Vault Item Sharing

Sharing secrets with a single user would be nice to have. Right now the only way to do it (that i know of) is to create a collection just for that user, which is suboptimal because it pollutes the collection list.

(this was originally Share with a single user · Issue #124 · bitwarden/web · GitHub)

BTW, being forced to make yet another account on a forum I’m not familiar with and resubmit an issue I already submitted because of an internal tool reorganization is uber annoying.

18 Likes

Yes, I think this would be a great feature.

I would like to illustrate @bfabio request with a use cases:

In my organisation we have to rely on another encrypted medium in order to share secrets between users. Because collection-based secret sharing is always for very low-risk secrets & for non-individual account. Which is rather rare actually.
What’s happen very often on the contrary, is someone, creating a secret for someone else. Either to transfer a secret (and leave it) or to share a secret.

Exemple:

  • Transfert a secret: Creating an account for someone else (eg. aws identity), setting up the login card with all the expected informations along with the secret, then send it to someone else, giving him ownership on the secret.
  • Share a secret: all employee maintain their identity card, with some confidential informations in it, and share the card with the human resources manager.
4 Likes

Aggree - espeacially for big organization that would be important to have, because the admin will not be able to manage collections and group settings for all departments.

4 Likes

I am constantly pushing our company to move to BW organization, but every day we get more and more used to LastPass.

One feature I see used more and more that is lacking in BW is external sharing.

ie. We have a contractor. We don’t want to add him to the org, but we need to share 1 or more passwords with him.

In LastPass we can add free-account-members from outside our org as a reader/writer to any internal share folder / shared items. This seems to get used a lot…

1 Like

Couldn’t you just add the user to the org with limited access to achieve the same effect?

Yes, but the difference is:

  1. The need for org admin intervention.
  2. The extra cost of adding a member to the org.

If we had to introduce a flow for doing this, we need to increase workload on IT admin and finance staff for approval on the org addition and budget clearance.

I understand it’s a hard feature to add to the current model and has possibility for abuse. But just letting you know a feature we use of your competitor.

I just found this because of another post I made.

I would +1 this as well.

Sharing should really be a feature for the personal premium accounts, not just “organizations.” Ideally, I would like to be able to share with 1 or many different users. At any time, I should be able to unshare with 1 or more users that I’ve shared an item with.

As someone who is just starting the evaluation of a PW manager for my wife and I, I find the way the bitwarden does it confusing. This is then compounded by the pricing of what is technically two different products (personal and organizations).

6 Likes

Just found out about BW and considering moving over from LastPass. Also found this thread when searching for how to share things with a single individual. Often we share passwords with one team member for whatever reason so seems a bit limiting to not be able to do that and a single collection for each team member seems overkill.

4 Likes

I migrated from Last Pass and this option a long time ago by the team, now creating a collection for each one is very bad, only point until then negative

2 Likes

Hi,

This would be a very usesul feature, because the only alternative is to create a new collection for every pair of users that want to share items between them. Creating one collection by user is not enough, otherwise any user in that colllection can see all password for that user.
This feature is a must have !
Thank you

5 Likes

Suppose you want to share a password 1 time with someone else, you should be able to generate a link and email that link to that person.

He or she can than see the password 1 once. The link itself expires too after a few days (configurable when sharing?)

Kinda like http://onetimesecret.com, but integrated in the Bitwarden web interface.

This feature could also be used for the “Emergency access” feature request here. An emergency contact could receive an email with the master password (or another item that is configured for emergencies?).

This however, would require a working SMTP server, so it’s not perfect. I’d like to see emergency access to be more robust and not dependant on any external service like SMTP.
I.e. the old sysadmin at the company dies and servers have started to deteriorate. Only then will people scramble and realize they can’t receive the emergency password. Sounds kinda far fetched, but that’s how emergencies are sometimes.

Hi vbev,

Not sure this would work for you but here’s what i did to help our organization with sharing without creating a collection for each Item. I have an organization setup.

  1. As admin create a collection for each user… (user1 logins, user2 logins etc) Give the user permissions to only their own collection.
  2. Have every user share their items to their own collection which the organization now takes ownership.
  3. Admin then can go in and share an item with only collections needed (say user1 and user2 collections) so only those users have access to that item.
  4. Users can send requests to administrator to share their Item with another user. Admin can then login into into the organization and share that login item with the specific users collections. Now users can just look into their own collection and see the shared logins

This works for us on a small scale. Downside is now administrator have to manage this. The upside is that since all users have shared their Items with the organization, if an employee leaves the organization then the organization still retains ALL items. This only works if the user/employee shares ALL of their Items of course.

Hope this makes sense.

lukeyboy

2 Likes

Good idea !
Regarding the manual process of asking the admin, Couldn’t it be automatized ? By developing some kind of backend and a frontend where users would be authenticated using their corporate email, then the frontend via API would request the backend on behalf on the logged in user to share some item into another user’s ad-hoc collection. The backend would be running with an admin credentials and would use the bitwarden client to send the appropriate sharing update request to bitwarden.com server. There would be some checks in the backend to make sure the item to be shared belongs to the user in its ad-hoc collection.

Of course, it would be a lot easier if this feature was native instead of having to develop it in every company…

Finally I would still let the users create item without putting them in their ad-hoc collection if this is actually private stuff like some.

1 Like

Great request. In LastPass I was able to just share an item (even with attachments) with any user. As simple as that. And here in Bitwarden item sharing is super confusing, hard to use and not easy to understand, and costs additional money. It looks like this sharing options for companies, and not for personal use.

Please, revise sharing options for personal use!

PS: I paid for premium to support this project and the ideas behind, but I will look for other options in managing passwords if personal sharing won’t be revised and implemented.

2 Likes

Feature name

  • Rename share to transfer and create share mechanism

Rename share to transfer

Why?

The currently implementation is not a share. It is a transfer. The ownership of the item changes. There is some decent confusion on this.

Create share mechanism

  • you are the owner and stay the owner
  • you can revoke/unshare the share - related request, kind of
  • you can share with one person - related request
  • you can share with multiple people
  • you can share with a collection
  • you can share an entire folder/subfolder - related request
  • you can decide whether receiver of share can view password or not

I am aware that “pull requests are welcome” and will start looking at this myself. OSS FTW.

1 Like

This would be the greatest fix I would say because it prevents many users from losing passwords just by deleting the organization or purging organization vault. Happened to me 2 times. It is a much needed function. Or both share and transfer should be present and users can select what they want.

2 Likes

Can’t understand how this has gotten so few votes. This would be extremely helpful for businesses where sharing secrets externally is occasionally needed. It wouldn’t even need an SMTP server configuring, you could just have an embedded one-time link into each item which can be copied and sent via email as needed.

2 Likes

@jmcmeeking :wink:

1 Like

Thats what the API is about, isn’t it? I hope this GIF is suitable enough

2 Likes

Yes, this is definitely a must have feature. The current naming is very confusing. And the lack of “classic” sharing mechanism is the main thing I miss since I switched from lastpass to bitwarden.

1 Like