When sharing passwords within an organization, ensuring those credentials remain secure is essential for managing access. Hidden passwords permissions give organizations a way to share credentials with team members while keeping the passwords themselves out of direct view.
Hidden passwords are built into the Bitwarden collection permissions system. When assigning a member or group to a collection, administrators can choose from two permission levels that keep passwords concealed:
View items, hidden passwords: Members can see and autofill items in the collection, but cannot reveal or copy passwords, hidden custom fields, or TOTP authentication seeds.
Edit items, hidden passwords: Members can also edit items, but the same restrictions on passwords, hidden custom fields, and TOTP seeds apply.
To assign hidden password permissions:
Open a collection in your vault.
Select the arrow icon next to the collection's name.
Select Access.
From the Permission dropdown menu, choose either View items, hidden passwords or Edit items, hidden passwords for the relevant group or member.
Select Save.
Credentials in these collections are essentially autofill-only, so make sure your teams are set up for autofill before enabling hidden password permissions. Consider creating dedicated collections for your most sensitive shared credentials so you can apply hidden password permissions without affecting access to other items. For more on Bitwarden autofill capabilities:
Hidden password permissions are a useful access control layer, but they are not a complete security boundary. Because autofill still works, the password value is still delivered to the browser or app — it is simply obscured within Bitwarden itself. A user with even basic technical know-how can still access the underlying password. For example, after a credential is autofilled into a login form, a user can click the eye icon in the website's password field to reveal the password in plain text. For this reason, treat hidden passwords as a convenience control that reduces casual exposure, not as a security guarantee. Rotate credentials when a team member's access is revoked, and apply the same policies you would to any other shared secret.
Tip: Further reduce user’s contact with password by utilizing the Automatic login with SSO policy for autosubmitting passwords on specified pages.
For more details on collection permissions, visit the Bitwarden help center.
Get started with Bitwarden
Ready to secure your team with Bitwarden? Quickly sign up for a free individual account, or start a 7-day free trial of a teams or enterprise plan.