The Bitwarden Blog
Tactical security plan for a new team using Bitwarden
August 9, 2022
When most people think about password managers, they think of individual users who work with a single tool to securely lock their credentials away from prying eyes. Every good password manager does that and adds features like random password generators into the mix to make it even easier, not only to safeguard those credentials, but also create and save strong and unique passwords for accounts.
But the best password managers available also make it possible for a team to share a single vault that can house more than just passwords. Those types of password managers make it such that a team can:
- Share credit cards.
- Share sensitive procedures (via secure notes).
- Share login information.
- Create shared spaces (Organizations) to house related information.
- Send sensitive information to users outside the team.
- Pair emergency access should a team member lose access to their vault.
For anyone who's used Bitwarden, it should come as no surprise that those features are all baked into the app. With Bitwarden, you can safely share information with your teams, family, or friends. The nice thing about it is that even after you've shared the information, the recipients only have access to what you've shared (not your entire vault). That means you can always use Bitwarden for both private and team usage and the two will never interact (unless you give permission).
Let me walk you through a simple example of creating an Organization within Bitwarden and then sharing that Organization with a team member.
Before we continue on, know that Organizations have different feature sets according to your plan. Here's the breakdown:
- Free - limited to 2 users and 2 Collections.
- Families - share with up to 6 users and unlimited Collections ($40/year).
- Teams - share with unlimited users and unlimited Collections ($3/user/month).
- Enterprise - share with unlimited users and unlimited Collections ($5/user/month)
One thing to keep in mind is that Organizations can only be created within the web-based version of Bitwarden. You cannot create Organizations with either the desktop or mobile application. With that in mind, log into your Bitwarden account via your web browser of choice and click Organizations at the top (Figure 1).
Figure 1: The Bitwarden web-based interface is where Organizations are created
Click the drop-down associated with your primary organization name (which could be your name or your company name) and then click + New Organization (Figure 2).
Figure 2: Creating a new Organization in Bitwarden
Once you've created your Organization, it will show up on the main page under All Vaults. Click that Organization and you'll see that it includes zero items (Figure 3). Let's fix that.
Figure 3: We now have a new Organization ready to house items (although it's blurred out here)
Let's get creative. You already know how to create password entries for your various credentials. But let's say you're working on a team of container developers and need to save secrets that will be used in your deployments (such as security keys for APIs or various services). For that, you could create a new Secure Note. When you go to create a new item, click Secure Note from the Type drop-down (Figure 4), and give the new item a name that will indicate what it's for. Under the Notes section, paste the key.
Figure 4: Creating a Secure Note to be saved in our new Organization
You could also create a custom field that can include either text, hidden, or boolean content. Select an owner for the item (the Organization that will house it), add it to a collection (which is required) and even require a master password reprompt (for heightened security).
Save the new item and you are ready to share.
One thing to keep in mind is that you must add an item to a Collection and you should create a Collection to be used specifically for that Organization. To create a new Collection go to Organizations, click Collections, and then click + New Collection. Once you've created a collection, you can add Organization items to it that are then shareable without worrying about another team member having access to your primary vault.
So you have all your items added to the Organization and a specific Collection. To share this, go to Organizations > Manage > People. In the resulting window (Figure 5), click + Invite User.
Figure 5: The People manager within Bitwarden
In the resulting window, fill out/configure the necessary information, making sure to select the correct Collection at the bottom (Figure 6).
Figure 6: Inviting a team member to access your new Collection
Click Save when you're finished, and the invite will be sent. Once the user accepts the invitation, they'll have access to the Collection.
Because of the sensitive nature of the information stored with your Vaults and Collections, I highly recommend you not only require a re-typing of the Master Password for every shared item but also set user access controls to read only for most of these shares. You don't want to give write permission to a user who could mistakenly alter items you've shared.
Jack Wallen is an award-winning author and avid supporter of open source technologies. He has covered open source, Linux, security, and more for publications including TechRepublic, CNET, ZDNet, The New Stack, Tech Target and many others since the 1990s in addition to writing over 50 novels.
Back to Blog