Protect groups/items with a second password

Hello! I’m new to the forums but I’ve been using Bitwarden for quite some time now, self-hosted and currently on bitwarden.com. I’m a super happy user! :heart:

Recently I’ve been dealing with some very sensitive data and I need a very secure place to store private keys for ssh and crypto. Currently I have a couple groups with secure notes in them and I can happily put things there, but I don’t feel its as safe as it should be.

When I unlock my Bitwarden, all my items are decrypted and probably available in the memory. However, these sensitive items in these groups don’t need to be decrypted and I’d rather manually type in a second password to access them. When I’m done, I want to immediately clean up my computers memory for that data.

These OpenSSL commands let you encrypt and decrypt strings as base64 with the same algorithms as Bitwarden does (i think, ref: Encryption | Bitwarden Help & Support):

echo -n "Bitwarden is awesome!" | openssl enc -e -aes-256-cbc -pbkdf2 -iter 100001 -a
# password: test
echo "U2FsdGVkX1/XP3td8nLWj/k5Slo2bLAaQhRar7JeKbOcQ8Bv4gFL+kpVQmJrHHI2" | openssl base64 -d | openssl enc -d -aes-256-cbc -pbkdf2 -iter 100001

Maybe I’m just super paranoid but this second layer of security for extremely sensitive data gives me a good feeling that my data is safe.

I need this urgently so I’m probably going to create a Chrome extension that does this for me with the OpenSSL commands above and store the base64 string in a secure note. I’ll post more down below when I’m a step further.

Thank you,
Maki

2 posts were merged into an existing topic: Require master password “re-prompt” for some items