@grb Thanks
I do not think that’s relevant
–
I don’t think you understood the sentence, even though it is written in proper English.
I stated that many accounts from various password managers (note the plural here) have been impacted; this does not mean that Bitwarden is included.
You are the one drawing incorrect conclusions. I am responsible for what I write, not for what you understand.
In any case, to avoid misunderstandings, I have clarified this sentence further in the README.
Then you should have read the source code instead of complaining here, because every step is clearly explained and commented. Secrets are saved inside Windows Credentials Manager, not as environment variables.
Is that safe? Absolutely yes.
Protection through the operating system:
Credentials stored in the Windows Credentials Manager are encrypted using the Windows Data Protection API (DPAPI). This means that only the user who saved the credentials can access them, and only from their own Windows account.
Restricted access:
Only applications with the correct permissions can access the Credentials Manager. This reduces the risk of unauthorized access.
Native integration:
As a tool integrated into the operating system, it benefits from Microsoft’s security updates and pre-implemented controls.
Finally, even if someone or something were to compromise the account, the exported files are encrypted at rest — including within the Credentials Manager.
Again, go read the README, because it clearly specifies that these are personal vaults (point number 3: obtain the personal API credentials from Bitwarden).
Anyway, this relentless criticism of a simple and straightforward utility, whose sole purpose is to assist those who lack the technical skills and/or time to find an automated vault backup solution, is inexplicable.
Now I understand why the open-source world is in decline and contributors are becoming fewer and fewer. You take away the motivation and joy of collaborating within the open-source community.
And it doesn’t even seem respectful towards someone who has spent time and resources creating it (in this case, me, since you were so eager to clarify).
We all have jobs and commitments, and I certainly didn’t enjoy spending hours of my valuable time only to hear complaints from someone who didn’t even bother to understand how it works technically.
Therefore, this will be my last response on this topic. I remain open to constructive discussions for those interested, within GitHub. Have a great day, everyone.