Apologies if this has been asked, but right to my issue:
I need to setup a private CA for SSL/TLS client/server authentication purposes. This is NOT for self-hosting BitWarden (we have an Enterprise account) but for other purposes. This distinction confounds any searches I have attempted on the subject, since the similar key words always end up on self hosting articles.
I have done this in the past using openssl the “hard” way so I am familiar with the process of setting up a CA and issuing certs, but I am by no means an expert. I am looking for something “easier”, since I need less fluent “Help Desk” personnel to be able to maintain the CA and issue new certs without having to constantly ask me how it all works.
I have found various front end GUI apps that can accomplish this goal, but the question in the back of mind is: Where should the private keys be stored? I need them to be secure enough that bad actors can’t get their hands on them EVER, even if some junior does something dumb, but easy enough to get at that I don’t have to put on a training seminar on how it all works.
This is where the idea of doing this though BitWarden came to me. I was wondering if there are any products out there already doing this that could save me from having to build something myself. Or for lack of such a project, maybe it is something I could take up as OSS? Is there a big need for this? Or am I barking up the wrong tree and this is a terrible idea?
I appreciate any thoughts or comments on this. Thank you in advance for your time.
This is something I have briefly looked into but we have yet to scale to the need for such products.
I believe the solution you may be looking for specifically is termed “secrets management” in the industry if I am correct.
I believe there are some password management solutions that are branching into this field. There are other dedicated services as well, one I personally saw was recommended was Hashicorp Vault.
You could go through to manually save these as item attachments or notes in Bitwarden, or even script this possibly.
But as far as a dedicated service goes, ideally one would be able to easily and within a single pane of glass administer items.
Most password managers are just that, a good password manager. Though as mentioned some are evolving and branching into new relevant fields, I hope with Bitwarden’s growth they too will be able to integrate and come up with a similar solution to provide even more enterprise functionality.
Understood. We are a tiny Microsoft .Net ERP shop, so we use Azure Key Vault for secrets management on the back-end. I feel kind of silly for not connecting that as a similar issue/solution as this, but it all makes a lot more sense now. Seems like this is an out-of-scope problem for BitWarden to solve.
Thank you for the thoughtful reply. It really helped. Cheers!
Glad to hear it!
Azure key vault is something I’ve looked into as well as we have a few hosted services and this would absolutely work for what you are looking for I believe.
Not an issue at all, and glad to help. As said I know it’s something some have branched into so hopefully something Bitwarden may explore in the future to integrate with some services.
Until then business as usual