You put the IP in.
I don’t understand what your problem is.
If I use the same username and password for xxx.com, yyy.net, 123.255.122.55:5632, and lol.gov
If I reuse it because of AD. Then I can call the item “AD logins” and it will auto-fill on all 4 sites.
Why should I call it Jira when the actual thing I am logging into is AD. Which then let’s me into Jira.
I agree with Saul,
In enterprise environment, we also use password manager as bookmark manager, ideal when there is new joiner in the team.
Also It would be usefull to use personal stored credential for shared item. In my case we have more than 600 URL to manage, in one entry it will be a mess.
As I was typing out my question for my challenge I am encountering this thread came up as a possible match. I believe I have the same challenge as the OP.
Since there seems to be confusion on the replies let me try to state this a slightly different way:
I am wondering if there is a way to ‘en-mass’ change all passwords in a domain, for all of the sub domains that I have an entry for?
I ask because I have approximately 20 entries for a particular subdomain (enterprise) and when I change the password for the main domain, I would like there to be a way to automatically update the passwords in all of the sub domains entries that I have instead of me having to manually update each individual entry one at a time.
As an example: if my domain that I have entries for is abcd dot com and I change the password for that, then all of the sub domain passwords would need to be changed as well like www.abcd dot com/123, www.abcd dot com/124, etc
Is there a setting in bitwarden that already does this? If not i would like to see this as a feature
Thank you
I would like to jump in here and throw my agreement for the suggestion from @VMX
This has popped up in other places on these forums.
In my case, it’s connected to my post-secondary login. Almost every utility with a dedicated login is passed through to the institute-hosted Azure ActiveDirectory for SSO with the form jdoe@domain.tld - this is what I have saved in the Vault. However, there is a single hosted application that requires the format jdoe - i.e. strip the domain portion from the login.
This account is still synchronised to the AAD, so it is not a separate entry and will be updated if I change the account password. I don’t want to record it as a separate entry, and get a) warnings about password re-use and b) have it fall out of sync every time I change my password.
I have used a custom field but the “Copy Custom Field Name” function detects the field name from the web page as 'Account' which is … not very unique. Autofill gets confused on other applications in the same domain where the field has the same name but expects the default jdoe@domain.tld username.
This issue could be resolved by either:
This would be the easiest to implement technically as it requires a change to the autofill function but not the vaultThis would be the most user-friendly and more complete solution, but technically more challenging/expensive as it would require a re-work of the Vault.With guest accounts in several Azure ADs that all have a different TOTP this is becoming a pain to manage. The password stays the same but the TOTP code is different for every tenant…
I was going to request, what I think, is this same feature. OP is a little more vague, and the feature request guide says to be specific. I also see that several people have created feature requests that have been merged into this one. This was going to be my feature request:
Request
Ability to link values to another items value, so the value would almost act as a variable
What would this look like?
When setting the value for custom fields, or perhaps even a new item type of “Linked Item” you could select another items value. You cannot change the value from this link. Selecting the value would instead link you to the referenced item where you could change it there. The value does not even have to show the actual value, but can simply be a link to where it will pull the value from. In an organization, the user would have to have access to both items to see/use the value.
Why do we need this?
This helps keep it DRY (don’t repeat yourself). This can be used in any number of circumstances where users may need to change two or more values to the same thing, but they would have to change each one individually.
Examples
I have a school account where blackboard uses the portion without the @school.edu portion of the email, but the password is linked to the email account. I have two login items, one for the email and one for blackboard, but the passwords are always the same. If I change the password, I need to change it in both places for it to be correct. If this were implemented, I would instead link the blackboard password to my school email password where I would now only need to change it once.
In an organization, if you wanted to utilize Bitwarden for secure notes, you could include what key accesses what rooms. I may want to have a list of rooms, and what key is used to get into that room. I would also like to include what key ring number that key can be found on. If key #10 gets into five different rooms, I could have a listing for each room that says key #10 is on “Key Set 2”. Let’s say we re-organize, now key #10 is moved to “Key Set 3” I now have to go to all five listings to remember to change them. Instead, I could have a separate item that has the information about the key #10, and on each room that uses that key, I would have a custom field that links to that item created for key #10. Clicking that link would bring you to that item. Now that we are able to link to items, I could include a link to that item in the note or custom field, but it is not a clickable hyperlink. The user would have to copy and paste it into their browser, and especially on mobile phone is rather impractical.
This feature request has had similar iterations, but I think this solution would be wide reaching.
I would like to share my current workaround for this.
I’ve set up my user/passwork using ‘user@domain.com’, using multiple URI, and created custom field on the bitwarden entry with the FieldName, and set it to fill with just ‘user’.
It has been working great for me, even tho its a bit flaky as if any of the websited I used shared the same FieldName, it woulden work.
I don’t get it. Could you please explain this method in more detail?
Need this feature also, like others related to work domain account. Password is shared between all sites, but account username is written differently. Additionally multiple sites have their own 2FA, so having them as one entry with multiple sites will get messy fast also. Cherry on top is that the password needs to be changed once a month so keeping everything up to date currently is huge pain.
This would be an extremely useful feature for us as well.
Voted +1.
I would also like to add my vote to this, especially regarding the aforementioned use case for Active Directory credentials and other services where the username can be written in different ways depending on the context.
Just wanted to share my work-around to automate syncing passwords between multiple entries, until its added.
It works by creating a Custom field with the name “Sync_Field_Password”, then in the value, place the id or unique name of the record to get the password from. When you run the script, it will automatically copy the passwords. This one is powershell as uses the cli client, but easy enough to port to bash or whatever.
#########################################################################
#
# Sync passwords between entries
#
# Get a list of entries that had a linked field in Keepass
# bw list items | ConvertFrom-Json | Where-Object { $_.login?.password?.StartsWith("{REF:") } | Select-Object -Property name,login
param(
[Switch]$DryRun, # Only print the actions, don't actually perform
[Switch]$Extra, # Extra verbose output
[Parameter(Mandatory=$true)][String]$ClientId = "", # Personal Token for API access
[Parameter(Mandatory=$true)][String]$ClientSecret = "",
[Parameter(Mandatory=$true)][String]$MasterPassword = ""
)
# Name of the field, which will contain the entry ID/Name to copy the password from
$fieldNameForPasswordSync = "Sync_Field_Password"
# Authenticate
$env:BW_CLIENTID = $ClientId
$env:BW_CLIENTSECRET = $ClientSecret
bw login --apikey
Write-Host " Logged in to Bitwarden"
$env:BW_CLIENTID = ""
$env:BW_CLIENTSECRET = ""
$env:BW_PASSWORD = $MasterPassword
$session = bw unlock --passwordenv BW_PASSWORD --raw
$env:BW_PASSWORD = ""
# Ensure we are in sync
bw sync --session $session
# Get all the entries with the password sync custom field
$entriesToSyncPassword = bw list items --session $session | ConvertFrom-Json | Where-Object { $_.fields.name -eq $fieldNameForPasswordSync }
if( $Extra -eq $true )
{
Write-Host "Entries to sync: " $entriesToSyncPassword
}
$entriesToSyncPassword | ForEach-Object {
$entryToSyncTo = $_
# Get all the entries that have a custom field defined with the name of the field to sync
$entryToSyncFromId = ($entryToSyncTo.fields | Where-Object { $_.name -eq $fieldNameForPasswordSync }).value
Write-Host "Syncing password for entry: " $entryToSyncTo.name " copying password from: " $entryToSyncFromId
if( $Extra -eq $true )
{
Write-Host "Entry to get password from: "
$entryToSyncFrom
}
# Geth the source password
$entryToSyncFrom = bw get item --session $session $entryToSyncFromId | ConvertFrom-Json
$entryToSyncFromPassword = $entryToSyncFrom.login.password
# Update the password in the destination
$entryToSyncTo.login.password = $entryToSyncFromPassword
if( $Extra -eq $true )
{
Write-Host "Setting password in: "
$entryToSyncTo
}
# Set the password in the item
if( $DryRun -eq $false )
{
$responseObject = $entryToSyncTo | ConvertTo-Json -Depth 99 | bw encode | bw edit item --session $session $entryToSyncTo.id
Write-Host " Password updated in " $entryToSyncTo.name
}
else
{ Write-Host "Would have updated password in " $entryToSyncTo.name
}
}
bw lock
Write-Host " Locked Bitwarden"
No guarantees, but hope its a helpful reference for others.
Thanks @bitflipper11 for the script. I ported it to bash if you don’t mind:
#!/bin/sh -e
#########################################################################
#
# Sync passwords between entries
# Original scrypt by @bitflipper11
#
# Get a list of entries that had a linked field in Keepass
# bw list items | jq '.[] | select(.login.password) | select(.login.password | startswith("{REF:")) | .name'
# Name of the field, which will contain the entry ID/Name to copy the password from
field_name="Sync_Field_Password"
# Set to 0 to do a dry run
perform=1
# Personal information
client_id="CHANGEME"
client_secret="CHANGEME"
master_password="CHANGEME"
# Login and unlock
export BW_CLIENTID="$client_id"
export BW_CLIENTSECRET="$client_secret"
bw login --apikey || true
echo ">> Logged in to Bitwarden"
export BW_CLIENTID=""
export BW_CLIENTSECRET=""
export BW_PASSWORD="$master_password"
session=$(bw unlock --passwordenv BW_PASSWORD --raw)
export BW_PASSWORD=""
# Ensure we are in sync
bw sync --session $session
# Get all the entries with the password sync custom field
bw list items --session $session | jq -c ".[] | select(.fields) | select(.fields[].name==\"$field_name\")" | while read -r dest
do
dest_id=$(echo "$dest" | jq -r '.id')
dest_name=$(echo "$dest" | jq -r '.name')
source_id=$(echo "$dest" | jq -r ".fields[] | select(.name==\"$field_name\") | .value")
echo ">> Syncing password for entry: $dest_name - copying password from: $source_id"
source_password=$(bw get item --session $session $source_id | jq -r '.login.password')
new_entry=$(echo "$dest" | jq ".login.password=\"$source_password\"")
if [[ $perform == "1" ]]; then
echo "$new_entry" | bw encode | bw edit item --quiet --session $session $dest_id
echo ">> Password updated in $dest_name"
else
echo ">> Would change $dest_name"
fi
done
bw lock
echo ">> Locked Bitwarden"
Please we really need this feature. It’s something I really need coming from KeePass as we use AD logins in my workplace, therefore using the same password to log into several different websites. I really hope you consider it.
I agree this feature is much needed, this gets painful when companies force you to change your synchronized password regularly, since many items needs to be updated every time.
The custom field name workaround doesn’t really work since many usernames field are just called “username”.
Please add the ability to append custom strings to autofill options.
I would like the ability to specify custom prepended or appended strings to autofill options on a per-hostname basis. For instance many of my logins are controlled by an IDP. Some services require username@domain.tld as the username, some require DOMAIN\username, and others require just the username. All are the same account and use the same password, so having multiple records in Bitwarden adds lots of complexity. This would be an advanced feature kinda like the regex option for autofill.
@atayloror Welcome to the forum! I moved your post into an existing feature request that matches what you’re asking for.
What will this feature do differently?
This will allow Bitwarders to declare variables somewhere and reference that variable using a special syntax, i.e. moustache/handlebars: {{my_variable}}; or dollar/bash syntax: $my_var (or something else).
What benefits will this feature bring?
This will allow users to update a single important variable which is shared by many logins or even across many forms. My name and address don’t change too often, so when creating a new form, for example, it would be great to be able to specify {{first}} and {{last} or even {{sydney_address}} and {{berlin_address}} (these are weak examples but they get the point accross, email vars is really where it’s at).
Remember to add a tag for each client application that will be affected
Okay.
Bitwarders could potentially add the variable as a new, special type of entry to their Vault:
It would require 3 attributes:
name: the displayed/user chosen name of the variable, i.e. “Work Email”
reference: how the variable is referenced, i.e. {{work_em}}
value: the value that the variable holds, i.e. work@workemail.com
Are there any references to this feature or function on other platforms that may be helpful?
Not that I found
is this similar to Field References (Ability to set different usernames for different websites using the same password) ?
@straef Yes.
@GrayedFox I have moved your post into this existing feature request, on the same topic.
Linked passwords/masked entries
Share a password between two entries, like a symbolic link. Or override values of an entry in a child entry.
I work for a very large company that has many systems behind an AD login. I have a username, foo and a password fooPassword.
Two years ago this company merged with an even larger corporation. Our systems were merged with theirs along with the AD. Now I have a new username bar and still the password fooPassword. However, some services have retained the old username, foo. For every service using bar I have a Bitwarden entry with bar and fooPassword and for every legacy service using foo I have another entry with foo and fooPassword.
When I have to update my password every 90 days I must update it on both entries. I think it would be nice if I could have some kind of linked password for my foo entry to the new bar entry, or maybe it could be a whole “mask” feature where you can create a “mask” entry and override values of the children like OOP inheritance.
I realize the reward/effort is probably negative and I should just shut up and update my entries every 90 days but I’m very happy with Bitwarden, this is just one of the few instances of friction I’ve dealt with.
Thank you for making Bitwarden.
