From 89ffb89856ea4892c1d38f1f01d4fbb73925b481 Mon Sep 17 00:00:00 2001
From: alexpdp7 <alex@pdp7.net>
Date: Thu, 8 Jan 2026 20:17:46 +0100
Subject: Add note about secure secret sharing

---
 infrastructure/roles/vaultwarden/README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'infrastructure/roles/vaultwarden/README.md')

diff --git a/infrastructure/roles/vaultwarden/README.md b/infrastructure/roles/vaultwarden/README.md
index e3096aa..05c7fc2 100644
--- a/infrastructure/roles/vaultwarden/README.md
+++ b/infrastructure/roles/vaultwarden/README.md
@@ -24,4 +24,7 @@ Visit `/vaultwarden`, select "create account", then use `$USER@localhost` as you
 [The Bitwarden Security Whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/) says that Bitwarden clients, such as the browser extension, never pass the master password that can decrypt passwords to the Bitwarden server.
 Note that root on the system can tamper with the Vaultwarden web vault, but the browser extensions are controlled by Bitwarden.
 
-Therefore, we recommend changing the master password *before* entering any sensitive data in Vaultwarden, to ensure that the password cannot be snooped by root on the system.
+Therefore, we recommend changing the master password *before* entering any sensitive data in Vaultwarden and not using again the web vault, to ensure that the password cannot be snooped by root on the system.
+
+To share secrets among members, organizations should be created from an account without personal data.
+
-- 
cgit v1.2.3