Hi!
We are an nonprofit organization that uses bitwarden to store secrets/passwords etc, sometimes people leave the organization and i would like to then be able to disable their accounts so that they lose access to all orgs and any “personal” passwords.
As far as i understand, the Bitwarden desktop client and various browser plugins keep a cache of the passwords locally, therefor i would like to disable the usage of anything but the web UI, is this possible?
You could try to check the headers sent by the clients.
Bitwarden-Client-Name which for the web is just called web and maybe the device-type header which you can see here what they represent https://github.com/bitwarden/server/blob/master/src/Core/Enums/DeviceType.cs
But people can of course bypass that if they want manually.
Also, the web-vault works offline too, so it doesn’t really matter that much i think.
In what sense does the web-vault work offline too?
What do you mean? It just works offline, as if it was an app installed on your computer.
Just like the desktop client for example.
I had no idea about that.
Lets assume i don’t use any browser extensions or desktop clients, do you mean that i could browse to https://vault.my-vault.example and still login and access the passwords/documents even if my user is disabled from the admin panel?
I mean, if i am offline, how would i access https://vault.my-vault.example?
I think i’m missing a bit of the puzzle here and i don’t understand how that would work.
The web-vault can be accessed offline. The reason for this is that it uses a feature that is called service workers which caches all needed files in the browser cache. Also the vault data is cached offline in the browsers local storage.
If a user locks the vault, not logout, then if you disable your network connection, you can still unlock your vault and even export I think, but that i haven’t tried actually.
Thanks for all the info!
Think i’ll fork and disable said features, in my opinion they should be optional.
Hi ppaslan ,
Did you find how to disable this feature?
I’d like to disable it too.