Offline management of (writeable) vault items

app:desktop
app:mobile
app:browser

#22

Increased complexity and work load on user-side. Not everyone has that much time to deal with “merge conflicts”.


#23

The current behavior is loss of data. Which is <<<<<<<<<<<<<<<<< additional complexity.

I can still cause a race condition currently if two users of a collection both try to edit simultaneously.

One of the users loses their data since the winner’s data is uploaded, then downloaded to the loser’s device and overwrites.

The current band-aid for this race-condition is “prevent updates while offline”. Whether it was intended as such is irrelevant.

IMO, I agree with you; if the popup came up with a 3-way merge diff and says “resolve this conflict plz kthxbye” a user will be confused as heck.

But if the popup just said “looks like someone edited something you were editing. So I saved an extra copy just in case.” then the user can look at both… and 99% of any conflicts (which is probably a rarity on its own) would just be “oops, we both changed the password at the same time… which one is it?” try logging in, figure it out, delete the one that doesn’t work.

Or just leave it there. If the diff is not in the password they probably won’t even notice since either one will log them in.


#24

Increased complexity and work load on user-side. Not everyone has that much time to deal with “merge conflicts”.

  1. Even websites can be in a concealed intranet without access to the bitwarden servers.
  2. You need passwords for more than just websites. If you manage servers or client systems it is very well possible that these systems are in an offline zone. If you setup an account there, or change an existing account, you might want to still keep track of that password - so you use a password manager … like bitwarden. If you cannot add or change entries while in these situations, you have to note a password down the old fashioned way to edit it later … doable, but totally unnecessary.

I could simply use KeePass or Enpass or any other PW manager. But we are here to improve Bitwarden to solve all our needs, aren’t we? :wink:


#25

Hi,
I am a using Keepass since a couple of years. I am very interesting to switch to Bitwarden because it does exactly what I want but in a way that I find better than Keepass. It’s what (simplicity and efficiency) would have made me use LastPass if it was open source. But, I often use (edit) my Keepass database in offline situation and believe I’ll still need to do it in the future. That resume why I’m still thinking before moving all my credentials and beginning to use Bitwarden.
Add this possibility to Bitwarden, please.


#26

it will be useful feature! how to create pull request for this feature?


#27

I m agree it s mandatory. I use Keepass on Mobile phone and I usually remove/add/adjust my database offline. I can t use bitwarden without this feature. I m disappointed i will abandon it :’(


#28

It seems like it would be much more user friendly for bitwarden to work completely offline, similar to keepass, with no need for a separate host.
It would be easier to develop as there would be no sending of info over the internet, more secure, and use less resources.
Thanks


#29

Hello Guys, any news on this topic ? I’m new here and I think that is a mandatory feature for me for on-premise environnement if we don’t want to make it available from outside. Does a feature request have been created ?


#30

Same here, it is especially important for folks using the mobile app as one can get spotty reception during commuting for instance. it also seems far from complex to address given the fact that saving conflicting data would be blocked anyway by the site it applies to… as a minimum you can avoid the merging headache completely by rendering the record unique in the DB by tagging it with a timestamp and a dup counter
mysite vs mysite-dup-2-created-on-21/03/2019


#31

no need… just save both entries, the second one being marked as duplicate and a unique incrementing number.


#32

Hi I just want to point out that it is not that uncommon, in my case I have a fairly long commute on a train line with spotty network connection, and I happened to me 4 times over the past 6 months…

In my case, I ended up having to store the password on my keepass client while waiting to cut and paste it back in birwarden when I got back on the network but this is a bit of a showstopper to migrate the rest of my family from RF to bitwarden…


#33

I agree. I would also request the ability to add/edit in offline mode. The conflict resolution doesn’t need to be very complex as long as it is documented properly. Uers should know not to use it if they don’t want to. You could also make it so that you have to turn on “edit” mode to avoid accidental modification.

I travel on the underground a lot with spotty network connectivity and quite a few times have needed to make modification but was unable to because I was offline.


#34

I believe 1P handles this by creating and noting Conflicts… I want to move team to Bitwarden but this gives me pause to not want to tackle this even with its complexity after 2 years. I get it software is about trade offs, but should be high on the list. A few times a year users need to update an account while offline. Have to save it temporarily to ANOTHER PW manager (shakes head) seems absurd. Why is adding a NEW login disabled? No conflicts there…
Combination locks, PINs: there are several secure data types that may need to be saved while offline.


#35

Like others have stated, we don’t want to expose our password manager to the internet which is what had us evaluating Bitwarden as an on-prem solution. Not being able to create new objects while offline is a show-stopper for our needs. Hoping that feature gets added soon.


#36

IMO, this issue should be next up on the docket, since the heart of this issue is that Bitwarden is weak to race conditions that can lose user data.

All you need is two devices using the same account, or two devices sharing a collection and one or more of them has a shoddy 3G connection etc. and you have a considerably high chance of data loss.

Each device should be holding a local and remote state for each item, if local state is changed, it first changes the local state, leaving the remote state in the state of the last time we grabbed state from the server.

If online, after saving local state immediately grab state from server, compare to the remote state stored locally. If the same, then send a lock grabbing command with 3 pieces of data: 1. item UUID, 2. state identifier (counter? fingerprint? etc) and 3. lock timeout.

Server should have a maximum timeout for locks of 1 minute. When the server gets a lock, it checks that the item is the state that the lock request says it is, if so, it prevents any other client from writing to it.

The client gets the lock, then sends the local “local” state. And once it gets a success response, releases the lock, updates the local “remote” state to the state just sent, and deletes the local “local” state.

If the local remote state and the server state are different, you would normally need to merge, instead, create a new item, full copy, with the local local state and add (1) at the end etc.

No need for merging. a user can manually go through and clean up duplicates as they see fit.


#37

Just ran into this where I had I was on a LAN but no internet access and needed to save a new password. The web vault only, no adding locally while offline makes it a PAIN when you come across it and encourages using weak passwords or reusing passwords, or using ANOTHER password keeper in addition to Bitwarden which is absurd.