The Bitwarden tech stack: Built for security and scalability

Security is only as strong as the infrastructure behind it, and Bitwarden has built a technology stack to match. The tech stack needs to meet two demands: it must support the infrastructure behind every Bitwarden product across server, browser, mobile, and desktop, and it must meet stringent security requirements at every layer.

Bitwarden selects tools and platforms with a security-first vision across open source and commercial technologies. Millions of users and enterprises around the world trust Bitwarden to protect their online information. This blog provides an overview of the technologies in use.

The Bitwarden codebase launched on GitHub in August 2016 and remains available for anyone to view and contribute to, providing absolute transparency into the software solution. This open source foundation is central to how Bitwarden builds trust. Bitwarden also undergoes regular third-party security audits to validate the integrity of the codebase and infrastructure. This open source foundation, combined with independent verification, is central to how Bitwarden builds trust.

Visual Studio Code is a preferred integrated development environment (IDE) for the Bitwarden development workflow. Bitwarden selects programming languages based on the demands of each platform:

• C# powers core backend services and integrates seamlessly with the .NET ecosystem, making it an ideal choice for building secure, high-performance applications and APIs.

• JavaScript creates dynamic user interfaces and ensures a consistent experience across web and desktop environments. Technologies like Electron allow developers to reuse code and deliver a unified interface across operating systems.

• Swift powers iOS development, and Kotlin drives the Android app. These platform-specific languages take full advantage of each mobile operating system, providing users with fast, secure, and feature-rich experiences.

These languages and frameworks run on a server-side foundation that handles data processing, storage, and access control.

ASP.NET Core, a free, open source framework for building web apps and services, provides the foundation for server-side development at Bitwarden. This cloud-enabled framework streamlines backend logic and database interactions on top of the .NET open source developer platform.

Microsoft SQL Server powers transaction processing and analytics while integrating data across services at scale. SQL Server is compatible with .NET, making it a natural fit for the Bitwarden architecture.

SQL Server also enables Bitwarden to offer self-hosting, giving security-conscious users and enterprises full control over how and where their password management solution gets deployed within existing infrastructure.

With the core architecture in place, Bitwarden runs these services on Microsoft Azure, with no physical infrastructure to manage or maintain. Azure Kubernetes Service supports containerized workloads, enabling Bitwarden to scale services independently and handle load balancing across the infrastructure. Deployment automation tools and leading cloud native standards from CNCF streamline maintenance processes and reduce overhead.

Amazon Web Services (AWS) provides cloud email services, and SendGrid assists in transmitting emails to ensure users receive important account information. Both AWS and Azure offer the flexibility to scale server resources up or down as demand shifts, allowing Bitwarden to maintain consistent performance during traffic spikes and growth.

To observe and optimize this infrastructure, Bitwarden uses Cloudflare DNS for performant and resilient DNS resolution. Fastly handles edge security, routing, caching, and delivery, and its flexible architecture helps Bitwarden iterate quickly while ensuring an excellent user experience.

For performance monitoring and maximum application uptime, Bitwarden uses Datadog observability software. Datadog provides IT security and DevOps teams with real-time alerts to anomalies in the application infrastructure.

On the client side, Bitwarden delivers applications tailored to each operating system.

Desktop: Electron, an open source, cross-platform framework compatible with JavaScript, HTML, and CSS, supports the Bitwarden desktop application. Electron allows the application to execute seamlessly across Windows, macOS, and Linux from a single codebase, simplifying cross-platform deployment and maintenance.

Mobile: The Bitwarden mobile apps are developed in native languages for their respective operating systems: Swift for Apple iOS and Kotlin for Android. Using native languages improves performance, resulting in a snappier UI, faster screen transitions, and responsive button interactions. These applications also take advantage of platform-specific enhancements to security, privacy, and other integrated features in the mobile operating systems.

Each of the technology choices above is selected not just for current needs but for the ability to grow. Bitwarden addresses scalability through deliberate architectural decisions:

• Azure Kubernetes Service allows services to scale independently based on demand.

• Microservices architecture breaks the application into smaller, independent components that can be scaled separately for greater efficiency.

• Caching strategies store frequently accessed data in memory, reducing load on databases.

• Deployment automation ensures that scaling processes remain consistent as the infrastructure grows.

A well-designed technology stack adjusts as the organization and user base grow, and Bitwarden continuously evaluates each area to ensure performance keeps pace with demand.

Ready to level up your security with Bitwarden? Register today for a free Bitwarden account, or begin a 7-day free trial of business plans to protect your team and organization online.