ScriptsApr 13, 2026·3 min read

Bitwarden — Open Source Password Manager for Teams

Bitwarden is the leading open-source password manager with cloud sync. It provides end-to-end encrypted credential storage across all devices — web, desktop, mobile, browser, and CLI — with free personal use and affordable team/enterprise plans.

SC
Script Depot · Community
Quick Use

Use it first, then decide how deep to go

This block should tell both the user and the agent what to copy, install, and apply first.

# Install Bitwarden CLI
npm install -g @bitwarden/cli

# Login
bw login

# List vault items
bw list items

# Get a specific password
bw get password "Gmail"

# Generate a password
bw generate -ulns --length 24

# Self-host with Vaultwarden (lightweight)
docker run -d -p 8080:80 -v bw-data:/data vaultwarden/server

Introduction

Bitwarden is the most popular open-source password manager with cloud synchronization. It provides end-to-end encrypted password storage that syncs across all your devices — desktop, mobile, browser extensions, web vault, and CLI. Unlike proprietary alternatives, Bitwarden client code is fully open source and audited.

With over 13,000 GitHub stars (clients repo) and millions of users, Bitwarden offers a free tier for personal use, affordable team plans, and enterprise features. For self-hosters, Vaultwarden provides a lightweight, community-maintained server implementation.

What Bitwarden Does

Bitwarden stores passwords, credit cards, notes, and identities in an end-to-end encrypted vault. Your master password never leaves your device — encryption and decryption happen client-side. The server only stores encrypted blobs. This means even Bitwarden (or your self-hosted server) cannot read your passwords.

Architecture Overview

[Bitwarden Clients]
Web vault, Desktop (Electron),
Mobile (iOS/Android),
Browser extensions, CLI
        |
   [Client-Side Encryption]
   PBKDF2/Argon2 key derivation
   AES-256-CBC encryption
   HMAC-SHA256 verification
        |
   [Encrypted Vault Data]
   Only ciphertext leaves device
        |
+-------+-------+
|               |
[Bitwarden Cloud] [Self-Hosted]
Managed servers   Vaultwarden
US/EU data centers (Rust, lightweight)
SOC2, GDPR       Docker, 10MB RAM

Self-Hosting & Configuration

# Self-host with Vaultwarden (recommended for self-hosting)
docker run -d --name vaultwarden \
  -e DOMAIN=https://bw.example.com \
  -e SIGNUPS_ALLOWED=false \
  -e ADMIN_TOKEN=your-secure-token \
  -v /opt/vaultwarden/data:/data \
  -p 8080:80 \
  vaultwarden/server:latest

# Put behind Nginx/Caddy with HTTPS
# Caddy example:
# bw.example.com {
#   reverse_proxy localhost:8080
# }
# CLI for automation

# Unlock vault
export BW_SESSION=$(bw unlock --raw)

# Create a login item
bw create item "$(echo '{}' | bw encode)" <<< '{
  "type": 1,
  "name": "Server SSH",
  "login": {
    "username": "admin",
    "password": "generated-password"
  }
}'

# Export vault (encrypted)
bw export --format encrypted_json --output backup.json

# Use in scripts
DB_PASS=$(bw get password "Production Database")

Key Features

  • End-to-End Encryption — zero-knowledge architecture, client-side crypto
  • Cross-Platform — web, desktop, mobile, browser, and CLI clients
  • Free Tier — unlimited passwords for personal use
  • Organizations — shared vaults for teams with access controls
  • Passkeys — FIDO2/WebAuthn passwordless authentication support
  • Send — securely share text and files with expiring links
  • Self-Hostable — Vaultwarden for lightweight self-hosting
  • Audited — regular third-party security audits by Cure53

Comparison with Similar Tools

Feature Bitwarden 1Password KeePassXC LastPass Dashlane
Open Source Yes (clients) No Yes (full) No No
Cloud Sync Yes Yes Manual Yes Yes
Free Tier Yes (generous) No Free (local) Yes (limited) Yes (limited)
Self-Host Vaultwarden No N/A (local) No No
Passkeys Yes Yes No Yes Yes
Family Plan $3.33/mo $4.99/mo Free $4/mo $4.99/mo
Breach Alerts Yes Yes (Watchtower) HaveIBeenPwned Yes Yes

FAQ

Q: Bitwarden vs 1Password — which is better? A: Bitwarden for open-source transparency, free tier, and self-hosting. 1Password for slightly more polished UX, Watchtower breach monitoring, and enterprise features. Both are excellent and secure.

Q: What is Vaultwarden? A: Vaultwarden is a community-maintained, lightweight Bitwarden-compatible server written in Rust. It uses 10MB RAM vs 2GB+ for the official server, making it perfect for self-hosting on small VPS or Raspberry Pi.

Q: Is the free tier really unlimited? A: Yes. Free personal accounts get unlimited passwords, unlimited devices, a password generator, and basic 2FA. Premium ($10/year) adds TOTP authenticator, encrypted file attachments, and vault health reports.

Q: How do I migrate from another password manager? A: Export from your current manager (CSV or JSON), then import into Bitwarden via Settings > Import Data. Bitwarden supports imports from 50+ password managers.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

ZeroMQ — High-Performance Asynchronous Messaging Library

ZeroMQ (0MQ) is a high-performance asynchronous messaging library for distributed applications. It provides socket-like abstractions for message passing patterns — pub/sub, request/reply, push/pull — without the complexity of a full message broker.

Script Depot

Redpanda — Kafka-Compatible Streaming Platform Without JVM

Redpanda is a Kafka-compatible streaming data platform written in C++. It is a drop-in replacement for Kafka that is simpler to operate — no JVM, no ZooKeeper, single binary deployment — with lower latency and built-in schema registry.

Script Depot

Apache Pulsar — Cloud-Native Distributed Messaging and Streaming

Apache Pulsar is a cloud-native distributed messaging and streaming platform. It combines the best of traditional messaging (like RabbitMQ) with streaming (like Kafka) — providing multi-tenancy, geo-replication, and tiered storage in a single system.

Script Depot
Home🔍Search👤Me