Managing passwords securely has become a necessity in an era where data breaches and cyber threats are increasingly common. Bitwarden, an open source password manager, offers a cross-platform solution for securely storing and managing credentials. Unlike proprietary alternatives, Bitwarden allows users to self-host their vault, providing greater control over their data.

For Linux users, the availability of a native desktop client, command-line interface (CLI), and browser extensions make Bitwarden a flexible option that integrates well with different workflows. This article explores Bitwarden's features, its strengths and limitations, and how it fits within the Linux ecosystem.

Installation and Setup

Installing and setting up Bitwarden on Linux depends on the chosen deployment method, with options ranging from a simple GUI installation to a fully self-hosted instance. The official desktop application is available as a Flatpak from Flathub [1], as an AppImage that runs without installation from the Bitwarden website [2], or as native DEB and RPM packages for Debian and Red Hat-based distributions. Users opting for Flatpak must first enable Flathub, while AppImage users need to make the file executable before running it by typing

chmod +x Bitwarden-*.AppImage

On Ubuntu, you'll find Bitwarden in the App Center.

For those who prefer command-line access, the application offers a CLI client. Information about installation and setup is available on the Bitwarden website [3]. After installation, the CLI is accessible using the bw command, allowing users to manage their vault without a graphical interface. However, I will focus on the Bitwarden's GUI version and assume the use of the free plan, storing credentials on Bitwarden's servers, because this is the easiest way to proceed. This is sufficient to meet the needs of most users.

The master password is set during installation and is the most critical password, serving as the key to an encrypted vault (Figure 1). It is the sole credential required to access stored logins, notes, and other sensitive information. Because Bitwarden does not store or recover the master password, it remains the only means of decrypting the vault. Losing it results in permanent loss of access unless account recovery options have been configured.

Figure 1: Authentication form.

Once Bitwarden has been installed, the next step is to create an account or log in with existing credentials. Bitwarden is cross-platform, so it may be useful to install and configure it on Android as well. Downloading the app from the Play Store and logging in with one's credentials allows synchronization across multiple devices.

Free Plan Overview

A free Bitwarden account provides essential password management features. It allows secure storage of an unlimited number of passwords, notes, and other credentials in an encrypted vault, accessible across multiple devices, including desktop, mobile, and browser extensions.

The free plan includes automatic synchronization, ensuring that stored credentials remain updated and available on all linked devices. Users can generate strong, random passwords within the app and autofill login credentials through browser extensions or the mobile app. Security features such as AES-256 encryption, salted hashing [4], and zero-knowledge architecture [5] protect stored data, ensuring that only the user can access their vault.

For added security, the free account supports basic two-factor authentication (2FA) using authentication apps such as Google Authenticator or Authy. However, advanced authentication methods such as hardware security keys (FIDO2/WebAuthn) or Duo Security are reserved for paid plans.

The free plan does not include premium features such as emergency access, password breach monitoring, or secure file storage. Additionally, free users cannot share credentials with more than one other Bitwarden user, making it less suitable for those who need team-based password management. Despite these limitations, the free plan provides a robust and secure foundation for managing passwords efficiently.

Main Features

Bitwarden is a password manager designed to securely store and manage credentials across multiple devices. It operates using a zero-knowledge encryption model, meaning that all data is encrypted before it leaves the user's device, and Bitwarden itself cannot access or decrypt stored passwords.

When a user saves a new password, Bitwarden encrypts it using AES-256, one of the most secure encryption standards available. This encryption occurs locally on the device before the data is transmitted to Bitwarden's servers. The only way to decrypt the stored information is by using the master password, which is never transmitted over the Internet. Because of this approach, even if Bitwarden's servers were compromised, the encrypted vaults would remain inaccessible without the user's master password.

To access stored credentials, users log into Bitwarden using their master password, which derives an encryption key that decrypts their vault locally. If 2FA is enabled, an additional verification step is required before access is granted.

Bitwarden supports secure synchronization across multiple devices, ensuring that any changes to stored credentials are updated in real time. The data is stored on Bitwarden's cloud servers by default, but users have the option to self-host their own instance for complete control over their data. Self-hosting requires setting up a Bitwarden server using Docker and configuring a database, an email server for account verification, and HTTPS encryption for secure communication.

For added convenience, users can import passwords from other managers, export their vault if needed, and configure auto-lock settings to protect access when the application is inactive.

Through its open source approach, Bitwarden allows users to inspect its codebase for security transparency. The source code is available in Bitwarden's GitHub repository [6].

In addition to storing login credentials, Bitwarden can also safeguard various types of sensitive information, including notes, credit card details, and identity-related data. The application also offers a feature to generate strong, secure passwords. To do so, navigate to the password generator from the menu. Customize the settings, such as length and character types, or choose to generate a passphrase. Once it's generated, copy and use the password as needed (Figure 2). In addition, Bitwarden includes the ability to check whether any of your stored credentials have been compromised in known data breaches. Simply select an item from the central pane and click the Check if password has been exposed button.

Figure 2: Password generation function.