12 comments

[ 3.0 ms ] story [ 14.9 ms ] thread
BitWarden Secrets Manager is now GA.

Sadly no self hosting until the $12/month tier but still very exciting!

https://bitwarden.com/products/secrets-manager/#pricing

It's weird that it's open source, but you can't self-host it unless you pay. How does that work?

"Today, Bitwarden announces the general availability of Bitwarden Secrets Manager, an open source, end-to-end encrypted solution that empowers development teams to easily store, manage, automate, and share secrets at scale."

At least part of the source code seems to be here: <https://github.com/bitwarden/server/tree/master/src/Core/Sec...>.

The license is not clear to me: is the Secret Manager a “Bitwarden server”, or is it “Commercial.Core”? <https://github.com/bitwarden/server/blob/master/LICENSE_FAQ....>.

I hope Bitwarden don’t follow the recent “open source but only if you pay and we unilaterally terminate the contract with you if you exercise the terms of the open source license” approach RedHat is doing lately.

I'm confused since I self host vaultwarden and it works great, what is bitwarden adding?
And it also seems like vaultwarden has no interest in implementing the functionality?

I don't get why they don't do a clean-room implementation if they're so worried about licenses..

https://github.com/dani-garcia/vaultwarden/discussions/3368

I imagine the issue is maybe more on the UI end.

If the UI isn't included in the open source offering, then vaultwarden is going to need to build it out themselves.

Their reply mentions it's not in the open source web vault. This aligns with some of the enterprise policies that they've not implemented, in their wiki they're called out for the UI not being open source.

It's not open source; it's under a different license unlike the rest of bitwarden which is GPL
Somewhat sad to see this isn't open source. I hope that Bitwarden isn't regretting their decision to open source their password manager. I self host Vaultwarden, but intentionally purchase a full license from Bitwarden every year, as do a couple other folks I know.
I think the source might be here [1]. And this repo (clients) have this LICENCE.md file [2] which says that

> Source code in this repository is covered by one of two licenses: (i) the GNU General Public License (GPL) v3.0 (ii) the Bitwarden License v1.0. The default license throughout the repository is GPL v3.0 unless the header specifies another license. Bitwarden Licensed code is found only in the /bitwarden_license directory

Now the secret manager is in the `bitwarden_license` directory so it is not a GPL covered product and not open source but covered by BITWARDEN LICENSE AGREEMENT [3]. It does not allow you to use it as OSS.

[1] https://github.com/bitwarden/clients/tree/master/bitwarden_l...

[2] https://github.com/bitwarden/clients/blob/master/LICENSE.txt

[3] https://github.com/bitwarden/clients/blob/master/LICENSE_BIT...

(comment deleted)