Just to say....FIRST!

I have found bitwardenRS by mistake (looking around for good Docker Images) and I am very pleased.
Thanks for your work.
Just out of curiosity , what are your relation to Biwarden (8bit Solutions LLC) ?
Is bitwardenRS legit?

Hey Michel, welcome!

There isn’t any relation to 8 Bit Solutions, this is just a reimplementation of their server API, which means any clients communicating with that API would be compatible with Bitwarden_RS

The reasons behind the implementation are that the official server uses Microsoft SQL Server which is quite resource intensive for small deployments, and also I needed an excuse to learn the Rust language :slight_smile:

If by legit you mean if using Bitwarden_RS is against Bitwardens terms of service or similar, you should be safe. Also all sensitive data is encrypted on the clients so the use of the server is quite safe overall.

OK , crystal clear, thanks for your feedback

Hello Dani,

Thanks for your effort in working with this project. I’ve been using Bitwarden for more than 2 years now and I’ve been very happy with it after using KeepassX for more than 7 years and LastPass for like a month or two.

I am a premium user of Bitwarden but I’ve been looking for a way to host my own data using my raspberry pi, then I came across Bitwarden_RS and I’ve successfully installed it and currently trying it out.

Out of curiosity, I checked out your source code files and compared it with the official Bitwarden server and it seems that your implementation is composed of fewer files compared to the official one. I am not familiar with both C# and Rust but I was wondering how you managed to complete the whole Bitwarden server and came out with a smaller Git repo? Is it because of Rust itself?

Anyway, thanks again for your work. Cheers!

Well I wouldn’t count the number of files as a good measure, some languages tend to enforce or encourage a pattern of splitting the code in multiple files, for example Java forces each class to be it’s own file even if it’s a five line class used only to deserialize a JSON file, it’s possible C# does something similar as they are similar languages.
There’s also some features that we don’t have, like billing or LDAP integration etc. Also the official server separates the server in multiple services, I assume for scalability reasons, so you have the identity, icons, admin, and api in separate folders which I assume leads to some small amount of duplicate code.

I think Rust can be a very expressive language, so I wouldn’t rule out some savings that way, but I think they’d be minor.

1 Like

That made sense, good point. Thanks!

Hello Dani,
First off all, many thanks for your great work. I’m happy to found your poject by mistake. Like Michel I found it after trying the mess of setup the officiel bitwarden on a kubernetes cluster.

I just have one question, do you have, like bitwarden, any bug bouty program, or any other code audit. I am not questioning your work, but it’s pretty risky to store password that protect sensitive data on any project. Unfortunatly I’am not a rust developer, so I couldn’t help you.

Thanks again for your great work

Exceedingly few open source projects (that aren’t backed by a corporate interest) offer bug bounties, primarily because of lack of funding. Bitwarden itself doesn’t offer a real bug bounty, only appreciation (see https://hackerone.com/bitwarden). bitwarden_rs is unlikely to see any formal code audits for the same reason.