diff options
| author | alexpdp7 <alex@pdp7.net> | 2026-01-08 20:17:46 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-01-08 20:17:46 +0100 |
| commit | 89ffb89856ea4892c1d38f1f01d4fbb73925b481 (patch) | |
| tree | 99e201d08a2482121078fc24c3828b9ef250a0dc | |
| parent | 8ecb6f7f0c3134f6860bf8dfcb1a5dc2b52ba473 (diff) | |
Add note about secure secret sharing
| -rw-r--r-- | infrastructure/roles/vaultwarden/README.md | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/infrastructure/roles/vaultwarden/README.md b/infrastructure/roles/vaultwarden/README.md index e3096aa..05c7fc2 100644 --- a/infrastructure/roles/vaultwarden/README.md +++ b/infrastructure/roles/vaultwarden/README.md @@ -24,4 +24,7 @@ Visit `/vaultwarden`, select "create account", then use `$USER@localhost` as you [The Bitwarden Security Whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/) says that Bitwarden clients, such as the browser extension, never pass the master password that can decrypt passwords to the Bitwarden server. Note that root on the system can tamper with the Vaultwarden web vault, but the browser extensions are controlled by Bitwarden. -Therefore, we recommend changing the master password *before* entering any sensitive data in Vaultwarden, to ensure that the password cannot be snooped by root on the system. +Therefore, we recommend changing the master password *before* entering any sensitive data in Vaultwarden and not using again the web vault, to ensure that the password cannot be snooped by root on the system. + +To share secrets among members, organizations should be created from an account without personal data. + |