Offline management of (writeable) vault items

app:desktop
app:mobile
app:browser

#1

When I tried to edit an entry in the desktop app without active internet connection, the app shows “An error has occurred: Failed to fetch”.

So, it would be nice if desktop app allows for offline edition (make changes to the entries). These changes can later be synced once there is an active connection.

This feature might not be central to browser addon or web-vault. But, I think the desktop app should have this option. Not sure whether this feature should be implemented in the mobile app too.

In any case, this feature request can be evaluated depending on the security concern for allowing offline editions - both technology wise and use-case wise.


Make Changes (and Sync Them) when Disconnected
Auto-logout after X minutes
Offline syncing of attachments
Blocked IP
#2

I understand the request, but I just wanted to make a note for other readers of this topic: Bitwarden will still function in read-only mode while offline so you can still access all of your data. You just cannot add/edit/delete any data while offline currently. Just don’t log out of the app (which you shouldn’t ever really need to do) and you’ll never lose access to them.


Save changes to vault while offline
New user: tons of questions
#4

No, that is the point of this request.


#5

New user trying BitWarden. If I have no internet connection on my laptop, I can’t login? I’m hesitant to convert from KeePass even though I like BitWarden interface and Firefox add-on more. Offline access is important if I’m in public area with no wifi.


#6

@Big_Guy Logging in requires an internet connection. You should only need to log in once. Subsequent access unlocks the app, rather than logging in. This works offline.


#7

I’m moving from 1password to bitwarden.

I do IT Management and I selected BitWarden for the possibility to host myself the vault.
For security my server is in a private network, but in this way when I go to my clients I cannot save new items in the vault.

Bring public my server compromise my sense of security and wouldn’t be the solutions, cause sometimes I configure network hardware (Firewall, Switches and Ap ) in an offline environment (cause usually connectivity from provider is not up yet) so with 1 password I was able to save all the new hardware logins in offline mode to.

I’s really important to me to be able to manage vault in offline mode.
Thanks


#8

Maybe this would be easier to implement if you could “freeze” an item for a certain period of time (fixed or user-customizable), during which you could only edit it from the device you locked it from, but you could edit offline?

That would minimize the problem of modification by multiple sources (yes, it would still exist, but there’s no way around it with offline editing).


#9

I don’t want to make simple what is really complex, but I think that to achieve offline modification is mandatory to add to bitwarden the ability to resolve conflicts between items. No?


#10

Yes, which can be very complex. This is why this feature doesn’t exist today.


#11

It can be very complicated, but need not be. For example, I think Bitwarden would be fine with a conflict resolution algorithm of “just leave two copies”. E.g, if offline host A and online or offline host B both modify the same field of Site1, then just leave the vault with Site1-A and Site1-B. I think it’d even be fine with both modify any field of Site1.


#12

@derobert That would be confusing enough that as a user I would want that feature to be opt-in. I also think Bitwarden should give a notification before doing that, perhaps with four options: 1) Use A’s version, 2) use B’s version, 3) show the user a side-by-side comparison and then let them make a choice, or 4) combine the way you describe and let the user handle it.


#13

That’s a lot more complexity for an event that almost never happens.

At least from personal experience, modifying an item in a password vault is a rare occurrence; at most a few times per year. That of course doesn’t create a conflict, even if done offline. It’s only a conflict if you modify it from two devices at once — which seems like it’d be a very infrequent, if ever, occurrence. (And really merging isn’t possible: the remote site is only going to take A or B, only one username/password is correct.)

Freeform secure notes may different, though, depending on what you use them for. If that’s the use case you’re thinking of — yeah, I agree, those would be a mess.


#14

I just feel like the application shouldn’t automatically create and rename items in the user’s vault without first telling the user and giving them a few options to resolve the problem. You’re right about merging being impossible, but I think that’s all the more reason the user should have a say in what happens.

Yes, resolving multiple modifications is infrequent, but somebody is going to do it. People have almost unrealistic expectations when it comes to applications’ ability to handle bad or confusing input. The application should have a fairly user-friendly mechanism for resolving conflicts.


#15

Since you imply that you may have connectivity when visiting your clients, what about to use a VPN as a workaround until this much needed feature is implemented?

Not being able to create an item when offline is certainly nuts =)


#16

I am just beginning to research using BitWarden to move away from my current password manager “mSecure” one of the features I absolutely must have is an OFFLINE capability to not only view but, to also edit, add, delete existing records. The way I have mSecure setup is it uses the DropBox service so the local copy gets updated and then based on date/time field it updates the record across all devices depending on whichever has the most recent version.

I am an Emergency Manager that means I use systems that must be disconnected from the Internet “at great frequency” many of these system require password changes every 30 days to ensure security for sensitive systems. For example, I have one system that requires the use of a Token Encrypted VPN connection that does not allow access to anything except this one system. I have to put in a very complex 24 character password and it has to be changed in this system as well. I usually end up copying the passwords to a notepad file then updating records later. It would be great to do it within your software.

Additional systems include use of passwords on off-network systems at remote sites that are never connected to the Internet. Yet, for security reasons I still have to change passwords every 90 days and it is so bad on one system that it can not use any characters from the last 10 passwords. Do you know how hard that can be?

So basically, all this to say I need OFFLINE with full Read/Write permissions.


#17

TBH:

  1. download/decrypt remote item “item”
  2. diff local
  3. if different, rename local as item_1, keep both remote and local copies, popup to user saying “you figure it out”

This covers any and all data loss scenario. And the only people annoyed are the rare cases where organizations modify the same item constantly


#18

actually, a little more complicated…

if a change is made offline, two things need to be saved locally until a sync can occur.

  1. The original state last synced from server.
  2. The current local state.

when checking the diff I mentioned, it must be checked against the local copy of the original state last synced from server.

so perhaps each local item can have two objects. remote and local.

during normal online use, sync is instant, so remote is used. if local is empty, use remote. if offline, make a change and save to local. when back online, perform a compare of the remote storage on the device. if same. overwrite remote with local, delete local, sync normally.

if differ, break of local in separate new item.

then sync both items separately.

seems doable and simple.


#19

We are planing to host DB internally without exposing it to outside world. Without sync feature it will be painful and useless for those who travel a lot.


#20

%E7%AF%84%E5%9B%B2%E3%82%92%E9%81%B8%E6%8A%9E_001

Some ideas I shared on gitter.


Guarantee against data loss by preventing race condition on save
#21

Why so? Bitwarden is mainly a password manager. Do you try to create account for websites while you are offline? How does that work?