I’m evaluating Bitwarden and I am curious how often the browser extensions are auto synced?
I added a vault entry on iOS, then checked the Firefox browser extension on a different computer expecting it to show up immediately. 20 minutes later and it still hasn’t shown up in the Firefox extension.
I realize I can manually sync the vault, but most other password managers I’ve tried sync instantly so that’s a usability issue.
Items owned by you in the web vault will always remain in-sync. Items owned by an Organization will sync across users and client applications every 30 minutes.
Other Bitwarden apps (browser extensions, mobile apps, desktop apps, and CLI) will sync automatically on login, and regularly when unlocked. You can also manually sync your vault to pull changes immediately.
My Bitwarden clients on my personal account seem to auto-sync within about 30 seconds or so, and rarely longer than that. If you aren’t seeing auto-sync events after 20 minutes, it sounds like it could be a network issue. I seem to recall that others who have experienced similar issues have tried switching networks and the problem went away. Also, some home wifi networks seem to have trouble routing traffic over IPv6, so that might be something to play with as well. I would experiment a bit to see if it is a network issue, and if not, you might contact Bitwarden support to see if they have any ideas.
Upon further testing, this is only happening with the Firefox extension. The Chrome extension is instantly updated. The Firefox extension seems to take 30-50 minutes to update without manually syncing.
Computer is wired so no wifi involved on that end of it, no IPv6 on the local network either.
This isn’t the end of the world, but it’s one of many unpolished aspects of Bitwarden that make me hesitant to switch over.
Thanks for your help!
Disabling all extensions in Firefox except for Bitwarden did not fix the problem.
I did discover that running Bitwarden in a Private Window allows the extension to update instantly though, which I thought was strange.
My next guess was that I’ve changed some setting on Firefox that is causing the problem. I created a new Firefox profile and only installed Bitwarden. Sure enough, it still won’t sync instantly/automatically.
Any ideas why it seems to work in a Private Window?
@ados I can confirm that I have the same problem with Firefox and self-hosted bitwarden. Nevertheless, even if it’s self hosted, it’s a plugin issue not to auto sync properly, because manual sync works just fine, no errors, no network problem.
To bring some light on it: I found an issue on github Password change not captured · Issue #5063 · bitwarden/clients · GitHub
One of the developers said that websockets are used to autosync, and I think this might be the case for me, because I use reverse proxy on my machine and I’m not sure if it support correct websockets proxy. If I succeed with setting up a websocket capable reverse proxy and the issue persists, I’ll post and update.
Still would be great to have some settings in browser extension.
@GRbit The problem you’ve described is not the app but the configuration you have with your reverse proxy. The instant sync function is done through web socket which operates on a different port, my assumption is you have not configured this correctly. As an overly cautious network engineer I run self-hosted as well and my instant sync works no issue, except for mobile which requires push support not available for self-hosted.
What would be excellent is the settings to have the mobile app sync by interval. With the option to also have it sync on autofill. There are a lot of cases where I’ve recently updated a password and go to login on my phone with it finding no password or an out of date one. I then have to open the app and force a sync. I get that self-hosted will not support push notifications because it costs money but the alternative work arounds should be implemented.
As you said, it indeed would be excellent to have settings for mobile app to sync by interval. In my opinion, option to set sync interval for browser extension would be great as well.
It’s important when adding new features (like websocket sync) to not remove existing ones. Totally agree with your point on alternative work arounds.
@ados Thanks for that explainer. We are self hosted as well. What exactly is the behavior expected of auto-sync? Say: User A across the world logs into a self-hosted web vault (bitwarden.example.com) and updates a password in a shared vault.
I’m logged into my own account in that same self hosted shared vault, using the chrome extension. Will the entry be updated as soon as I click the extension icon and view the item?
We’d love to be able to determine as well if our self-hosted port/websockets are “not configured correctly” as you put it.
I’m not an expert but maybe I can provide a reasonable explanation.
WebSocket is a protocol that facilitates a constant connection between multiple clients and a server.
It’s low overhead and allows a client device to have more than 1 connection to the server.
If you have ever opened a new tab on a website only to have the old tab not work anymore, that is part due to no WebSocket support.
Bitwarden needs this to sync, without it your waiting the time or forcing a manual sync.
The WebSocket sync speed is dependent on your server, clients and the security iterations set.
I tested my sync speed and its 1 -2 seconds from the browser plugin.
This is without unlocking the app or searching, update in one app and instantly changes to the other.
So yes, providing it’s setup, by the time you view the password it would have synced.
As for the configuration, that is tricky without knowing your setup.
For self hosted you should be running a proxy server i.e. NGINX, Traefik etc.
This protects you from opening more ports than you need to and provide a level of filtering plus SSL.
This should also be in addition to firewalls etc.
Assuming your setup is that of above, you need to have your proxy pointing to both ports of Birwarden.
There is the standard web port and WebSocket port, I think 3012, and enable WebSocket for your server.
So its external URL → proxy → Bitwarden (both ports)
Note, the WebSocket proxy address is required to redirect to the port, for NGINX its /notifications/hub
This means https://bitwarden.example.com goes to the web port as normal.
However, https://bitwarden.example.com/notifications/hub goes to the WebSocket port for server.
The apps are coded to use that sub path address.
For NGINX you generally need the following additions in the config for WebSocket address above:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
The last one is key, without it your server won’t know the originating IP, all will be that of your proxy’s IP.
There is no configuration change needed for the apps or web.
You should now have “instant sync” for all but mobile devices.
@ados Because websockets use a different technology stack. When you use self-hosted server this can be a problem, they require an extra port to work, sometimes it can be difficult to configure your router to work this way, sometimes you just don’t want to do it (after all, it’s your home open to the internet, not a very secure thing to do). More than that, not all reverse proxies can handle websockets as good as a normal http/https connection, which also causes some problems.
Websosckets is a new modern solution which is generally better. But not in all situations, sometimes it’s better and easier to use http. And since http-sync still exists (you can manually click the “Sync” button in any application), I will insist that “syncing every X minutes” is a necessary feature for bitwarden applications, and that it will help many users to use it.
As a software developer, I am always concerned about backward compatibility and support for older standards/versions that have been implemented before. To make your software the best of the best, you have to take care of that. For me personally, this feature would be very important, and I believe that it will only make things better.
Wow, thank you @ados! “I’m not an expert” proceeds to give 500 words of highly detailed explanation haha
But seriously that’s very helpful to know the expected function of the sync process because right now we are not getting that at all. I will pass this along to our IT department. Thanks!
I definitely support your desire to have automatic sync intervals, the more features the better.
FYI you don’t need to open additional ports, that’s what your proxy is for.
The proxy can redirect traffic from a path to a port so additional ports don’t need to be opened.
This happens on in internal level, so multiple open internal ports but less external.
Nothing is hack free but the bigger fish will always be a target for attacks because the reward is so big.
Running your own hosted service does give you a level of anonymity and control.
I will not disclose the security I use, but firewalls, IPS and more can help you lockdown your system.
Also the same for not having mobile push notifications for automatic sync.
Self-hosted Bitwarden has no issue with this, Vaultwarden on the other hand does not support this and so you would need to perform a manual sync on demand or wait for a standard sync interval.
