Following up on my original post, I have to say that although the vault management api is what I was looking for, going through the cli adds complexity that seems unwarranted.
It means having to spin up another machine or container in production (I don’t plan to run this only on my dev machine) and, more importantly, securing it. By going this route, another vector is exposed and there is little to no documentation on how to keep it safe.
I did see someone mention setting up firewall rules, an ip whitelist, and ssl, as well as the addition of the hostname argument, but that just demonstrates the lack of documentation and the level of potential vulnerability.
There are a number of solutions that I think Bitwarden should take to resolve this:
- Create a properly configured, hardened docker image.
- Provide much more guidance on the docs on what needs to be done to properly secure any machine running
bw serve. - Provide the functionality and docs needed to properly encrypt and decrypt secrets using the public api, without having to go through the server.
If you think about it, by using the cli to serve the vault management api, Bitwarden is basically putting the onus of securing the endpoints on the customer. I’m basically going to spin up a server that’s almost guaranteed to be less secure than Bitwarden’s would be.