[GH-ISSUE #5935] Web vault: The same SSH key is always inserted #2290

New issue

Closed

opened 2026-03-03 02:16:57 +03:00 by kerem · 5 comments

kerem commented 2026-03-03 02:16:57 +03:00

Owner

Copy link

Originally created by @sbdiun on GitHub (Jun 6, 2025).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5935

Vaultwarden Support String

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.34.1
• Web-vault version: v2025.5.0
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Alpine)
• Database type: MySQL
• Database version: 8.0.41
• Uses config.json: false
• Uses a reverse proxy: true
• IP Header check: false (X-Forwarded-For)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• TZ environment: Europe/Berlin
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Websocket Check: false
• HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "*****://**********************************************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****************************",
  "domain_origin": "*****://*****************************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": 3650,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 7776000,
  "icon_cache_ttl": 0,
  "icon_download_timeout": 30,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info,vaultwarden::api::core::events=debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 120,
  "login_ratelimit_seconds": 5,
  "org_attachment_limit": 100000,
  "org_creation_users": "**********************************,*****************************,******************************",
  "org_events_enabled": true,
  "org_groups_enabled": true,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Login",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*************************",
  "smtp_from_name": "Vaultwarden IT Service",
  "smtp_host": "******************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "************************************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 30,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": 10000,
  "user_send_limit": 20000,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "105067",
  "yubico_secret_key": "***",
  "yubico_server": null
}

Vaultwarden Build Version

1.34.1

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Apache/2.4.62 (AlmaLinux)

Host/Server Operating System

Linux

Operating System Version

AlmaLinux 9.6 (Sage Margay)

Clients

Web Vault

Client Version

v2025.5.0

Steps To Reproduce

1. copy a openssh key to clipboard
2. create new SSH key in Vaultwarden
   The key will be shown, including public key and fingerprint.
3. copy another openssh key to clipboard
4. create another new SSH key
   The previous key is set as content like in the first entry.

Expected Result

The last copied key is entered.

Or, at least in the Bitwarden desktop client, there is a “Copy key from clipboard” button that can be used to set the content.

Actual Result

Previous key is the content.
No button to override this.

Logs

Screenshots or Videos

No response

Additional Context

Originally created by @sbdiun on GitHub (Jun 6, 2025). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5935 ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.1 * Web-vault version: v2025.5.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Alpine) * Database type: MySQL * Database version: 8.0.41 * Uses config.json: false * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * TZ environment: Europe/Berlin * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: false * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "*****://**********************************************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****************************", "domain_origin": "*****://*****************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": 3650, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 7776000, "icon_cache_ttl": 0, "icon_download_timeout": 30, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info,vaultwarden::api::core::events=debug", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 120, "login_ratelimit_seconds": 5, "org_attachment_limit": 100000, "org_creation_users": "**********************************,*****************************,******************************", "org_events_enabled": true, "org_groups_enabled": true, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "Login", "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*************************", "smtp_from_name": "Vaultwarden IT Service", "smtp_host": "******************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "************************************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 30, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": 10000, "user_send_limit": 20000, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "105067", "yubico_secret_key": "***", "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.34.1 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Apache/2.4.62 (AlmaLinux) ### Host/Server Operating System Linux ### Operating System Version AlmaLinux 9.6 (Sage Margay) ### Clients Web Vault ### Client Version v2025.5.0 ### Steps To Reproduce 1. copy a openssh key to clipboard 2. create new SSH key in Vaultwarden The key will be shown, including public key and fingerprint. 3. copy another openssh key to clipboard 4. create another new SSH key The previous key is set as content like in the first entry. ### Expected Result The last copied key is entered. Or, at least in the Bitwarden desktop client, there is a “Copy key from clipboard” button that can be used to set the content. ### Actual Result Previous key is the content. No button to override this. ### Logs ```text ``` ### Screenshots or Videos _No response_ ### Additional Context 

kerem 2026-03-03 02:16:57 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-03 02:16:58 +03:00

Author

Owner

Copy link

@sbdiun commented on GitHub (Jun 6, 2025):

The inserted image shows the first key, even though an RSA key has already been copied to the clipboard.
I hope that, even though it is in German, you can see that there is no button to reload the value from the clipboard.

<!-- gh-comment-id:2948390228 --> @sbdiun commented on GitHub (Jun 6, 2025): The inserted image shows the first key, even though an RSA key has already been copied to the clipboard. I hope that, even though it is in German, you can see that there is no button to reload the value from the clipboard.

kerem commented 2026-03-03 02:16:58 +03:00

Author

Owner

Copy link

@stefan0xC commented on GitHub (Jun 6, 2025):

I don't understand the issue. What does copying an OpenSSH key into the clipboard has to do with creating a new SSH key via the web-vault? I don't think that the web-vault acts the same as the Bitwarden Desktop app in this regard (as it will always create a new SSH key as far as I've tested it and not the same one). According to https://bitwarden.com/help/ssh-agent/#import-key-to-bitwarden importing keys from clipboard is only available in the desktop app.

<!-- gh-comment-id:2948534098 --> @stefan0xC commented on GitHub (Jun 6, 2025): I don't understand the issue. What does copying an OpenSSH key into the clipboard has to do with creating a new SSH key via the web-vault? I don't think that the web-vault acts the same as the Bitwarden Desktop app in this regard (as it will always create a new SSH key as far as I've tested it and not the same one). According to https://bitwarden.com/help/ssh-agent/#import-key-to-bitwarden importing keys from clipboard is only available in the desktop app.

kerem commented 2026-03-03 02:16:58 +03:00

Author

Owner

Copy link

@sbdiun commented on GitHub (Jun 6, 2025):

I apologize if I misunderstood something.
As I understand it, inserting an SSH key means creating it as an entry in the vault, not as a key for the web vault itself, like storing an identity or access in the vault.

We have several SSH keys to access different servers, which I wanted to store in Vaultwarden, and that's exactly what doesn't work because I only ever see the one.

It wasn't about generating a new key.

If that's wrong, then I apologize.

<!-- gh-comment-id:2948617538 --> @sbdiun commented on GitHub (Jun 6, 2025): I apologize if I misunderstood something. As I understand it, inserting an SSH key means creating it as an entry in the vault, not as a key for the web vault itself, like storing an identity or access in the vault. We have several SSH keys to access different servers, which I wanted to store in Vaultwarden, and that's exactly what doesn't work because I only ever see the one. It wasn't about generating a new key. If that's wrong, then I apologize.

kerem commented 2026-03-03 02:16:58 +03:00

Author

Owner

Copy link

@sbdiun commented on GitHub (Jun 6, 2025):

From this side: https://bitwarden.com/help/managing-items/
"There are five types of items you can store in your vault; logins, cards, identities, secure notes, and SSH keys:"

<!-- gh-comment-id:2948621918 --> @sbdiun commented on GitHub (Jun 6, 2025): From this side: https://bitwarden.com/help/managing-items/ "There are five types of items you can store in your vault; logins, cards, identities, secure notes, and SSH keys:"

kerem commented 2026-03-03 02:16:58 +03:00

Author

Owner

Copy link

@sbdiun commented on GitHub (Jun 6, 2025):

ok, I understand now.
It's possible to import keys via Destop App, but in Web-vault, it always create a new one.

<!-- gh-comment-id:2948723174 --> @sbdiun commented on GitHub (Jun 6, 2025): ok, I understand now. It's possible to import keys via Destop App, but in Web-vault, it always create a new one.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#2290

No description provided.