Vault Item Sharing

Here I’m talking about sharing password with self not with other. I came into one situation, where I need to login to my email or any other account, but because of complex password I have to write down my password.

Your use-case would be satisfied by a feature that uses something like the current Send function to share an credential from your vault. This is one of the variations of the feature proposal being discussed in this thread.

This issue originally was about how to organize vaults so that items could be shared with individuals. It turned into the ‘send’ functionality, which is nice, but not what was originally requested.

Right now, for an organization or a company, the available options for organizing vaults for different teams, and different accesses is quite limiting.

Imagine a typical organization, of say 60 people. There is a executive layer, then a set of line managers who manage teams, and individuals in those teams.

The executive/COO should have access to all passwords, and be able to manage all ACLs. They should be able to create a ‘team’ that is then is managed by that team’s manager. That manager should be able to then create users for that team, create collections in that team and logins/passwords that are part of different collections, and access given to the different people in that team who need it. The exec layer should also be able to create passwords for their needs, in their collections as well.

At any time, the manager of a team should be able to revoke the access of any team member, and similarly the exec should be able to revoke the manager’s access (or any individual team member in a team).

There should be additionally a way to have passwords that are not in specific teams, but are one-offs that can be shared with any individual in the organization. When I say “shared”, I don’t mean “send” via bitwarden, what I mean is to let them have access in bitwarden to the access, for when they need it.

Right now, I can make an organization which holds passwords that are not team-specific. Lets say its a password for github, and I need three managers of teams to access it. I have to then create a ‘collection’ for each of those users and the github password is shared into that collection. I then have to invite that user to the organization and give access to view their collection.

This somewhat awkward setup works, but it is quite confusing and weird for everyone. I have to keep explaining it to everyone and everyone gets it wrong. It feels like a hack until something more organized and better built is made, that is what I thought this issue was about. Is there a better issue that tracks this and isn’t about the “Send” functionality?

I see in the 2024 roadmap that there was this feature “New organization vault and user reports” – could this be a better way to solve this problem? Has this been implemented? Where can I see what that feature is/was planned to be?

I think it would be great in terms of Secret Sharing if we could simply share the contents of a stored password. What I mean is, sometimes I need to share a password with the notes to someone who doesn’t have a Bitwarden account. I think it would be great to be able to simply click share on the password and it could create a secret link that would share all the info of that object with the person.

Sends work great for sending info like that; you can (today) send text and/or a file using a Send and stipulate who gets it, how long the link works, and how many times it can be accessed. After that it is inaccessible.

If you are asking this in reference to sending a Bitwarden vault password itself though, that’s something I would absolutely not recommend.

Yes. I do use sends to send info like that. I am saying, it would be great to have the ability to send a password directly from the password. To set how long the share link works, how many times it can be accessed etc.

As it currently stands, if I need to send a vault password to someone who doesn’t have Bitwarden I need to create a Send and copy and paste the password. It’s cumbersome. It would be better if I could simply select “Send this password”.

@brittni Welcome to the forum?

… You don’t mean the Bitwarden password manager?

This is a feature that proton pass has and it’s very nice.

You can generate a secret link to a vault item, valid for some time or a number of views (as bitwarden send).

What’s nice about it is that if the item has a TOTP configured, the link recipient can use the generated code to login. In this latter case I haven’t checked the page source code to see if the TOTP secret is accessible, I would hope it is not.

This is an example:

protonpass1296×900 96.5 KB

EDIT: I see now why @Nail1684 was asking if this is for password manager, you selected the secrets manager tag when creating the topic. I tried to edit it (Sorry Nail if I stepped on you when moving it).

I do mean the password manager. I logged the request here as I figured it made sense with it being related to a send.

@kpiris yes. This is exactly what I would love to see.

@brittni @bwuser10000 @kpiris I moved your posts into this existing feature request about vault item sharing, as it’s essentially the same request.

Yesss, that’s why I asked… to be sure… And no problem - sometimes there is some overlap that’s unavoidable.

@kpiris, there’s no way they’d imbue the secret in the page source. I doubt that even vault.bitwarden.com does that (except when its entry form is accessed in edit mode). They can just do it via JS, or a Secrets Manager URI call.

As an example, I see the undermentioned HTML in &action=edit mode, with the TOTP key visible to me:

<bit-form-field disablemargin="" class="tw-block tw-pt-2">

	<div class="tw-w-full tw-relative tw-group/bit-form-field ng-star-inserted">
		<div class="tw-absolute tw-w-full tw-h-full tw-top-0 tw-pointer-events-none tw-z-20">
			<div class="tw-w-full tw-h-full tw-flex">
				<div
					class="tw-min-w-3 tw-border-r-0 group-focus-within/bit-form-field:tw-border-r-0 !tw-rounded-l-lg tw-border !tw-border-solid tw-border-secondary-500 focus:tw-outline-none group-hover/bit-form-field:tw-border-primary-600 group-has-[input:read-only]/bit-form-field:group-hover/bit-form-field:tw-border-secondary-500 group-has-[textarea:read-only]/bit-form-field:group-hover/bit-form-field:tw-border-secondary-500 group-focus-within/bit-form-field:tw-outline-none">
				</div>
				<div
					class="tw-px-1 tw-shrink tw-min-w-0 tw-mt-px tw-border-x-0 tw-border-t-0 group-focus-within/bit-form-field:tw-border-x-0 group-focus-within/bit-form-field:tw-border-t-0 tw-hidden group-has-[bit-label]/bit-form-field:tw-block tw-border !tw-border-solid tw-border-secondary-500 focus:tw-outline-none group-hover/bit-form-field:tw-border-primary-600 group-has-[input:read-only]/bit-form-field:group-hover/bit-form-field:tw-border-secondary-500 group-has-[textarea:read-only]/bit-form-field:group-hover/bit-form-field:tw-border-secondary-500 group-focus-within/bit-form-field:tw-outline-none">
					<label
						class="tw-flex tw-gap-1 tw-text-sm tw-text-muted -tw-translate-y-[0.675rem] tw-mb-0 tw-max-w-full tw-pointer-events-auto"
						for="bit-input-32">

						<bit-label title="Authenticator key" id="bit-label-31"
							class="tw-flex-row tw-gap-1 tw-inline-flex tw-items-baseline tw-min-w-0 ng-star-inserted">

							<span class="tw-truncate">

								Authenticator key

								<bit-popover>
								</bit-popover>

							</span>

							<button bitlink="" type="button" slot="end" title="Learn more about authenticators"
								aria-label="Learn more about authenticators" aria-expanded="false"
								class="!tw-text-primary-600 before:-tw-inset-x-[0.1em] before:-tw-inset-y-[0.25rem] before:tw-absolute before:tw-block before:tw-content-[''] before:tw-rounded-md before:tw-transition disabled:!tw-text-secondary-300 disabled:hover:!tw-text-secondary-300 disabled:hover:tw-no-underline disabled:tw-cursor-not-allowed disabled:tw-no-underline focus-visible:before:tw-ring-2 focus-visible:before:tw-ring-primary-600 focus-visible:tw-decoration-1 focus-visible:tw-outline-none focus-visible:tw-underline focus-visible:tw-z-10 hover:!tw-text-primary-700 hover:tw-decoration-1 hover:tw-underline tw-bg-transparent tw-border-0 tw-border-none tw-font-semibold tw-leading-none tw-no-underline tw-px-0 tw-py-0.5 tw-relative tw-rounded tw-text-unset tw-transition ng-star-inserted">
								<i aria-hidden="true" class="bwi bwi-sm bwi-question-circle"></i>
							</button>

						</bit-label>

					</label>
				</div>
				<div
					class="tw-min-w-3 tw-grow tw-border-l-0 group-focus-within/bit-form-field:tw-border-l-0 !tw-rounded-r-lg tw-border !tw-border-solid tw-border-secondary-500 focus:tw-outline-none group-hover/bit-form-field:tw-border-primary-600 group-has-[input:read-only]/bit-form-field:group-hover/bit-form-field:tw-border-secondary-500 group-has-[textarea:read-only]/bit-form-field:group-hover/bit-form-field:tw-border-secondary-500 group-focus-within/bit-form-field:tw-outline-none">
				</div>
			</div>
		</div>
		<div
			class="tw-gap-1 tw-bg-background tw-rounded-lg tw-flex tw-min-h-11 [&amp;:not(:has(button:enabled)):has(input:read-only)]:tw-bg-secondary-100 [&amp;:not(:has(button:enabled)):has(textarea:read-only)]:tw-bg-secondary-100">
			<div class="tw-flex tw-items-center tw-gap-1 tw-pl-3 tw-py-2" hidden="">

			</div>
			<div
				class="default-content tw-w-full tw-relative tw-py-2 has-[bit-select]:tw-p-0 has-[bit-multi-select]:tw-p-0 has-[input:read-only:not([hidden])]:tw-bg-secondary-100 has-[textarea:read-only:not([hidden])]:tw-bg-secondary-100 tw-rounded-l-lg tw-pl-3">

				<input bitinput="" formcontrolname="totp" type="text"
					class="tw-font-mono ng-pristine ng-valid [&amp;:is(input,textarea):disabled]:tw-bg-secondary-100 focus:tw-outline-none tw-bg-background tw-block tw-border-none tw-h-full tw-placeholder-text-muted tw-text-main tw-w-full ng-star-inserted ng-touched"
					id="bit-input-32" spellcheck="false">

			</div>
			<div class="tw-flex tw-items-center tw-gap-1 tw-pr-3 tw-py-2">

				<button type="button" biticonbutton="" bitsuffix="" data-testid="toggle-totp-visibility"
					bitpasswordinputtoggle=""
					class="!tw-text-main before:-tw-inset-[2px] before:tw-absolute before:tw-block before:tw-content-[''] before:tw-ring-2 before:tw-ring-transparent before:tw-rounded-lg before:tw-transition disabled:!tw-text-secondary-300 disabled:hover:tw-bg-transparent disabled:hover:tw-border-transparent focus-visible:before:tw-ring-primary-600 focus-visible:tw-z-10 focus:tw-outline-none hover:tw-bg-transparent-hover hover:tw-border-primary-600 hover:tw-no-underline tw-bg-transparent tw-border tw-border-solid tw-border-transparent tw-font-semibold tw-leading-none tw-p-1 tw-relative tw-rounded-lg tw-text-base tw-transition tw-text-muted ng-star-inserted"
					aria-pressed="true" title="Toggle visibility" aria-label="Toggle visibility"><span class="tw-relative">
						<span>
							<i aria-hidden="true" class="bwi !tw-m-0 bwi-eye-slash"></i>
						</span>
						<span class="tw-absolute tw-inset-0 tw-flex tw-items-center tw-justify-center tw-invisible">
							<i aria-hidden="true" class="bwi bwi-spinner bwi-spin"></i>
						</span>
					</span>
				</button>

			</div>
		</div>
	</div>

</bit-form-field>

I presume your confusion arises from you not being aware that the DOM can be manipulated via JS. Because a URI’s served HTML5, CSS3, ECMAScript and PHP are compiled together into the browser’s DOM, which is then rendered, what you see isn’t necessarily what’s in the page source.

This would be super nice. I have thought about switching to a different password manager because the current way to share is cumbersome and seems to happen a lot with family.