Hallelujah!
Iām excited for this! Iāve been impressed with Bitwardenās continuous growth/improvement since joining.
P.S. That was a Handel āHallelujahā not to be confused with any less energetic hallelujah songs out there.
2 Likes
Share to someone outside of the organisation, one time, eg with an expiring link to a minimal web page showing only that one password.
We consider this a basic feature and are disappointed not to find it in Bitwarden already. Itās important enough that weād switch to another service to get this feature, as we regularly need to share passwords one-time during customer onboarding.
1 Like
Hi @samtuke - Bitwarden has had this feature for a while now. Here are some more details:
If this suits your needs, let us know and we can mark this request as Solved.
Thanks for the quick response @dh024. Does this allow sending of existing passwords eg saved in a collection owned by a team? Thatās what Iām looking for in this case (not just creating an ephemeral password, but sharing a password used by a team in an ephemeral way.
Eg. workflow:
- New concierge customer
- We create them an account including login details
- We save the login securely for internal use
- We share the login with them using Bitwarden, which expires after some time
This way we avoid duplicating their login or having to add them as a team member.
Hi Sam - I am not entirely sure of your use-case scenario, as I am not certain how you are using the term ephemeral, but here is a quote from the help document I pointed to:
Dynamically Ephemeral: Sends are designed for ephemeral sharing, so every Send that you create will have a specified lifespan (max 31 days) that can be configured using pre-set options or a custom timestamp for down-to-the-minute specification. When its deletion date is reached, the Send and its contents will be completely purged from Bitwarden systems. Using additional options like Expiration Date and Maximum Access Count, you can ensure that access to recipients is terminated according to your needs.
Hopefully that suits your needs - you can use this service to send Text Sends from any Bitwarden account, including a free one, so you might wish to try it out to see if it suits your needs. (File Sends require a Premium subscription, however.)
Cheers!
@samtuke - welcome! additional functions for Send (such as sending an existing vault item) are also on the roadmap 
5 Likes
I find myself needing this one every week or so. Would be greatly appreciated.
1 Like
Glad I am not the only one struggling with the workflow. Hope to see that happeningā¦
1 Like
Feature name
Bitwarden Send Credentials - already configured entry which user can ignore or accept.
Feature function
Bitwarden Send allows for now to send 2 kind of objects - text or files and share them via link. Sharing credentials like login, password and url as a recognizable object by Bitwarden -already configured entry- will make a process of distributing credentials even easier for non technical users that already use Bitwarden. This way adding new password to your current database will only require pressing āAcceptā and confirming with master password.
Important!
Feature is supposed to work between any instances of Bitwarden, cause exchanging passwords inside organizations already exists, but does not between two separate companies where each of them can have self-hosted non federated instances.
Hopefully this feature will come in 2022.
To me, approach where only collections may be shared looks like a biggest largest and scariest misconception in design.
I frequently find that I need to share a PW with clients or users, but obviously donāt want to send this as clear text in an e-mail.
How about integrating a feature into BW that would allow for users to generate a temporary disposable URL link that contains the password for limited viewing. Much like:
onetimesecret has a much smoother interface, but fugacious is open source (but they seem to have let their SSL cert expire) and allows for variable number of access times and longer life duration.
This would also be a means of promoting BW as recipients would get a link that would feature BW as a secure PW management tool.
This would be fantastic!
1 Like
This would be useful.
But how would it be secure?
It would probably be a good idea to get the person who shared the password to change it after the share expires?
One example, we got a solar energy consultant to quote us on an expansion of our solar power system and he asked for the login to view our generation stats. The web portal doesnāt provide the ability to export the stats, you have to go view them online, it also only has a single user, no ability to add secondary logins for other users.
We already use Bitwarden to share that login amongst the team who needs access to that information.
Thereās no harm that can come from him going there, and I want him to have the info, but I donāt want him to have to install Bitwarden and sign up and then create an organisation and create a collection and have him accept the invite and then approve the acceptance and then share it with him on a permanent basis.
I just want him to have access to it through a link a few times for a week or so, and then when heās done, I want to be reminded to go change that to something secure again.
Obviously anyone with access to his email or access to that link (perhaps he shares it) will be able to view the login information. - so I donāt see this being a secure feature, itās more of a simple convenience with a thin layer of security in that the actual password isnāt in clear text in any emails, and wonāt be there FOREVER incase his or my email - or backups of that email - is ever compromised.
So to me, in this scenario the reminder to change the details after the share expires is a critical feature.
1 Like
Privatebin.info is a better implementation of onetimesecret and fugacio.us
Both of these use Server-Side encryption, which means the server receives it in plaintext at some point.
instead, Privatebin encrypts the secret client-side and stores the encrypted data on the server. it uses the # (shard) in an url to make the decryption key only available clientside, without having to send it to a remote server. The only downside to this is the requirement of JavaScript to decrypt the content
1 Like
as a user i want to share secrets or notes.
i want to have the possibility to set a view-count and an expiration time (in 12h for ex.) of the sharing period.
optionally a possibility to set a pin code.
after the sharing period i want to receive a notification in BW to change my secret.
SCORE!!
Great work BitWarden Team!
This long-term requested feature has now been officially delivered with the new BitWarden Send feature:
https://bitwarden.com/help/article/about-send/
A really excellent execution with this delivery as well. Lots of flexibility in terms of how long the Secret message lasts, how many times it can be accessed, and the ability to disable a previous Send.
You guys took the best of both OneTimeSecret and Fugacio.us and put them into a really usable package. Really well done.
Thanks for listening to customer requests like this.
-m
2 Likes
Even better, unlike OneTimeSecret and Fugacio, this implementation is e2e encrypted like privatebin, which is awesome.
Now all that is needed is adding the āsendā option to the āshareā option when you open a login in bitwarden, that would make the UX for this superb for sharing credentials.
1 Like
I hope it will not die.
The following use case:
The boss wants the computer password from all employees.
Currently (July 2007) a collection would have to be created for one employee! What is impossible with more than 5 employees.
It would be better if I could invite other users or groups for each entry.