Skip to content

Bitwarden API Key

Service Name: Bitwarden

Service Description: Bitwarden is an open-source password management service that stores sensitive information such as website credentials in an encrypted vault. It offers both personal and enterprise password management solutions.

Service Address: https://bitwarden.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level for enterprise plans.

Secret Access Scope: Grants programmatic access to the Bitwarden API, allowing management of vaults, organizations, collections, and users depending on the permissions associated with the API key.

Secret Revokement URL: https://bitwarden.com/help/personal-api-key/#revoke-api-key

Secret Example: 2.Tl9vR6XQpCiUCBqS/gQPaQ==.KYS4BjnlCVLleatMOGFXwBbMblyPZ0wRZX7+nAqYhFI=

Suspicious Activity Investigation Instructions:

  • Review the Bitwarden event logs for unusual API calls or access patterns
  • Check for unauthorized vault access or modifications
  • Monitor for unexpected organization membership changes
  • Verify if any new collections or items were created without authorization
  • Check for export operations that might indicate data exfiltration

Mitigation Instructions:

  • Log in to your Bitwarden account and navigate to Account Settings
  • Select the "Security" tab
  • Scroll down to the "API Key" section
  • Click "Revoke API Key" to immediately invalidate the compromised key
  • Generate a new API key if needed
  • Review vault contents for any unauthorized changes
  • Consider enabling additional security features like two-factor authentication
  • Review organization members and their access levels if using an organization vault