[GH-ISSUE #854] User based Tokens/Api Keys #602

New issue

Closed

opened 2026-03-03 02:01:13 +03:00 by kerem · 2 comments

kerem commented

2026-03-03 02:01:13 +03:00

Owner

Originally created by @Roemer on GitHub (Feb 6, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/854

Hello

For automations and such, it would be great to be able to have user create permanent / timely limited api keys or tokens (or certificates) that could be used to access certain passwords of that user in an automated way without the Master Password.
I am thinking of for example database logins for a CI that needs to create a database in order to perform some tests. The CI could get the password from bitwarden_rs with such an api key/token or certificate.

Is this somehow possible or maybe a planned feature? Or is this impossible because of security concerns?

Originally created by @Roemer on GitHub (Feb 6, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/854 Hello For automations and such, it would be great to be able to have user create permanent / timely limited api keys or tokens (or certificates) that could be used to access certain passwords of that user in an automated way without the Master Password. I am thinking of for example database logins for a CI that needs to create a database in order to perform some tests. The CI could get the password from bitwarden_rs with such an api key/token or certificate. Is this somehow possible or maybe a planned feature? Or is this impossible because of security concerns?

kerem closed this issue

2026-03-03 02:01:14 +03:00

kerem commented

2026-03-03 02:01:14 +03:00

Author

Owner

@jjlin commented on GitHub (Feb 6, 2020):

The upstream Bitwarden (and therefore bitwarden_rs as well) does not currently support "sharing" in the typical sense where the user retains ownership. When a user shares an item, they are actually transferring ownership of that item to an organization. Using collections, there are various ways to restrict access to certain items within an organization.

If your use case can fit into this sharing model, the closest solution is probably to create a CI user that has read-only access to certain collections, and then use the Bitwarden CLI to access those items.

@jjlin commented on GitHub (Feb 6, 2020): The upstream Bitwarden (and therefore bitwarden_rs as well) does not currently support "sharing" in the typical sense where the user retains ownership. When a user shares an item, they are actually transferring ownership of that item to an organization. Using collections, there are various ways to restrict access to certain items within an organization. If your use case can fit into this sharing model, the closest solution is probably to create a CI user that has read-only access to certain collections, and then use the [Bitwarden CLI](https://help.bitwarden.com/article/cli/) to access those items.

kerem commented

2026-03-03 02:01:14 +03:00

Author

Owner

@Roemer commented on GitHub (Feb 9, 2020):

Just figured out how to do the read-only collection acccess. Guess I would go with that. I'll close this as this is probably something that should be discussed in the upstream first.

@Roemer commented on GitHub (Feb 9, 2020): Just figured out how to do the read-only collection acccess. Guess I would go with that. I'll close this as this is probably something that should be discussed in the upstream first.