User based Tokens/Api Keys #4242

New Issue

GiteaMirror · 2026-03-07T19:35:35-06:00

GiteaMirror commented

2026-03-07 19:35:35 -06:00

Originally created by @Roemer on GitHub (Feb 6, 2020).

Hello

For automations and such, it would be great to be able to have user create permanent / timely limited api keys or tokens (or certificates) that could be used to access certain passwords of that user in an automated way without the Master Password.
I am thinking of for example database logins for a CI that needs to create a database in order to perform some tests. The CI could get the password from bitwarden_rs with such an api key/token or certificate.

Is this somehow possible or maybe a planned feature? Or is this impossible because of security concerns?

Originally created by @Roemer on GitHub (Feb 6, 2020). Hello For automations and such, it would be great to be able to have user create permanent / timely limited api keys or tokens (or certificates) that could be used to access certain passwords of that user in an automated way without the Master Password. I am thinking of for example database logins for a CI that needs to create a database in order to perform some tests. The CI could get the password from bitwarden_rs with such an api key/token or certificate. Is this somehow possible or maybe a planned feature? Or is this impossible because of security concerns?

GiteaMirror closed this issue

2026-03-07 19:35:35 -06:00

GiteaMirror commented

2026-03-07 19:35:36 -06:00

@jjlin commented on GitHub (Feb 6, 2020):

The upstream Bitwarden (and therefore bitwarden_rs as well) does not currently support "sharing" in the typical sense where the user retains ownership. When a user shares an item, they are actually transferring ownership of that item to an organization. Using collections, there are various ways to restrict access to certain items within an organization.

If your use case can fit into this sharing model, the closest solution is probably to create a CI user that has read-only access to certain collections, and then use the Bitwarden CLI to access those items.

@jjlin commented on GitHub (Feb 6, 2020): The upstream Bitwarden (and therefore bitwarden_rs as well) does not currently support "sharing" in the typical sense where the user retains ownership. When a user shares an item, they are actually transferring ownership of that item to an organization. Using collections, there are various ways to restrict access to certain items within an organization. If your use case can fit into this sharing model, the closest solution is probably to create a CI user that has read-only access to certain collections, and then use the [Bitwarden CLI](https://help.bitwarden.com/article/cli/) to access those items.

GiteaMirror commented

2026-03-07 19:35:36 -06:00

@Roemer commented on GitHub (Feb 9, 2020):

Just figured out how to do the read-only collection acccess. Guess I would go with that. I'll close this as this is probably something that should be discussed in the upstream first.

@Roemer commented on GitHub (Feb 9, 2020): Just figured out how to do the read-only collection acccess. Guess I would go with that. I'll close this as this is probably something that should be discussed in the upstream first.

GiteaMirror referenced this issue

2026-03-07 21:09:55 -06:00

[PR #4242] [MERGED] Improve file limit handling #7034

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#4242