# Bitwarden — Open Source Password Manager for Teams > Bitwarden is the leading open-source password manager with cloud sync. It provides end-to-end encrypted credential storage across all devices — web, desktop, mobile, browser, and CLI — with free personal use and affordable team/enterprise plans. ## Install Save as a script file and run: # Bitwarden — Open Source Password Manager for Teams ## Quick Use ```bash # Install Bitwarden CLI npm install -g @bitwarden/cli # Login bw login # List vault items bw list items # Get a specific password bw get password "Gmail" # Generate a password bw generate -ulns --length 24 # Self-host with Vaultwarden (lightweight) docker run -d -p 8080:80 -v bw-data:/data vaultwarden/server ``` ## Introduction Bitwarden is the most popular open-source password manager with cloud synchronization. It provides end-to-end encrypted password storage that syncs across all your devices — desktop, mobile, browser extensions, web vault, and CLI. Unlike proprietary alternatives, Bitwarden client code is fully open source and audited. With over 13,000 GitHub stars (clients repo) and millions of users, Bitwarden offers a free tier for personal use, affordable team plans, and enterprise features. For self-hosters, Vaultwarden provides a lightweight, community-maintained server implementation. ## What Bitwarden Does Bitwarden stores passwords, credit cards, notes, and identities in an end-to-end encrypted vault. Your master password never leaves your device — encryption and decryption happen client-side. The server only stores encrypted blobs. This means even Bitwarden (or your self-hosted server) cannot read your passwords. ## Architecture Overview ``` [Bitwarden Clients] Web vault, Desktop (Electron), Mobile (iOS/Android), Browser extensions, CLI | [Client-Side Encryption] PBKDF2/Argon2 key derivation AES-256-CBC encryption HMAC-SHA256 verification | [Encrypted Vault Data] Only ciphertext leaves device | +-------+-------+ | | [Bitwarden Cloud] [Self-Hosted] Managed servers Vaultwarden US/EU data centers (Rust, lightweight) SOC2, GDPR Docker, 10MB RAM ``` ## Self-Hosting & Configuration ```bash # Self-host with Vaultwarden (recommended for self-hosting) docker run -d --name vaultwarden \ -e DOMAIN=https://bw.example.com \ -e SIGNUPS_ALLOWED=false \ -e ADMIN_TOKEN=your-secure-token \ -v /opt/vaultwarden/data:/data \ -p 8080:80 \ vaultwarden/server:latest # Put behind Nginx/Caddy with HTTPS # Caddy example: # bw.example.com { # reverse_proxy localhost:8080 # } ``` ```bash # CLI for automation # Unlock vault export BW_SESSION=$(bw unlock --raw) # Create a login item bw create item "$(echo '{}' | bw encode)" <<< '{ "type": 1, "name": "Server SSH", "login": { "username": "admin", "password": "generated-password" } }' # Export vault (encrypted) bw export --format encrypted_json --output backup.json # Use in scripts DB_PASS=$(bw get password "Production Database") ``` ## Key Features - **End-to-End Encryption** — zero-knowledge architecture, client-side crypto - **Cross-Platform** — web, desktop, mobile, browser, and CLI clients - **Free Tier** — unlimited passwords for personal use - **Organizations** — shared vaults for teams with access controls - **Passkeys** — FIDO2/WebAuthn passwordless authentication support - **Send** — securely share text and files with expiring links - **Self-Hostable** — Vaultwarden for lightweight self-hosting - **Audited** — regular third-party security audits by Cure53 ## Comparison with Similar Tools | Feature | Bitwarden | 1Password | KeePassXC | LastPass | Dashlane | |---|---|---|---|---|---| | Open Source | Yes (clients) | No | Yes (full) | No | No | | Cloud Sync | Yes | Yes | Manual | Yes | Yes | | Free Tier | Yes (generous) | No | Free (local) | Yes (limited) | Yes (limited) | | Self-Host | Vaultwarden | No | N/A (local) | No | No | | Passkeys | Yes | Yes | No | Yes | Yes | | Family Plan | $3.33/mo | $4.99/mo | Free | $4/mo | $4.99/mo | | Breach Alerts | Yes | Yes (Watchtower) | HaveIBeenPwned | Yes | Yes | ## FAQ **Q: Bitwarden vs 1Password — which is better?** A: Bitwarden for open-source transparency, free tier, and self-hosting. 1Password for slightly more polished UX, Watchtower breach monitoring, and enterprise features. Both are excellent and secure. **Q: What is Vaultwarden?** A: Vaultwarden is a community-maintained, lightweight Bitwarden-compatible server written in Rust. It uses 10MB RAM vs 2GB+ for the official server, making it perfect for self-hosting on small VPS or Raspberry Pi. **Q: Is the free tier really unlimited?** A: Yes. Free personal accounts get unlimited passwords, unlimited devices, a password generator, and basic 2FA. Premium ($10/year) adds TOTP authenticator, encrypted file attachments, and vault health reports. **Q: How do I migrate from another password manager?** A: Export from your current manager (CSV or JSON), then import into Bitwarden via Settings > Import Data. Bitwarden supports imports from 50+ password managers. ## Sources - GitHub: https://github.com/bitwarden/clients - Server: https://github.com/bitwarden/server - Vaultwarden: https://github.com/dani-garcia/vaultwarden - Website: https://bitwarden.com - License: GPL-3.0 (clients), AGPL-3.0 (server) --- Source: https://tokrepo.com/en/workflows/878e74e6-372b-11f1-9bc6-00163e2b0d79 Author: Script Depot