Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[META] Feature Requests #246

Open
37 of 61 tasks
dani-garcia opened this issue Nov 9, 2018 · 248 comments
Open
37 of 61 tasks

[META] Feature Requests #246

dani-garcia opened this issue Nov 9, 2018 · 248 comments
Labels
enhancement New feature or request help wanted Extra attention is needed notes Used for notes or meta issues

Comments

@dani-garcia
Copy link
Owner

dani-garcia commented Nov 9, 2018

To avoid cluttering the issue tracker with feature requests, please comment any requests here and we'll keep a list.

When available, I've linked a related issue or comment to add context to the request.

Authentication

Database support

Admin page

Security

Docker images

Other

If anyone wants to help implementing these features, we are available here or on the matrix channel to help guide you as much as we can.

@quthla
Copy link

quthla commented Dec 22, 2018

What is needed for #241? Seems somebody already posted the needed changes in the corresponding issue so that could maybe be integrated?

@dani-garcia
Copy link
Owner Author

Yes, someone would have to check those changes, see what can be integrated into the project directly (possibly a config option for the mount point) and create the documentation on how to configure the vault, proxy, etc.

@mprasil
Copy link
Contributor

mprasil commented Jan 15, 2019

@dpffxhad added it to the list

@Peneheals
Copy link

It would be great to see an (admin) feature which can help sysops to test mailing functionality. Maybe somewhere a button which can send a test e-mail to the actual user's address and which gives back a fail/success message after the action.

@mprasil
Copy link
Contributor

mprasil commented Jan 16, 2019

Good idea @Peneheals, @njfox what do you think?

@p-rintz
Copy link

p-rintz commented Jan 16, 2019

Would it be possible to introduce 2FA auth to the /admin panel as well?

@njfox
Copy link
Contributor

njfox commented Jan 16, 2019

Good idea @Peneheals, @njfox what do you think?

I also think that's a good idea, and it shouldn't be too difficult to implement. I can look at adding the necessary API endpoints once I find some time, or knowing @dani-garcia he'll probably get to it first

@dani-garcia
Copy link
Owner Author

dani-garcia commented Jan 16, 2019

About 2fa:
To do this, we'll need to implement it separately from the already existing 2fa code. I'm not sure if for this case it's worth it to implement multiple 2fa systems, so I would think just totp and maybe email would be good enough.

That said, this would require some changes to the admin page to input the 2fa code: we can't just ask for it at the start because it changes every 30 seconds .

Edit: About the email, as a workaround, you can invite yourself to test if it works for now, but it would be great to add

@dani-garcia dani-garcia pinned this issue Jan 25, 2019
@chinenual
Copy link

chinenual commented Feb 2, 2019

I am having trouble getting an Apache reverse-proxy to work in my organization. For various reasons, I can't create a new subdomain for bitwarden - i need to run it as https://my.proxy.domain/bitwarden forwarding to localhost running http on a non-standard port. However I cannot find a way to get Apache's mod_proxy to proxy from /bitwarden context to root context. For other applications I'm able to create proxies to as long as the target application uses a non-root context.

I.e. I want to do this:

https://my.proxy/bitwarden <-> http:/localhost:1234

I can get other apps to work if the internal app uses non-root context -- e.g.

https://my.proxy/acontext <-> http:/localhost:1234/anothercontext

Can bitwarden_rs be configured to listen to /bitwarden_rs or /bitwarden instead of / ? If not, can someone help in constructing apache mod_proxy / mod_rewrite rules to proxy the bitwarden_rs root context from a non-root proxy context?

@mprasil
Copy link
Contributor

mprasil commented Feb 2, 2019

@chinenual see #71. The TL/DR is that while bitwarden_rs doesn't mind serving from a sub path, client apps don't support that. There was some effort modifying the Vault code to allow this, but I haven't seen anyone reporting that they got it working.

@chinenual
Copy link

Thanks @mprasil - I'll keep my eye on upstream client support and check back here if/when it's supportable.

@quthla
Copy link

quthla commented Feb 2, 2019

@mprasil I think only the web vault needs some patching (which has already been done?)

#241 (comment)

I changed the path in the android app and it'll correctly call api at that path.

"POST /bw/api/accounts/prelogin HTTP/1.1"

@mprasil
Copy link
Contributor

mprasil commented Feb 3, 2019

Good to know @quthla, are you sure all functionality is present in the mobile client apps - like attachments. (also this probably still rules out using the official desktop app?)

@technowhizz
Copy link

technowhizz commented Aug 24, 2021

@technowhizz I am willing to work on that, but would not specifically target google OIDC. It will be possible if the generic support is there though. I will still need some pointers on where to start though. I cannot allocate enough time to dig deep without any pointers.

Any one down to help with pointers? :)

@ibotty to start theres an oauth module for rust here: https://docs.rs/crate/oauth2/4.1.0

@vivithecanine
Copy link

It would be nice to have a container config that bundled a proxy so that we could have an all-in-one container that provides static content hosting + the web application + websockets.

@Miarka24
Copy link

Miarka24 commented Sep 22, 2021

Hi, I first have to say in my two days investigating opensource passwordmanagers for my company vaultwarden is clearly in the lead right now, I have compared it to Passbolt and PSONO, we are a small company but secure passwords and password management is getting more and more important.
I have noticed two things I would love to have, as far as I can say those are not implemented in bitwarden either.
Ultimately both try to achieve a similar thing: prevent users to delete entries but allow them to update entries/passwords.

Considering company Passwords and sharing them with users added to the company there are currently two options for normal Users: "hide passwords" and "read only".
I´d love an additional option "update", this would allow users to update passwords but prevent them from deleting entries.

The other option is similar, but eventually easier to implement, keep everything as is but prevent normal users from accessing organizations recycle bin, this way it is not possible for a user to completely remove an entry. Managers/Admins would have 30days to recover deleted entries.

Maybe I have missed something and what I am requesting is already possible in some way, if so I´d be happy for some pointers :).

MfG/Best regards
Jonas Stunkat

@alfonsrv
Copy link

Likely not to be implemented @Miarka24. Use database backups.

@Miarka24
Copy link

Well backups are the bread and butter of course, but having this option wouldn´t hurt.
I am thinking about cases where you have many MANY passwords but some of them you dont use regularly, if a password like this gets deleted from the recycle bin too, it would be hard to notice and looking through the backups could become a pain.
I have read there is a feature request for an audit log, that could help if deletions are logged.

@NoseyNick
Copy link

Seeing as you mentioned backups...

I assume it is almost by definition impossible to carefully restore individual passwords from a backup, because they are all so nicely encrypted you wouldn't even know which is which, never mind which to restore? How about restoring individual users and/or organizations one at a time? ... but even then, presumably "restore entire user to a point in time" with obvious risk of losing ones that were added after the backup as well?

@BlackDex
Copy link
Collaborator

@Miarka24 @NoseyNick.
I think point 1 is more something for upstream Bitwarden.
There need to be client side support for that too.

Point 2, depending on what rights you give people to the org. You can give them read only access, while they can still share passwords and use them they can't delete them for an org.

Building both options into Vaultwarden would require significant work and new special options on the server side which we try to minimize as much as possible to keep as close as possible to Bitwarden.

Regarding restoring separate entries, that is in theorie possible, as long as the security keys aren't changed of the org, or for users, if they didn't rotated there key or changed there password.

Having backups is probably the best thing to do. You can just start a separate Vaultwarden container using the backup and try to find it.

@NoseyNick
Copy link

can just start a separate Vaultwarden container using the backup and try to find it.

Aha! Hadn't occurred to me but really good point, and certainly sounds easier than meddling with individual database records and stuff. Thanks!

@Miarka24
Copy link

@BlackDex
I don´t know about client support, wouldn´t it be the same as read-only? Even the same error message could be applied.
Regarding the code changes, that may be true I´didnt look too deep into the code.
Read-only is definitiv an option, but it has its own problems, if a user has the password, the user probably can change the password but will not be able to change it in the database. It would be similar to a deleted password or even worse.

But regardless, if this project is set up to follow bitwarden closely, I will respect that and hope bitwarden will introduce something similar in the future.

@S1M8N
Copy link

S1M8N commented Oct 3, 2021

Hello,
This is very important :

image

Do you have any idea when the configurable option will arrive ?

Thank you for your information

@JBFUK
Copy link

JBFUK commented Oct 7, 2021

Live sync for iOS devices please.

@BlackDex
Copy link
Collaborator

BlackDex commented Oct 7, 2021

Hello, This is very important :

image

Do you have any idea when the configurable option will arrive ?

Thank you for your information

I am a bit against that. Because that could be used as a DoS feature. If i know your username and your host, i will just try random passwords and bam your account is locked.

I would suggest to use something like Fail2Ban, or some kind of WAF provided by the reverse proxy.

@BlackDex
Copy link
Collaborator

BlackDex commented Oct 7, 2021

Live sync for iOS devices please.

Probably not going to happen in the near future.
This needs a API-Key from Bitwarden, and also the usage of there services.

@NoseyNick
Copy link

I am a bit against that. Because that could be used as a DoS feature. If i know your username and your host, i will just try random passwords and bam your account is locked.

I am amazed at how few people recognise this. I remember a previous employer proudly announcing that your account will be locked out after 3 login failures, and you'd need to ask IT Helldesk to unlock you. "For security reasons". My immediate question was "So how long until someone writes something that fails to log in as [CEO]@[COMPANY].com every minute? This is a SECURITY feature?"

Well so is the "locked safe dropped to the bottom of the mariannas trench" thing but come on!

However some (extremely stoopid) regulatory frameworks require this functionality, which is presumably why upstream has implemented it. Best compromise is usually "lock for N minutes and then unlock"

And in the case of [CEO]@[COMPANY].com, or anyone else @[COMPANY].com, it turns out that it doesn't need a skript kiddie to do this maliciously, just someone, almost everyone, including [CEO], to change their password but forget to update it on some email client somewhere that checks for new mail every N minutes. (Or in our case presumably the BitWarden client on their phone / laptop / other desktop)

... and THEN they learn that IP-specific fail2ban / similar is a better idea after all, so it doesn't block the devices you have updated, and almost certainly meets the same regulatory requirement. 🙈

@ninjamonkey198206
Copy link

ninjamonkey198206 commented Oct 14, 2021

I deleted my previous request, as I worded it I correctly.

The ability to create nested folders and move passwords between them inside organizations would be a wonderful addition.

It would also be wonderful to be able to share entire folders, not just individual entries with organizations, though that would rely on the folder capabilities.

Edit: After reading other posts and comments I realize this is likely an upstream thing. They essentially have to functionally have organizations as shared vaults rather than a separate function.

@hellfish2
Copy link

hellfish2 commented Oct 20, 2021

Please consider adding granular access
Captura de Pantalla 2021-10-20 a la(s) 17 58 22

@p3lim
Copy link

p3lim commented Oct 21, 2021

Please considering supporting the Admin Password Reset feature, including the organization policies for automatic (forceful) enrollment.

@zocimek

This comment has been minimized.

@Nuc1eoN
Copy link

Nuc1eoN commented Nov 1, 2021

Hi, I would like to request a feature to support deduplication of password entries. This is the major pain point for me with vaultwarden.

I've imported passwords from many different browsers and sources and this has created a mess, in which I have every password duplicated about 5 times.
Also it is not easy to manually bulk delete or even compare entries. It is an impossible task for hundreds of passwords to review each entry manually and delete the dupes.

Other pw managers like lastpass do this automatically.

So far there are only workarounds to this problem e.g. https://hwrrobotics.com/2020/11/02/duplicate-password-remover-for-bitwarden/ or https://gist.github.com/giabao/f4c3de705f1d7f2c1fd0cde02e7b841d

And I am not even talking about deleteting/tyding up similar entries (which would be nice), but simply removing obvious 1:1 dupes.

@BlackDex
Copy link
Collaborator

BlackDex commented Nov 1, 2021

Hi, I would like to request a feature to support deduplication of password entries. This is the major pain point for me with vaultwarden.

I've imported passwords from many different browsers and sources and this has created a mess, in which I have every password duplicated about 5 times. Also it is not easy to manually bulk delete or even compare entries. It is an impossible task for hundreds of passwords to review each entry manually and delete the dupes.

Other pw managers like lastpass do this automatically.

So far there are only workarounds to this problem e.g. https://hwrrobotics.com/2020/11/02/duplicate-password-remover-for-bitwarden/ or https://gist.github.com/giabao/f4c3de705f1d7f2c1fd0cde02e7b841d

And I am not even talking about deleteting/tyding up similar entries (which would be nice), but simply removing obvious 1:1 dupes.

That is something for the clients. See https://community.bitwarden.com/t/duplicate-removal-tool-report/648

@Luis-Lourenco

This comment has been minimized.

@romu70
Copy link

romu70 commented Nov 11, 2021

Could you please add the wait-for-it script in the Dockerfile, to poll the availability of the DB? The current container stops when the DB is not available. It would be great if it could simply wait.

@BlackDex
Copy link
Collaborator

@romu70 If you are using docker-compose you can configure it to have vaultwarden depend on the database container.
You can also configure the DB_CONNECTION_RETRIES variable to be increased, every retry is a second.
Or you can add a script like that your self by following this: https://github.com/dani-garcia/vaultwarden/wiki/Starting-a-Container#customizing-container-startup

@lzinga
Copy link

lzinga commented Nov 11, 2021

I use vault warden by myself and don't need any organizations, it would be nice to be able to disable organizations and have it remove the prompts for it -
image

As the only individual that will be using my locally hosted vault I will not be needing organizations any time soon and it would be nice to remove it from the interface.

@p3lim
Copy link

p3lim commented Nov 11, 2021

@lzinga the web interface is not made by vaultwarden, it's the official one, vaultwarden simply includes it.

See https://github.com/bitwarden/web and https://github.com/dani-garcia/bw_web_builds

If you yourself want to hide it, use an extension like stylus.

@LecrisUT
Copy link

First of all, could this issue be converted to a discussion so that the feature request discussions can be viewed as threads. This format is so unwieldy IMO.

Otherwise I have a feature request and design I would like to post for consideration:

One/Two-way sync with keepass using asymmetric encryption

Problem being solved

Securely synchronizing a user's selected passwords with a hosted keepass database. Primarily this helps with sharing passwords with users across these different infrastructures and offer the user a trusted backup plan.

Design

  1. The user submits their S/MIME or PGP public key to vaultwarden database to be kept track of. Alternatively, use OpenPGP's WKD standard and/or any upcoming S/MIME equivalent, to get the latest valid public key.
  2. The user submits a hosted link where the .kdbx should be uploaded to, preferably via WebDAV or S3.
  3. On change, public key expiration, etc. update a local keepass database copy, encrypt it via the public key, and upload it.
  4. For the other way, the server maintains their own private key so that the user encrypts a different keepass database (could be same database but different encryption). Vaultwarden periodically pulls for changes to that file, decrypts it and synchronizes the local data.

Why the extra encryption?

  • The database could be a keeshare database that the user wants to share with other internal keepass users, e.g. shared on non-public nextcloud server. The keepass file could be shared on a public hosting provider, e.g. if vaultwarden is someone's self-hosted instance not having access to the other internal network. If the password is not known to be secure, the extra layer will deter attackers accessing the public file. The reverse also holds.
  • Assuming the public keys are hosted, it offers a centralized way of advertising one's credentials are compromised.
  • Database can be re-encrypted with rolling short-term public keys for increased security.
  • User/admin doesn't need to maintain a separate database for internal and external sharing. The database is branched out encrypted for each external link.

Other issues it can help with

Depending on which part is being tackled, partial integration of this would help with:

  • Non-asynchronous keepass database sync.
  • Additional user authentication. Same centralized advertisement of compromised credentials.

@BlackDex
Copy link
Collaborator

@LecrisUT there is a nice https://github.com/dani-garcia/vaultwarden/discussions/categories/ideas discussion categorie where you could have posted this of course.

Maybe locking this thread and pointing people to there is a good option. It was mostly intended to serve as a single location with an overview of all requests.
Regarding the post it self.
Vaultwarden does not encrypt or decrypt it self (except for jwt tokens or ssl connections). Adding that kind of a layer upon Vaultwarden would make it more harder to maintain. Also, we try to keep as close as possible to Bitwarden as we can, so I think these kind of requests are out of scope.

@BlackDex
Copy link
Collaborator

This issue is getting a bit large, and since there are discussions available for a while I'm going to lock this topic.
The first post will still be updated when needed.

If there are any feature's you currently miss, and are not mentioned in the first post already, please create a new post with your idea/request here: https://github.com/dani-garcia/vaultwarden/discussions/categories/ideas .

Thanks for all your ideas and support!

Repository owner locked as too heated and limited conversation to collaborators Nov 30, 2021
@BlackDex BlackDex added the notes Used for notes or meta issues label Oct 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request help wanted Extra attention is needed notes Used for notes or meta issues
Projects
None yet
Development

No branches or pull requests