BW CLI serve command support for Unix Sockets

Feature name

  • Support for Unix Sockets for the serve command

Feature function

  • Serve the vault on a Unix Socket instead of localhost, which makes the content of the vault only accessible to the computer running the instance
  • Increases the security by preventing other devices on the local network from being able to make requests to the BW Serve API
  • For context, I am working on an alternative GUI for BW on Linux, and it was suggested to me that I use Unix Sockets instead of an HTTP server on localhost that is accessible from any device on that network.
  • Could be a --unix-socket flag

Related topics + references

I’ve also detailed the security implications and some workarounds in this GitHub issue: BW CLI REST API open to all users on host (or worse) once unlocked · Issue #3932 · bitwarden/clients · GitHub

1 Like