The “Send” functionality does not solve this need at all.
I found it even quite useless because it does not require authentication at the receiving end. So anyone with the link can see the secret. The Passwort-Protection does not help since, I would need to share the access password along with sending the link.
Using E-Mail is similar (un)safe.
Seems like you have not gotten a clear picture of send.
A Send can be protected with a password. Access limit can also be set. So the link will expire after the access count has exceeded.
I would suggest you to watch Bitwarden Send: Secure Text and File Transfer - YouTube
Hello @vachan thanks, I have watched the video. It did not tell me anything new though.
Maybe to phrase my thoughts differently:
Even if I would use Password Protection and Access Limit, I still would need to send the Link together with the Password over an insecure channel (Email, Slack, …) to the receiver. If any Man-In-The-Middle would intercept this communication, he or she could steal the well-encryped secret.
Fair point, though, if possible, sharing the password via phone call, or separate, relatively secure channel should be good for all but the most critical secrets 
Maybe in the future Send can be directly sent to a bitwarden user through the client itself ?
Like if you add my email address to a send. I will automatically get the Send on all my client apps.
I did not think about that.
This would be a great feature. Τhe best way to implement it imo, would be by having user and group permissions to be set for each item instead of collection. This is the most important disadvantage of BitWarden for our organization.
This would be great. The ability to share an item/folder/collection with a single other Bitwarden hosted user. This would be great on a personal level with family/friends, but also I have already run into several options where I wanted to take an item from my “Business” folder in my private vault and share it with another Bitwarden user in our org without removing my ownership and sending it to a collection.
This is a big one that’s blocking us moving. There’s many situations where a secret belongs to a collection but it needs to be shared with +1 or +2 users in the organization as well. Not justified having collection hell to accomodate all variations of this. Need to be able to share to a collection + individual org users. User to user as well.
@tgreer It might be wishful thinking, but is this part of the “Item Sharing” listed on the roadmap for 2022?
Hallelujah!
I’m excited for this! I’ve been impressed with Bitwarden’s continuous growth/improvement since joining.
P.S. That was a Handel “Hallelujah” not to be confused with any less energetic hallelujah songs out there.
Hopefully this feature will come in 2022.
To me, approach where only collections may be shared looks like a biggest largest and scariest misconception in design.
I frequently find that I need to share a PW with clients or users, but obviously don’t want to send this as clear text in an e-mail.
How about integrating a feature into BW that would allow for users to generate a temporary disposable URL link that contains the password for limited viewing. Much like:
onetimesecret has a much smoother interface, but fugacious is open source (but they seem to have let their SSL cert expire) and allows for variable number of access times and longer life duration.
This would also be a means of promoting BW as recipients would get a link that would feature BW as a secure PW management tool.
This would be fantastic!
This would be useful.
But how would it be secure?
It would probably be a good idea to get the person who shared the password to change it after the share expires?
One example, we got a solar energy consultant to quote us on an expansion of our solar power system and he asked for the login to view our generation stats. The web portal doesn’t provide the ability to export the stats, you have to go view them online, it also only has a single user, no ability to add secondary logins for other users.
We already use Bitwarden to share that login amongst the team who needs access to that information.
There’s no harm that can come from him going there, and I want him to have the info, but I don’t want him to have to install Bitwarden and sign up and then create an organisation and create a collection and have him accept the invite and then approve the acceptance and then share it with him on a permanent basis.
I just want him to have access to it through a link a few times for a week or so, and then when he’s done, I want to be reminded to go change that to something secure again.
Obviously anyone with access to his email or access to that link (perhaps he shares it) will be able to view the login information. - so I don’t see this being a secure feature, it’s more of a simple convenience with a thin layer of security in that the actual password isn’t in clear text in any emails, and won’t be there FOREVER incase his or my email - or backups of that email - is ever compromised.
So to me, in this scenario the reminder to change the details after the share expires is a critical feature.
Privatebin.info is a better implementation of onetimesecret and fugacio.us
Both of these use Server-Side encryption, which means the server receives it in plaintext at some point.
instead, Privatebin encrypts the secret client-side and stores the encrypted data on the server. it uses the # (shard) in an url to make the decryption key only available clientside, without having to send it to a remote server. The only downside to this is the requirement of JavaScript to decrypt the content
as a user i want to share secrets or notes.
i want to have the possibility to set a view-count and an expiration time (in 12h for ex.) of the sharing period.
optionally a possibility to set a pin code.
after the sharing period i want to receive a notification in BW to change my secret.
SCORE!!
Great work BitWarden Team!
This long-term requested feature has now been officially delivered with the new BitWarden Send feature:
https://bitwarden.com/help/article/about-send/
A really excellent execution with this delivery as well. Lots of flexibility in terms of how long the Secret message lasts, how many times it can be accessed, and the ability to disable a previous Send.
You guys took the best of both OneTimeSecret and Fugacio.us and put them into a really usable package. Really well done.
Thanks for listening to customer requests like this.
-m
Even better, unlike OneTimeSecret and Fugacio, this implementation is e2e encrypted like privatebin, which is awesome.
Now all that is needed is adding the “send” option to the “share” option when you open a login in bitwarden, that would make the UX for this superb for sharing credentials.
