Hi @samtuke - Bitwarden has had this feature for a while now. Here are some more details:
If this suits your needs, let us know and we can mark this request as Solved.
Hi @samtuke - Bitwarden has had this feature for a while now. Here are some more details:
If this suits your needs, let us know and we can mark this request as Solved.
Thanks for the quick response @dh024. Does this allow sending of existing passwords eg saved in a collection owned by a team? Thatâs what Iâm looking for in this case (not just creating an ephemeral password, but sharing a password used by a team in an ephemeral way.
Eg. workflow:
This way we avoid duplicating their login or having to add them as a team member.
Hi Sam - I am not entirely sure of your use-case scenario, as I am not certain how you are using the term ephemeral, but here is a quote from the help document I pointed to:
Dynamically Ephemeral: Sends are designed for ephemeral sharing, so every Send that you create will have a specified lifespan (max 31 days) that can be configured using pre-set options or a custom timestamp for down-to-the-minute specification. When its deletion date is reached, the Send and its contents will be completely purged from Bitwarden systems. Using additional options like Expiration Date and Maximum Access Count, you can ensure that access to recipients is terminated according to your needs.
Hopefully that suits your needs - you can use this service to send Text Sends from any Bitwarden account, including a free one, so you might wish to try it out to see if it suits your needs. (File Sends require a Premium subscription, however.)
Cheers!
@samtuke - welcome! additional functions for Send (such as sending an existing vault item) are also on the roadmap
I find myself needing this one every week or so. Would be greatly appreciated.
Youâll be happy to know that item sharing is on our 2022 Roadmap.
Glad I am not the only one struggling with the workflow. Hope to see that happeningâŚ
Bitwarden Send Credentials - already configured entry which user can ignore or accept.
Bitwarden Send allows for now to send 2 kind of objects - text or files and share them via link. Sharing credentials like login, password and url as a recognizable object by Bitwarden -already configured entry- will make a process of distributing credentials even easier for non technical users that already use Bitwarden. This way adding new password to your current database will only require pressing âAcceptâ and confirming with master password.
Important!
Feature is supposed to work between any instances of Bitwarden, cause exchanging passwords inside organizations already exists, but does not between two separate companies where each of them can have self-hosted non federated instances.
Hopefully this feature will come in 2022.
To me, approach where only collections may be shared looks like a biggest largest and scariest misconception in design.
I frequently find that I need to share a PW with clients or users, but obviously donât want to send this as clear text in an e-mail.
How about integrating a feature into BW that would allow for users to generate a temporary disposable URL link that contains the password for limited viewing. Much like:
onetimesecret has a much smoother interface, but fugacious is open source (but they seem to have let their SSL cert expire) and allows for variable number of access times and longer life duration.
This would also be a means of promoting BW as recipients would get a link that would feature BW as a secure PW management tool.
This would be fantastic!
This would be useful.
But how would it be secure?
It would probably be a good idea to get the person who shared the password to change it after the share expires?
One example, we got a solar energy consultant to quote us on an expansion of our solar power system and he asked for the login to view our generation stats. The web portal doesnât provide the ability to export the stats, you have to go view them online, it also only has a single user, no ability to add secondary logins for other users.
We already use Bitwarden to share that login amongst the team who needs access to that information.
Thereâs no harm that can come from him going there, and I want him to have the info, but I donât want him to have to install Bitwarden and sign up and then create an organisation and create a collection and have him accept the invite and then approve the acceptance and then share it with him on a permanent basis.
I just want him to have access to it through a link a few times for a week or so, and then when heâs done, I want to be reminded to go change that to something secure again.
Obviously anyone with access to his email or access to that link (perhaps he shares it) will be able to view the login information. - so I donât see this being a secure feature, itâs more of a simple convenience with a thin layer of security in that the actual password isnât in clear text in any emails, and wonât be there FOREVER incase his or my email - or backups of that email - is ever compromised.
So to me, in this scenario the reminder to change the details after the share expires is a critical feature.
Privatebin.info is a better implementation of onetimesecret and fugacio.us
Both of these use Server-Side encryption, which means the server receives it in plaintext at some point.
instead, Privatebin encrypts the secret client-side and stores the encrypted data on the server. it uses the # (shard) in an url to make the decryption key only available clientside, without having to send it to a remote server. The only downside to this is the requirement of JavaScript to decrypt the content
as a user i want to share secrets or notes.
i want to have the possibility to set a view-count and an expiration time (in 12h for ex.) of the sharing period.
optionally a possibility to set a pin code.
after the sharing period i want to receive a notification in BW to change my secret.
SCORE!!
Great work BitWarden Team!
This long-term requested feature has now been officially delivered with the new BitWarden Send feature:
https://bitwarden.com/help/article/about-send/
A really excellent execution with this delivery as well. Lots of flexibility in terms of how long the Secret message lasts, how many times it can be accessed, and the ability to disable a previous Send.
You guys took the best of both OneTimeSecret and Fugacio.us and put them into a really usable package. Really well done.
Thanks for listening to customer requests like this.
-m
Even better, unlike OneTimeSecret and Fugacio, this implementation is e2e encrypted like privatebin, which is awesome.
Now all that is needed is adding the âsendâ option to the âshareâ option when you open a login in bitwarden, that would make the UX for this superb for sharing credentials.
I hope it will not die.
The following use case:
The boss wants the computer password from all employees.
Currently (July 2007) a collection would have to be created for one employee! What is impossible with more than 5 employees.
It would be better if I could invite other users or groups for each entry.
Cheer! I can appreciate how much work it will be.
When I need to send login credentials in a business capacity, it would be so handy to have a âshare via sendâ choice in the list of choices when viewing an item. Quite often, the people I am sending the information to are not even aware of password managers. This would be an excellent way to get them the information they want and at the same time, subtly advertise BitWarden to them. Most people donât respond to any form of direct advertising anymore - especially those who are security conscious. If they can look at BitWarden on their own time and at their own pace when being the recipient of a BitWarden Send, best of both worlds - IMHO.
Hi @tgreer, do you have any updates on this Item Sharing with individual users? Is it still in the roadmap for 2022?
My company is evaluating a new password manager (even with a paid business plan for 130 people), but this feature is a blocker on the adoption of bitwarden because itâs used a lot within the team
It would be a great feature to have and to support the project!