Enable Organization-Owned SSH Keys in SSH Agent

Feature Requests Password Manager
, ,
1

Feature Request: Enable Organization-Owned SSH Keys in SSH Agent

Background: Currently, Bitwarden does not support the use of organization-owned SSH keys in the SSH Agent. The official response from Bitwarden states:

“Organization owned SSH keys are not able to be used in the SSH Agent. Individual organization users may create and store SSH keys in their individual vault for authentication. Sharing SSH credentials is not a recommended practice.”

However, this limitation creates inconsistencies and challenges for organizations that need to manage and share SSH keys securely.

Problem Statement: While Bitwarden allows sharing of regular logins and other credentials within an organization, it does not extend the same functionality to SSH keys. This discrepancy raises the question: Why is it recommended to share regular logins but not SSH keys within an organization?

Use Case: Many organizations require secure and centralized management of SSH keys for various purposes, such as:

  1. Automated Deployments: Teams need to access servers for deploying applications.
  2. Shared Development Environments: Multiple developers may need access to the same development servers.
  3. Infrastructure Management: Operations teams need to manage and access various infrastructure components securely.

Feature Request: We request that Bitwarden enhance its functionality to allow organization-owned SSH keys to be used in the SSH Agent. This would provide the following benefits:

  1. Consistent Security Practices: Align the security practices for SSH keys with those for other credentials, ensuring consistent and secure management.
  2. Centralized Management: Enable administrators to manage SSH keys centrally, reducing the risk of unauthorized access and improving compliance.
  3. Enhanced Collaboration: Facilitate secure sharing of SSH keys among team members, enhancing collaboration without compromising security.

Proposed Solution:

  1. Enable Organization-Owned SSH Keys in SSH Agent: Allow organization-owned SSH keys to be added to the SSH Agent, similar to individual SSH keys.
  2. Access Control: Implement granular access controls to ensure that only authorized users can use the organization-owned SSH keys.
  3. Audit Logs: Provide detailed audit logs for the use of organization-owned SSH keys to monitor and track access.

Conclusion: By enabling the use of organization-owned SSH keys in the SSH Agent, Bitwarden can provide a more comprehensive and secure solution for managing SSH credentials within organizations. This feature would address a critical gap in the current functionality and align with the best practices for secure credential management.

Thank you for considering this feature request.

2

I must be missing something, but I just created a ssh key pair, added it to a collection in our organization vault, and then used it to authenticate to my own machine (a linux container in a chromebook):

Screenshot 2025-03-27 16.51.18
Screenshot 2025-03-27 16.51.181920×1029 150 KB

Other than that, I fully agree with bitwarden support response to you: ssh private keys should be personal and not shared.

In fact, many people go even further and state that they not only should be personal, but that every device you use to connect via ssh should have its own one.

3

Just for the record - that seems to be the corresponding text of the Help Sites:

2025-03-27--17-42-25-vivaldi_JaS3taJuhr
2025-03-27--17-42-25-vivaldi_JaS3taJuhr902×166 17.1 KB

(Organization SSH keys | Bitwarden)

4

I didn’t know that (thanks, btw). Then there must be a bug:

  • either in the desktop client (version 2025.2.1)
  • or in the documentation in the help sites
5

Is this work..!!!

6

I couldn’t agree more with this request. We’re facing the same challenges in our organization, and the lack of support for organization-owned SSH keys in the SSH Agent feels like an inconsistency in Bitwarden’s otherwise excellent credential management.

While I understand the security concerns around shared SSH keys, the reality is that teams often need controlled access to infrastructure without resorting to insecure workarounds. Right now, we’re forced to either manually distribute keys (which is far from ideal) or rely on individual vaults, which creates fragmentation and management overhead.

Having this feature would greatly improve operational security and efficiency. Hope to see this considered!

7

Hi everyone,

I wanted to follow up on this thread to see if there have been any updates or progress regarding the ability to enable organization-owned SSH keys in the SSH agent. Has anyone managed to get this working, and if so, could you share how you did it?

Additionally, I’m curious if there has been any interest or plans from the Bitwarden team to revisit this topic and provide a more streamlined solution?

Any insights or updates would be greatly appreciated!

Thanks, Volker.