Bitwarden offline credentials
0 vote
Hi,
in my Remote Desktop Manager instance, I try not to keep any passwords stored directly in RDM, but I am using the Bitwarden credentials option and have them connected to individual entries. This works great as long as of course, I have access to the Bitwarden vault. The issue becomes when I have to connect to another network via a VPN that cuts off access to my Bitwarden instance (this can be due to a very strict VPN policy on some networks - cuts off internet access, or in my case the on-premise Bitwarden address overlaps with the VPN local network mapping). In either case, the connection to Bitwarden is lost and the credentials can no longer be accessed on demand.
I would like to request an offline Bitwarden credential feature. This could maybe implemented as a setting on the Bitwarden credential entry, that allows the credential to be stored locally for the time of the session. I would presume that this is technically possible as this is how the Bitwarden desktop application and browser extension work - if access to the server is lost the credentials are still available, but the vault password is still required to unlock the vault. The credentials should be "downloaded" on RDM start and stored in a temporary application cache in case the connection to the Bitwarden server drops.
This would greatly improve the usability of RDM in my case, as most of the connections in my RDM require a VPN connection to another network.
If any other alternative methods are viable that I don't know of, please inform me.
Kind regards,
Ambrož Tičar
All Comments (2)
Hello,
At the moment, this is not possible. Due to the way our integration is currently made, it requires making API calls to the Bitwarden server to fetch the credentials. We would have to investigate to see how Bitwarden's desktop application and browser extension achieve this, but it's not simple. We will add this to our todo list but I can't give you an estimate on when we will be able to work on this.
Regards,
Hubert Mireault
Maybe I have the wrong idea, but if I were to implement this feature, I would go about it like this:
- on start-up check Bitwarden entries for the "offline" mode option
- make a "retrieve credentials" call to the api for these entries - same as it is done when clicking on a bitwarden entry or launching a RDP connection with the connected bitwarden entry
- store the credentials in a secure maner in the system memory or disk for the duration of the session/application runtime
- prefer the "fresh" data from the bitwarden server if the connection is possible, otherwise use the cached credentials
I hope this is of any help. Please keep me posted on this issue, if any progress or decision is made, I know that it is probably not as simple and fast to implement as described above.