Skip to main content

Search

Items tagged with: Bitwarden


How do you handle your secrets? #IaC #devops #ansible #terraform #opentofu #vault #openbao #bitwarden #devsecops

  • I use a CaC feature (Ansible Vault, Databags, etc) (40%, 4 votes)
  • I store them in Terraform state in clear (0%, 0 votes)
  • I store them in OpenTofu encrypted state (0%, 0 votes)
  • I store them in a secret manager (Hashicorp Vault, OpenBao, Bitwarden Secret Manager, Conjur...) (100%, 10 votes)
  • I generate secrets locally (20%, 2 votes)
  • I use something else (please comment) (0%, 0 votes)
10 voters. Poll end: in 2 days


UPDATE: Bitwarden fixed this and continues to be FOSS!
https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977

Good job, Bitwarden!

ORIGINAL TOOT:
I've been a huge fan of BitWarden for years and have gotten many people into it, based on Bitwarden being FOSS and secure.

Now if the clients aren't FOSS any more (ie they now have proprietary dependencies), then I have no idea if they're still secure or not. Strike two out of two. Time to cancel my subscription.

KeePass, here we come.

#Bitwarden #FOSS #KeePass


That #Bitwarden desktop client license bug that everyone was panicking about was fixed, by the way.

https://github.com/bitwarden/clients/issues/11611#issuecomment-2436287977


Well this is F'd. Looks like #Bitwarden may not really be open source anymore... Bummer that was a huge reason I supported it. https://github.com/bitwarden/clients/issues/11611


#bitwarden is not #opensource?

https://github.com/bitwarden/clients/issues/11611


Can't say I am surprised, but seems #Bitwarden is moving away from #OpenSource as per github.com/bitwarden/clients/issues/11611
Glad I never jumped that train and went with @keepassxc instead, when leaving the #1Password enshittification train. Still happy with that descision.

Any project with #VentureCapital involved is a warning flag. I have seen so many nice software projects go down the #enshittification path, it's not even funny.

#passwordmanager#passwordmanagers#keepass#keepassxc


#Bitwarden is no longer free software.

The new code introduces a dependency on @bitwarden/sdk-internal, whose license explicitly states that it can’t be used by any software other than Bitwarden.

That violates the freedom 0 of free software (I can do whatever I want with the source code as long as my output is also free and open).

This seems to be part of a long strategy from Bitwarden to gradually pull the rug under their “free and open” principles and turn the product into a closed product after gaining sufficient market share.

And it’s a reminder that open projects maintained by companies should never, ever, ever be trusted.

In my case I already moved to Vaultwarden a while ago. I had a hunch that Bitwarden was going in this direction, plus running 15 .NET containers on my box just to run a password manager seemed pure insanity to me.

I advise everyone to move away from Bitwarden too before it’s too late.

https://github.com/bitwarden/clients/issues/11611