Bitwarden API Key
Service Name: Bitwarden
Service Description: Bitwarden is an open-source password management service that stores sensitive information such as website credentials in an encrypted vault. It offers both personal and enterprise password management solutions.
Service Address: https://bitwarden.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level for enterprise plans.
Secret Access Scope: Grants programmatic access to the Bitwarden API, allowing management of vaults, organizations, collections, and users depending on the permissions associated with the API key.
Secret Revokement URL: https://bitwarden.com/help/personal-api-key/#revoke-api-key
Secret Example: 2.Tl9vR6XQpCiUCBqS/gQPaQ==.KYS4BjnlCVLleatMOGFXwBbMblyPZ0wRZX7+nAqYhFI=
Suspicious Activity Investigation Instructions:
- Review the Bitwarden event logs for unusual API calls or access patterns
- Check for unauthorized vault access or modifications
- Monitor for unexpected organization membership changes
- Verify if any new collections or items were created without authorization
- Check for export operations that might indicate data exfiltration
Mitigation Instructions:
- Log in to your Bitwarden account and navigate to Account Settings
- Select the "Security" tab
- Scroll down to the "API Key" section
- Click "Revoke API Key" to immediately invalidate the compromised key
- Generate a new API key if needed
- Review vault contents for any unauthorized changes
- Consider enabling additional security features like two-factor authentication
- Review organization members and their access levels if using an organization vault