Bitwarden releases free and open-source E2EE Secrets Manager

Bitwarden, the maker of the popular open-source password manager tool, has released ‘Secrets Manager,’ an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry.

The tool aims to act as a secure alternative to hard-coding secrets or sharing ‘.env’ files over email, giving users flexibility, scalability, and keeping their secrets safe in the case of a data breach.

Those secrets typically include API keys, user authentication certificates, database passwords, SSL and TLS certificates, private encryption keys, SSH keys, etc.

These secrets are inadvertently exposed online following cyberattacks or publicly leaked due to poor security practices in the development lifecycle.

Last year, Symantec reported that over 1,800 apps for the iOS platform contained hard-coded AWS credentials, exposing their developers and users to varying risk levels.

The problem is so widespread that GitHub launched a system that would alert repository owners of misconfigurations leading to the exposure of secrets, and independent security researchers wrote open-source tools dedicated to scanning for secrets in publicly exposed AWS S3 storage buckets.

Bitwarden Secrets Manager is poised to solve this problem by giving users an easy and secure way to retrieve, share, and deploy them across development teams while also supporting granular access permissions for individuals or groups.

Secrets Manager follows the same open-source approach as the password manager, so its codebase, CLI, SDK, and integration code are subject to scrutiny and also allow the flexibility of custom implementations.

The tool is offered in three tiers, depending on the needs of development teams, but there’s a free version supporting unlimited secrets, two users, three projects, and three service accounts.

The ‘Teams’ and ‘Enterprise’ tiers that cost $6 and $12 per month, respectively, raise those limits and offer additional business functionalities like support for FIDO2 authentication, automated provisioning, SSO integration, and more advanced administrative capabilities.

For now, Bitwarden Secrets Manager supports integration with GitHub Actions, but support for Kubernetes, Terraform, and Ansible integrations is expected to land in future versions.

Also, more languages are to be added to the tool’s SDK, and access management will be enhanced with additional options for individual secret assignments to specific accounts.