Are there are other MSPs that resell/include Bitwarden for clients? If you do, how are you handling the issue discussed in this thread (MSP has access to all customer passwords)?
Hey @MiradorIT the team is working on this one, thanks for your patience!
I understand your concern MiradorIT. How we come about it is I show the clients where the immutable audit log is and show them how to search it if they want to. I also explain what Immutable means =P. This coupled with a restricted group of employees with access to get into client vaults has made it an acceptable functionality for my client base. We have contractual agreements with clients showing our privacy and NDA policies etc. I haven’t had a client bring it up as a concern to a point where we couldn’t confidently assure them that 1) we won’t read the passwords and 2) it would be in the log if we ever touched any of them.
From a CyberSec perspective, the issue needs to be 100% solved, but for now, our Band-Aid works and keeps clients happy. As an MSP, we already have access to almost everything in the client’s business anyways =P.