+      default = pkgs.vaultwarden.webvault;
+      defaultText = literalExpression "pkgs.vaultwarden.webvault";
       description = lib.mdDoc "Web vault package to use.";
     };
   };
diff --git a/pkgs/tools/security/vaultwarden/default.nix b/pkgs/tools/security/vaultwarden/default.nix
index d4d5626d32e..c3240a32e53 100644
--- a/pkgs/tools/security/vaultwarden/default.nix
+++ b/pkgs/tools/security/vaultwarden/default.nix
@@ -1,8 +1,12 @@
-{ lib, stdenv, rustPlatform, fetchFromGitHub, fetchurl, nixosTests
+{ lib, stdenv, callPackage, rustPlatform, fetchFromGitHub, fetchurl, nixosTests
 , pkg-config, openssl
 , libiconv, Security, CoreServices
 , dbBackend ? "sqlite", libmysqlclient, postgresql }:
 
+let
+  webvault = callPackage ./webvault.nix {};
+in
+
 rustPlatform.buildRustPackage rec {
   pname = "vaultwarden";
   version = "1.26.0";
@@ -34,7 +38,11 @@ rustPlatform.buildRustPackage rec {
 
   buildFeatures = dbBackend;
 
-  passthru.tests = nixosTests.vaultwarden;
+  passthru = {
+    inherit webvault;
+    tests = nixosTests.vaultwarden;
+    updateScript = callPackage ./update.nix {};
+  };
 
   meta = with lib; {
     description = "Unofficial Bitwarden compatible server written in Rust";
diff --git a/pkgs/tools/security/vaultwarden/update.nix b/pkgs/tools/security/vaultwarden/update.nix
new file mode 100644
index 00000000000..0fc4b45a129
--- /dev/null
+++ b/pkgs/tools/security/vaultwarden/update.nix
@@ -0,0 +1,22 @@
+{ writeShellScript
+, lib
+, nix-update
+, curl
+, git
+, gnugrep
+, gnused
+, jq
+}:
+
+writeShellScript "update-vaultwarden" ''
+  PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix-update ]}
+
+  set -euxo pipefail
+
+  VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')
+  nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
+
+  URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2"
+  WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"([^\"]+)\".*/\\1/")
+  nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
+''
diff --git a/pkgs/tools/security/vaultwarden/vault.nix b/pkgs/tools/security/vaultwarden/webvault.nix
similarity index 95%
rename from pkgs/tools/security/vaultwarden/vault.nix
rename to pkgs/tools/security/vaultwarden/webvault.nix
index 0a80c107953..f52a93ac046 100644
--- a/pkgs/tools/security/vaultwarden/vault.nix
+++ b/pkgs/tools/security/vaultwarden/webvault.nix
@@ -1,7 +1,7 @@
 { lib, stdenv, fetchurl, nixosTests }:
 
 stdenv.mkDerivation rec {
-  pname = "vaultwarden-vault";
+  pname = "vaultwarden-webvault";
   version = "2022.11.1";
 
   src = fetchurl {
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 7586a6e68c3..563f95233f6 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -1558,6 +1558,7 @@ mapAliases ({
   varnish63 = throw "varnish63 was removed from nixpkgs, because it is unmaintained upstream. Please switch to a different release"; # Added 2021-07-26
   varnish65 = throw "varnish65 was removed from nixpkgs, because it is unmaintained upstream. Please switch to a different release"; # Added 2021-09-15
   varnish70 = throw "varnish70 was removed from nixpkgs, because it was superseded upstream. Please switch to a different release"; # Added 2022-03-17
+  vaultwarden-vault = vaultwarden.webvault; # Added 2022-12-13
   varnish71 = throw "varnish71 was removed from nixpkgs, because it was superseded upstream. Please switch to a different release"; # Added 2022-11-08
   vdirsyncerStable  = vdirsyncer; # Added 2020-11-08, see https://github.com/NixOS/nixpkgs/issues/103026#issuecomment-723428168
   venus = throw "venus has been removed from nixpkgs, as it's unmaintained"; # Added 2021-02-05
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e35f80aa819..a8408c41ff5 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -37528,8 +37528,6 @@ with pkgs;
   vaultwarden-mysql = vaultwarden.override { dbBackend = "mysql"; };
   vaultwarden-postgresql = vaultwarden.override { dbBackend = "postgresql"; };
 
-  vaultwarden-vault = callPackage ../tools/security/vaultwarden/vault.nix { };
-
   vazir-fonts = callPackage ../data/fonts/vazir-fonts { };
 
   vhs = callPackage ../applications/misc/vhs { };