Ability to set a policy for the options available to users of Bitwarden Send.
Our current written policy is:
Bitwarden Send has a few options which you should set to ensure safe transfer
• You must always set expiry and deletion setting, these can be no more than 1 week.
• You must set the access count to 1 to ensure only the intended recipient can view the secret
• You must add a password and provide that password to the recipient via a separate communication channel (e.g. send the Send link over email, password over slack/text message)
We’d like the ability to enforce these at an organisational level so that users don’t run the risk of either not knowing the policy or forgetting to set one of the options.
Currently when sharing an item using the Send functionality, the default is not to password protect it and to have it live for 7 days before deletion. These options are also not immediately visible to the user as the “Options” buttons needs clicking to bring them into view so the defaults are less likely to be changed.
For organisations that require different defaults it would be useful if an admin option existed that enforced that:
For the Bitwarden Send feature for Organizations, more security controls are required. Currently, if you enable the Send option, you have to allow text (password) and files. This has created a security hole for us where any files can be shared out, without security controls, to anyone. That Link can be passed on to anyone who can access that same shared file undetected.
Provide availability to disable sharing of files (without disabling sharing of text)
For file sharing option, that event should be logged