I wonder if an easy middle ground fix could be implemented to allow for the user to “select” which attachments or possibly all attachments in an item to be downloaded and cached locally on the device for access later offline for read-only.
Similarly to Microsoft’s Offline Files for Windows networks, or Onedrive’s Always keep on this device feature.
This way users can selectively chose which items are most important, i.e passports, IDs, vaccine records, etc before travel.
While still preventing possibly 1GB+ of vault attachments from having to remain in sync between client devices.
Kent, a great suggestion, but I think the core concern in this Feature Request is not the downloading per se, but instead the lack of an in-app document viewer (so that the attachments don’t have to be stored decrypted on the local device and viewed using a third-party app, either of which may introduce security/privacy risks).
You are absolutely correct, I believe I confused the request here with another request specific to offline syncing of attachments.
Both of which requests similarly reference ID cards, passports, etc. for access for secure attachments.
So my recommendation would have instead been for offline access of attachments, but I do also see the benefit for this request to providing native attachment viewing functionality in the client.
Absolutely am for this and hope it can be something that can eventually be implemented.
Come on guys, please add this feature. Been a subscriber for two years now and hoping for this feature ever since, it is absolutely annoying as hell not being able to just view attachments.
Also happened before that I missed removing a downloaded file on a ‘public’ machine before. This is my fault, yes, but the risk of this happening wouldn’t even exist if we just had a viewer implemented.
Apart from that: Great tool, my favourite among all Password Managers I tested so far.
I joined BitWarden because it met a few key requirements, one of which was secure photo attachments (eg. ids). Had I realised the attachments were not viewable I honestly would have picked another password manager.
I’m not saying that to be snarky (I really like bitwarden, and am paying for it for other benefits that I now highly value but weren’t so high on initial criteria), I’m saying that to reinforce that viewing secure attachments securely in-app is core mission statement to users and not offering it costs Bitwarden money. I want to see this feature get commensurate priority in the roadmap.
I would strongly suggest tiered implementation for viewing select file types (eg. jpg, png) ahead of the security risks from pdf. Implementing some of this for the most common use case (image of id document) would be a huge step forward.
I really like BitWarden but the silence on this critical security hole is deafening; the lack of addressing it, frustrating. Perhaps they don’t have the knowledge, skills, and talent?
Just piling on this topic. Its the only real issue I have with the platform and my usage patterns. Not being able to view in-app is painful and I end up littering sensitive PDF documents in all sorts of places otherwise wouldn’t. Big time need this feature!
Can’t believe this hasn’t made it to “planned” yet. It’s been 5 years!
I wonder how many users have forgotten to delete downloaded attachments and left them in %USERPROFILE%\Downloads, ~/Downloads or some random temp/cache folder somewhere that they probably didn’t even know their file was stored in. How many have made it into random backups where they don’t belong? Do we need someone prominent to forget to delete a downloaded file and name Bitwarden in the media before something happens?
We’re not requesting changes to core functionality here. A simple in-app image/PDF viewer would solve a lot of problems, mainly how we’re currently forced to download sensitive files and store them unencrypted on whatever device. There exists multiple Open Source JS libraries out there that you could probably make use of, like PDF.js by Mozilla (Apache 2.0 licensed).
To not have the ability to show files like photos and pdf within the app, and the need to download it, is in my opinion a petty huge security risk, as you will need to store secure data on insecure environment please add this feature.
Unfortunately, the most recent Bitwarden ‘feature roadmap’ document made no mention of addressing this glaring omission. They just don’t seem to recognize its severity.
Thanks Chris, we appreciate the feedback! There is a lot that goes into Bitwarden to keep things running smoothly behind the scenes, including maintaining current features, building new ones and fixing bugs.
There are a lot of feature requests for the team to consider, so thanks for your patience!
May 2023, LP and various authenticators refugee. Love Bitwarden and Authy. Have just discovered that Bitwarden’s “notes” feature and “attachments” feature are inadequate. Various excuses have been given – none of which really focus on the main use case.
In LP I would keep setup notes for new financial services and IT services. Typically these involve multiple secrets or unique data items. Including email used, possibly separate ID, a PIN, a password and even a separate passphrase, two-factor authentication services used, fingerprints, recovery codes, family member names, and even a “biometric note” (right ring finger) – and subscription cost per year and renewal date. And sometimes account IDs that are separate between physical and virtual.
This is all complex, and sometimes best saved in a structured narrative. Which I would do in LP (it has a usably big window). And then of course separately the password manager would have specific logons for various accounts too - and this is the part that Bitwarden excels at and why I left LP. But the two are not the same: (1) and organized narrative tying together many separate facts, resources, actors etc and (2) the specific and narrow authorization security “fact clusters” necessary for a given login. Give us both and win big and beat all the competition!
“Just saving logons” is not enough. Accounts and services are often complex. And you need to be really, really careful not to get locked out. This is what an ‘attached set of notes’ (probably only 1/2 a page!) is for. Or just notes themselves directly saved in Bitwarden. The current Bitwarden window viewer makes using that set of notes difficult (a simple fix would be allow the window to become full-screen).
This is NOT a “nice to have corner case” that will never be delivered. This is a use case that should be at the center of any Bitwarden users’ workflow.
Please push “secure document viewing” – or just a better in-line secure notes viewing and editing feature – to No. 1 in the development list!
100% agree!!! Unfortunately, it continues to not be a priority to the Bitwarden developers.
I guess they don’t store sensitive attachments in the product. Or if they do, their requiring a process that stores decrypted attachments externally so that external tools can view them hasn’t resulted in the compromising of the information contained in those attachments — at least, not that they know of.