Bitwarden – Open Source Password Manager

Introduction to Bitwarden

Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials in an encrypted vault. The platform offers a variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. Bitwarden offers a cloud-hosted service as well as the ability to deploy the solution on-premises, making it an excellent choice for both individuals and organizations who prioritize security and transparency in their password management solution.

As an open-source solution, Bitwarden’s code is publicly available for audit, ensuring transparency and security through community review. The platform uses AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256 to secure your data. Unlike many competitors, Bitwarden’s free tier includes unlimited password storage across unlimited devices, making it accessible to everyone regardless of budget constraints.

Key Features and Capabilities

Bitwarden provides comprehensive password management features that rival premium solutions. The platform includes a secure password generator, secure notes storage, credit card information management, and identity storage for autofill purposes. Two-factor authentication support includes TOTP authenticator apps, YubiKey, FIDO2 WebAuthn, Duo Security, and email verification, providing multiple layers of security for your vault access.

The platform’s sharing capabilities allow secure password sharing between family members or team members through organizations. Bitwarden also includes a breach report feature that checks your stored passwords against known data breaches, alerting you to potentially compromised credentials. The vault health reports identify weak passwords, reused passwords, and accounts lacking two-factor authentication.

Installation on Linux

Bitwarden can be installed on Linux through various methods depending on your distribution and preferences. The official desktop application is available as AppImage, DEB, RPM, and Snap packages.

Installing via Snap

# Install Bitwarden via Snap
sudo snap install bitwarden

# Launch Bitwarden
bitwarden

Installing via Flatpak

# Add Flathub repository if not already added
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

# Install Bitwarden
flatpak install flathub com.bitwarden.desktop

# Run Bitwarden
flatpak run com.bitwarden.desktop

Installing on Debian/Ubuntu

# Download the latest DEB package
wget "https://vault.bitwarden.com/download/?app=desktop&platform=linux&variant=deb" -O bitwarden.deb

# Install the package
sudo dpkg -i bitwarden.deb

# Fix any dependency issues
sudo apt-get install -f

Installing on Fedora/RHEL

# Download the latest RPM package
wget "https://vault.bitwarden.com/download/?app=desktop&platform=linux&variant=rpm" -O bitwarden.rpm

# Install using DNF
sudo dnf install ./bitwarden.rpm

Installing Bitwarden CLI

# Install via npm (requires Node.js)
npm install -g @bitwarden/cli

# Or download the native binary
wget "https://vault.bitwarden.com/download/?app=cli&platform=linux" -O bw.zip
unzip bw.zip
chmod +x bw
sudo mv bw /usr/local/bin/

# Verify installation
bw --version

Installation on Windows

Bitwarden offers several installation methods on Windows including the Microsoft Store, direct installer, and portable version.

Installing via Microsoft Store

# Using Windows Package Manager (winget)
winget install Bitwarden.Bitwarden

# Or using Chocolatey
choco install bitwarden

Installing via Direct Download

# Download and run the installer from the official website
# The installer will guide you through the setup process

# For PowerShell CLI installation
Invoke-WebRequest -Uri "https://vault.bitwarden.com/download/?app=cli&platform=windows" -OutFile "bw.zip"
Expand-Archive -Path "bw.zip" -DestinationPath "C:\Program Files\Bitwarden CLI"
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program Files\Bitwarden CLI", "Machine")

Installation on macOS

Bitwarden is available for macOS through the App Store, Homebrew, or direct download.

Installing via Homebrew

# Install the desktop application
brew install --cask bitwarden

# Install the CLI tool
brew install bitwarden-cli

# Verify CLI installation
bw --version

Installing via Mac App Store

# Search for "Bitwarden" in the Mac App Store
# Or use mas-cli
mas install 1352778147

Browser Extension Installation

Bitwarden browser extensions are available for all major browsers, providing seamless integration with your web browsing experience.

Chrome/Chromium

# Visit the Chrome Web Store
# Search for "Bitwarden - Free Password Manager"
# Click "Add to Chrome"

# Extension ID: nngceckbapebfimnlniiiahkandclblb

Firefox

# Visit Firefox Add-ons
# Search for "Bitwarden"
# Click "Add to Firefox"

# Or install from command line (Linux)
firefox https://addons.mozilla.org/firefox/addon/bitwarden-password-manager/

Bitwarden CLI Commands

The Bitwarden CLI provides powerful command-line access to your vault, enabling automation and integration with scripts and workflows.

Authentication and Session Management

# Login to Bitwarden
bw login

# Login with API key
bw login --apikey

# Unlock your vault (after login)
bw unlock

# Export session key for scripts
export BW_SESSION="your-session-key"

# Lock your vault
bw lock

# Logout
bw logout

# Check login status
bw status

Vault Operations

# Sync your vault with the server
bw sync

# List all items in vault
bw list items

# List items with search filter
bw list items --search "github"

# List items in a folder
bw list items --folderid folder-id

# Get a specific item by ID
bw get item item-id

# Get item by name
bw get item "GitHub"

# Get password for an item
bw get password item-id

# Get TOTP code
bw get totp item-id

# Get username
bw get username item-id

Creating and Managing Items

# Create a new login item
bw get template item.login | jq '.name="New Login" | .login.username="user@example.com" | .login.password="securepassword"' | bw encode | bw create item

# Edit an existing item
bw get item item-id | jq '.name="Updated Name"' | bw encode | bw edit item item-id

# Delete an item
bw delete item item-id

# Restore a deleted item
bw restore item item-id

# Move item to folder
bw get item item-id | jq '.folderId="folder-id"' | bw encode | bw edit item item-id

Folder Management

# List all folders
bw list folders

# Create a new folder
bw get template folder | jq '.name="Work Accounts"' | bw encode | bw create folder

# Edit a folder
bw get folder folder-id | jq '.name="Personal Accounts"' | bw encode | bw edit folder folder-id

# Delete a folder
bw delete folder folder-id

Organization Management

# List organizations
bw list organizations

# List collections in an organization
bw list org-collections --organizationid org-id

# List organization members
bw list org-members --organizationid org-id

# Share item with organization
bw share item-id org-id collection-id

Password Generation

# Generate a random password
bw generate

# Generate with specific length
bw generate --length 32

# Generate with uppercase, lowercase, numbers, and special characters
bw generate -ulns --length 24

# Generate without ambiguous characters
bw generate --ambiguous --length 20

# Generate a passphrase
bw generate --passphrase --words 5 --separator "-"

# Generate passphrase with capitalization
bw generate --passphrase --words 4 --capitalize --includeNumber

Export and Import

# Export vault to JSON
bw export --format json --output ./backup.json

# Export vault to CSV
bw export --format csv --output ./backup.csv

# Export encrypted JSON
bw export --format encrypted_json --output ./backup.encrypted.json

# Export organization vault
bw export --organizationid org-id --format json

# Import from another password manager
bw import lastpasscsv ./lastpass-export.csv
bw import 1aboratorybcsv ./1password-export.csv
bw import keepaboratoryxxml ./keaboratorypass-export.xml

Advanced Configuration

Bitwarden offers extensive configuration options for advanced users and enterprise deployments.

Self-Hosting with Vaultwarden

# Pull Vaultwarden Docker image
docker pull vaultwarden/server:latest

# Run Vaultwarden container
docker run -d --name vaultwarden \
  -e SIGNUPS_ALLOWED=true \
  -e ADMIN_TOKEN=your-secure-admin-token \
  -v /vw-data/:/data/ \
  -p 80:80 \
  vaultwarden/server:latest

# Docker Compose configuration
cat > docker-compose.yml << 'EOF'
version: '3'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=false
      - ADMIN_TOKEN=${ADMIN_TOKEN}
    volumes:
      - ./vw-data:/data
    ports:
      - "80:80"
      - "3012:3012"
EOF

# Start with Docker Compose
docker-compose up -d

Configuring CLI Server

# Configure custom server URL (for self-hosted)
bw config server https://your-bitwarden-server.com

# View current configuration
bw config server

# Reset to official server
bw config server https://vault.bitwarden.com

Environment Variables

# Set session key
export BW_SESSION="your-session-key"

# Set custom server URL
export BW_SERVERURL="https://your-server.com"

# Set client ID and secret for API access
export BW_CLIENTID="your-client-id"
export BW_CLIENTSECRET="your-client-secret"

# Disable SSL verification (development only)
export NODE_TLS_REJECT_UNAUTHORIZED=0

Automation Scripts

Bitwarden CLI enables powerful automation for managing credentials in scripts and CI/CD pipelines.

Automated Backup Script

#!/bin/bash
# Bitwarden Vault Backup Script

# Configuration
BACKUP_DIR="/path/to/backups"
DATE=$(date +%Y%m%d_%H%M%S)
BW_SESSION_FILE="/secure/path/.bw_session"

# Unlock vault and get session
export BW_SESSION=$(bw unlock --passwordfile /secure/path/.bw_password --raw)

# Sync vault
bw sync

# Export encrypted backup
bw export --format encrypted_json --output "${BACKUP_DIR}/vault_backup_${DATE}.json"

# Lock vault
bw lock

# Remove old backups (keep last 30 days)
find "${BACKUP_DIR}" -name "vault_backup_*.json" -mtime +30 -delete

echo "Backup completed: vault_backup_${DATE}.json"

Credential Retrieval for Scripts

#!/bin/bash
# Retrieve credentials for automated tasks

# Get database password
DB_PASSWORD=$(bw get password "Production Database")

# Get API key
API_KEY=$(bw get item "API Credentials" | jq -r '.fields[] | select(.name=="api_key") | .value')

# Get SSH key passphrase
SSH_PASSPHRASE=$(bw get password "SSH Key")

# Use credentials in your application
mysql -u admin -p"${DB_PASSWORD}" -h dbserver mydatabase

Security Best Practices

Implementing proper security practices is essential when using any password manager.

Master Password Guidelines

# Generate a strong master password using passphrase
bw generate --passphrase --words 6 --separator "-" --capitalize --includeNumber

# Example output: Correct-Horse-Battery-Staple-42-Gamma

# Never store your master password digitally
# Consider using a physical backup in a secure location

Two-Factor Authentication Setup

# Enable 2FA in Bitwarden Web Vault:
# 1. Go to Settings > Security > Two-step Login
# 2. Choose your preferred method:
#    - Authenticator App (TOTP)
#    - YubiKey OTP Security Key
#    - FIDO2 WebAuthn
#    - Duo Security
#    - Email

# For CLI with 2FA
bw login
# Enter email, password, then 2FA code when prompted

Keyboard Shortcuts

Bitwarden desktop and browser extensions support various keyboard shortcuts for efficient password management.

Desktop Application

Ctrl+N          - New item
Ctrl+S          - Save item
Ctrl+F          - Search vault
Ctrl+G          - Generate password
Ctrl+L          - Lock vault
Ctrl+Shift+L    - Lock all applications
Ctrl+,          - Open settings
F5              - Sync vault
Escape          - Close dialog/cancel

Browser Extension

Ctrl+Shift+Y    - Open extension popup
Ctrl+Shift+L    - Auto-fill last used login
Ctrl+Shift+9    - Generate password
Ctrl+Shift+N    - Lock vault

# macOS uses Cmd instead of Ctrl

Troubleshooting Common Issues

Solutions for frequently encountered problems with Bitwarden.

Sync Issues

# Force sync from CLI
bw sync --force

# Clear local cache (Linux)
rm -rf ~/.config/Bitwarden/data.json

# Clear local cache (macOS)
rm -rf ~/Library/Application\ Support/Bitwarden/data.json

# Verify server connectivity
curl -I https://vault.bitwarden.com/api/config

CLI Authentication Issues

# Check current status
bw status

# If locked, unlock with
bw unlock

# If session expired, login again
bw logout
bw login

# Verify session is set
echo $BW_SESSION

Browser Extension Issues

# Reset browser extension:
# 1. Remove extension
# 2. Clear browser cache
# 3. Reinstall extension
# 4. Log in again

# Check for conflicts with other extensions
# Disable other password managers

Enterprise Features

Bitwarden offers enterprise features for organizations requiring advanced security and management capabilities.

Directory Connector

# Install Directory Connector
# Download from Bitwarden website

# Configure LDAP sync
# Edit directory-connector.json
{
  "ldap": {
    "hostname": "ldap.example.com",
    "port": 389,
    "ssl": false,
    "startTls": true,
    "username": "cn=admin,dc=example,dc=com",
    "password": "admin-password"
  },
  "sync": {
    "groups": true,
    "users": true,
    "interval": 60
  }
}

Event Logging

# View organization events via API
curl -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  https://api.bitwarden.com/organizations/${ORG_ID}/events

# Export events for compliance
bw list org-events --organizationid org-id --start 2024-01-01 --end 2024-12-31

Mobile Applications

Bitwarden mobile apps are available for iOS and Android, providing secure access to your vault on the go.

iOS Features

# Available on App Store
# Features:
# - Face ID / Touch ID authentication
# - AutoFill integration with iOS
# - Apple Watch app
# - Siri Shortcuts support
# - Widget support

Android Features

# Available on Google Play Store and F-Droid
# Features:
# - Fingerprint authentication
# - Autofill Framework integration
# - Android Wear support
# - Accessibility autofill service
# - Quick Settings tile

Conclusion

Bitwarden represents the gold standard in open-source password management, offering a compelling combination of security, features, and accessibility. Its transparent development process, regular security audits, and commitment to open-source principles make it a trustworthy choice for individuals and organizations alike. Whether you're looking for a personal password manager or an enterprise-grade solution with advanced features like SSO and directory sync, Bitwarden provides a robust and cost-effective solution that doesn't compromise on security or functionality.