Bitwarden Icon

Fully-featured, open source password manager with cloud-sync. Bitwarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. See also Vaultwarden, a self-hosted, Rust implementation of the Bitwarden server and compatible with upstream Bitwarden clients.

Open Source

Bitwarden Privacy Policy

Privacy Policy Summary

  • You have the right to leave this service at any time
  • This service keeps user logs for an undefined period of time
  • Users agree to comply with the law of the service's country
  • This service does not sell your personal data
  • The service does not guarantee accuracy or reliability of the information provided
  • The service provider makes no warranty regarding uninterrupted, timely, secure or error-free service
  • The service provides two factor authentification for your account
  • You are responsible for maintaining the security of your account and for the activities on your account
  • This service can share your personal information to third parties
  • Tracking pixels are used in service-to-user communication
  • The service is transparent regarding government requests or inquiries that may involve user data.
  • The user is informed about security practices
  • The services will notify users if personal data has been affected by data breaches
  • This service requires first-party cookies, which are cookies that only belong to the domain of the service and not a third party.
  • This service holds onto content that you've deleted
  • very broad term possibly violating copyright law
  • The service can sell or otherwise transfer your personal data as part of a bankruptcy proceeding or other type of financial transaction.
  • Third parties may be involved in operating the service
  • Promises will be kept after a merger or acquisition
  • Your personal data is given to third parties
  • The service promises to inform and/or notify users regarding government inquiries that may involve users' personal data
  • Your data may be processed and stored anywhere in the world
  • They may stop providing the service at any time
  • Users should revisit the terms periodically, although in case of material changes, the service will notify
  • This service does not guarantee that it or the products obtained through it meet the users' expectations or requirements
  • The service does not guarantee that software errors will be corrected
  • The service can suspend or terminate your access to all or any part of the Website and refuse service to anyone for any reason at any time
  • Your personal data is aggregated into statistics
  • This service ignores the Do Not Track (DNT) header and tracks users anyway even if they set this header.
  • This service gathers information about you through third party analytics and service providers (such as Google Analytics)
  • Blocking cookies may limit your ability to use the service
  • This service throttles your use
  • This service prohibits users from attempting to gain unauthorized access to other computer systems
  • You can delete your content from this service
  • This service gives your personal data to third parties involved in its operation
  • The court of law governing the terms is in California, USA
  • This service assumes no liability for any losses or damages resulting from any matter relating to the service
  • You are tracked via web beacons, tracking pixels, browser fingerprinting, and/or device fingerprinting
  • Third-party cookies are used for statistics
  • Information is provided about how your personal data is used
  • Some personal data may be kept for business interests or legal obligations
  • Information is provided about what kind of information they collect
  • Information is provided about how they collect personal data
  • Extra data may be collected about you through promotions
  • You agree to defend, indemnify, and hold the service harmless in case of a claim related to your use of the service
  • Users are responsible for any risks, damages, or losses they may incur by downloading materials
  • The service is provided 'as is' and to be used at the users' sole risk
  • This service is only available to users of age 13 and up
  • Features of the website are made available under a free software license (AGPL) v3.0
  • The terms for this service are easy to read
  • Your personal data may be sold or otherwise transferred as part of a bankruptcy proceeding or other type of financial transaction
  • You are entitled to a refund if certain thresholds or standards are not met by the service
  • You authorise the service to charge a credit card supplied on re-occurring basis
  • You should revisit the terms periodically, although in case of material changes, the service will notify




Domains Covered by Policy


About the Data

This data is kindly provided by Read full report at: #1348

Bitwarden Source Code




The core infrastructure backend (API, database, Docker, etc).






23 Nov 15

Last Updated

07 Jun 24

Latest version


Primary Language



27,867 KB







Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Ike (07 Jun 24)

    Fix Duo Universal to work with transitional metadata (#4164)

  • Rui Tomé (07 Jun 24)

    [AC-2286] Include the OrganizationUserId for each Organization in the user sync data (#4142) * [AC-2286] Include the OrganizationUserId for each Organization in the user sync data * Make OrganizationUserId property non-nullable

  • Thomas Avery (07 Jun 24)

    [SM-1293] Add endpoint to fetch secret's access policies (#4146) * Add authz handling for secret access policy reads * Add the ability to fetch secret access polices from the repository * refactor response models * Add new endpoint

  • renovate[bot] (07 Jun 24)

    [deps] DbOps: Update EntityFrameworkCore (#3981) * [deps] DbOps: Update EntityFrameworkCore * Update linq2db Package --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]> Co-authored-by: Justin Baur <[email protected]>

  • Alex Morask (06 Jun 24)

    [AC-1943] Add ProviderInvoiceItem table (#4163) * Add ProviderInvoiceItem table * Run dotnet format

  • cyprain-okeke (06 Jun 24)

    Add additional return properties ti providerSubscriptionResponse (#4159) Signed-off-by: Cy Okeke <[email protected]>

  • Ike (05 Jun 24)

    [PM-5216] User and Organization Duo Request and Response Model refactor (#4126) * inital changes * add provider GatewayType migrations * db provider migrations * removed duo migrations added v2 metadata to duo response * removed helper scripts * remove signature from org duo * added backward compatibility for Duo v2 * added tests for duo request + response models * refactors to TwoFactorController * updated test methods to be compartmentalized by usage * fix organization add duo * Assert.Empty() fix for validator

  • Alex Morask (05 Jun 24)

    [AC-1942] Add endpoint to get provider invoices (#4158) * Added endpoint to get provider invoices * Added missing properties of invoice * Run dotnet format'

  • Conner Turnbull (04 Jun 24)

    [AC-2386][AC-2750] Updated BitPay controller to add transactions and account credit for providers (#4153)

  • Thomas Rittson (03 Jun 24)

    [AC-2317] Public API - remove old permissions code (#4125) * Remove FlexibleCollections checks from Public API controllers * Remove AccessAll from Public API * Update tests

  • Thomas Rittson (03 Jun 24)

    [AC-2654] Remove old permissions code from OrganizationUsersController (#4149)

  • Thomas Rittson (03 Jun 24)

    [AC-2653] Remove old permissions code from GroupsController (#4148)

  • Thomas Rittson (03 Jun 24)

    Fix optional properties being required in public api (#4150)

  • Bitwarden DevOps (03 Jun 24)

    Bumped version to 2024.6.0 (#4152)

  • Conner Turnbull (03 Jun 24)

    [AC-2678] Enterprise to Families Sponsorship Bugs (#4118) * Removed prorationDate as it wasn't used, and wasn't needed * Fixed logic to detect if a subscription was sponsored * Moved OrganizationSponsorshipsController.cs to Billing folder

  • Alex Morask (03 Jun 24)

    Added gateway links to Provider edit in Admin (#4145)

  • Alex Morask (03 Jun 24)

    [AC-1938] Update provider payment method (#4140) * Refactored GET provider subscription Refactoring this endpoint and its associated tests in preparation for the addition of more endpoints that share similar patterns * Replaced StripePaymentService call in AccountsController, OrganizationsController This was made in error during a previous PR. Since this is not related to Consolidated Billing, we want to try not to include it in these changes. * Removing GetPaymentInformation call from ProviderBillingService This method is a good call for the SubscriberService as we'll want to extend the functionality to all subscriber types * Refactored GetTaxInformation to use Billing owned DTO * Add UpdateTaxInformation to SubscriberService * Added GetTaxInformation and UpdateTaxInformation endpoints to ProviderBillingController * Added controller to manage creation of Stripe SetupIntents With the deprecation of the Sources API, we need to move the bank account creation process to using SetupIntents. This controller brings both the creation of "card" and "us_bank_account" SetupIntents under billing management. * Added UpdatePaymentMethod method to SubscriberService This method utilizes the SetupIntents created by the StripeController from the previous commit when a customer adds a card or us_bank_account payment method (Stripe). We need to cache the most recent SetupIntent for the subscriber so that we know which PaymentMethod is their most recent even when it hasn't been confirmed yet. * Refactored GetPaymentMethod to use billing owned DTO and check setup intents * Added GetPaymentMethod and UpdatePaymentMethod endpoints to ProviderBillingController * Re-added GetPaymentInformation endpoint to consolidate API calls on the payment method page * Added VerifyBankAccount endpoint to ProviderBillingController in order to finalize bank account payment methods * Updated BitPayInvoiceRequestModel to support providers * run dotnet format * Conner's feedback * Run dotnet format'

  • Conner Turnbull (03 Jun 24)

    Fix Broken Icon Unit Test (#4151) * Updated test domain from to to fix failing test * Added a skip attribute

  • Jake Fink (03 Jun 24)

    [PM-6794] block legacy users from authN (#4088) * block legacy users from authN * undo change to GetDeviceFromRequest * lint * add feature flag * format * add web vault url to error message * fix test * format

  • cyprain-okeke (31 May 24)

    Resolve the unhandled error unlink org (#4141) * Resolve the unhandled error unlink org Signed-off-by: Cy Okeke <[email protected]> * Resolve a failing unit test Signed-off-by: Cy Okeke <[email protected]> --------- Signed-off-by: Cy Okeke <[email protected]>

  • Thomas Rittson (30 May 24)

    [AC-292] Public Api - allow configuration of custom permissions (#4022) * Also refactor OrganizationService user invite methods

  • Bernd Schoolmann (30 May 24)

    [PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098) * Add check to verify the vault state for rotation is not obviously desynced (empty) * Add unit test for key rotation guardrail * Move de-synced vault detection to validators * Add tests

  • cyprain-okeke (29 May 24)

    [AC-2706] [Defect] ProviderId does not populate when payment for provider subscription is created/updated (#4138) * Resolve the issue of not updating the db Signed-off-by: Cy Okeke <[email protected]> * Resolve the failing test Signed-off-by: Cy Okeke <[email protected]> --------- Signed-off-by: Cy Okeke <[email protected]>

  • renovate[bot] (28 May 24)

    [deps] Tools: Update aws-sdk-net monorepo (#4131) Co-authored-by: renovate[bot] <29139614+renovate[bot]>

  • Alex Urbina (27 May 24)

    BRE-87 Add enable feature for upcoming release version Slack notifications (#4122) * BRE-87 ADD: enable_slack_notification input to version-bump workflow * BRE-87 TEST: Update version-bump workflow to use bitwarden/gh-actions/report-upcoming-release-version@task/BRE-87 * BRE-87 TEST: disable merge * BRE-87 DEBUG: enable_slack_notification input to version-bump workflow * BRE-87 TEST: Disable version PR creation and approval * BRE-87 FIX: conditional statement in version-bump workflow * Revert "BRE-87 TEST: Disable version PR creation and approval" This reverts commit 59025ab5f6f42c9183bc0e11c25a98c13f02a24a. * Revert "BRE-87 TEST: disable merge" This reverts commit 040bdb17bff0e365c27bb116c1aca2eda2f9bb5e. * Revert "BRE-87 TEST: Update version-bump workflow to use bitwarden/gh-actions/report-upcoming-release-version@task/BRE-87" This reverts commit 9e61d114c8495f2c540df22cbab4de4164b12897.

  • Addison Beck (27 May 24)

    Allow for bulk processing new login device requests (#4064) * Define a model for updating many auth requests In order to facilitate a command method that can update many auth requests at one time a new model must be defined that accepts valid input for the command's needs. To achieve this a new file has been created at `Core/AdminConsole/OrganizationAuth/Models/OrganizationAuthRequestUpdateCommandModel.cs` that contains a class of the same name. It's properties match those that need to come from any calling API request models to fulfill the request. * Declare a new command interface method Calling API functions of the `UpdateOrganizationAuthRequestCommand` need a function that can accept many auth request response objects and process them as approved or denied. To achieve this a new function has been added to `IUpdateOrganizationAuthRequestCommand` called `UpdateManyAsync()` that accepts an `IEnumberable<OrganizationAuthRequest>` and returns a `Task`. Implementations of this interface method will be used to bulk process auth requests as approved or denied. * Stub out method implementation for unit testing To facilitate a bulk device login request approval workflow in the admin console `UpdateOrganizationAuthRequestCommand` needs to be updated to include an `UpdateMany()` method. It should accept a list of `OrganizationAuthRequestUpdateCommandModel` objects, perform some simple data validation checks, and then pass those along to `AuthRequestRepository` for updating in the database. This commit stubs out this method for the purpose of writing unit tests. At this stage the method throws a `NotImplementedException()`. It will be expand after writing assertions. * Inject `IAuthRequestRepository` into `UpdateOrganizationAuthCommand` The updates to `UpdateOrganizationAuthRequestCommand` require a new direct dependency on `IAuthRequestRepository`. This commit simply registers this dependency in the `UpdateOrganizationAuthRequest` constructor for use in unit tests and the `UpdateManyAsync()` implementation. * Write tests * Rename `UpdateManyAsync()` to `UpdateAsync` * Drop the `CommandModel` suffix * Invert business logic update filters * Rework everything to be more model-centric * Bulk send push notifications * Write tests that validate the command as a whole * Fix a test that I broke by mistake * Swap to using await instead of chained methods for processing * Seperate a function arguement into a variable declaration * Ungeneric-ify the processor * Adjust ternary formatting * Adjust naming of methods regarding logging organization events * Throw an exception if Process is called with no auth request loaded * Rename `_updates` -> `_update` * Rename email methods * Stop returning `this` * Allow callbacks to be null * Make some assertions about the state of a processed auth request * Be more terse about arguements in happy path test * Remove unneeded null check * Expose an endpoint for bulk processing of organization auth requests (#4077) --------- Co-authored-by: Thomas Rittson <[email protected]>

  • Thomas Rittson (27 May 24)

    Remove obsolete permissions code from ImportCiphersController (#4124)

  • Thomas Rittson (27 May 24)

    Remove FlexibleCollections check from OrganizationsController (#4123)

  • aj-rosado (24 May 24)

    Added MemberAccessReport to feature flags (#4114)

  • Merissa Weinstein (24 May 24)

    remove onboarding feature flag (#4085)

Bitwarden Website


The password manager trusted by millions | Bitwarden

Bitwarden makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device. Create your free Bitwarden account today.


Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address
  • Location San Francisco, California, United States of America, NA
  • ISP Fastly Inc.
  • ASN AS54113

Associated Countries

  • US

Saftey Score

Website marked as safe


Blacklist Check was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Bitwarden Android App

Update Info

  • App Bitwarden Password Manager
  • Creation Date 14 Jun 19
  • Last Updated 09 Dec 23
  • Current Version 2.0.4
  • Creator 8bit Solutions LLC
  • Downloads 100,000+ downloads


  • HockeyApp
  • Google Firebase Analytics


  • Access Network State
  • Camera
  • Internet
  • Nfc
  • Request Install Packages
  • Use Fingerprint
  • Wake Lock
  • Write External Storage
  • Receive
  • Write Use App Feature Survey
  • C2d Message

Bitwarden iOS App

App Info

Bitwarden Password Manager

Recognized as best password manager by PCMag, The Verge, CNET, G2, and more! SECURE YOUR DIGITAL LIFE Secure your digital life and protect against data breaches by generating and saving unique, strong passwords for every account. Maintain everything in an end-to-end encrypted password vault that only you can access. ACCESS YOUR DATA, ANYWHERE, ANYTIME, ON ANY DEVICE Easily manage, store, secure, and share unlimited passwords across unlimited devices without restrictions. EVERYONE SHOULD HAVE THE TOOLS TO STAY SAFE ONLINE Utilize Bitwarden for free with no ads and or selling data. Bitwarden believes everyone should have the ability to stay safe online. Premium plans offer access to advanced features. EMPOWER YOUR TEAMS WITH BITWARDEN Plans for Teams and Enterprise come with professional business features. Some examples include SSO integration, self-hosting, directory integration and SCIM provisioning, global policies, API access, event logs, and more. Use Bitwarden to secure your workforce and share sensitive information with colleagues. More reasons to choose Bitwarden: World-Class Encryption Passwords are protected with advanced end-to-end encryption (AES-256 bit, salted hashtag, and PBKDF2 SHA-256) so your data stays secure and private. 3rd-party Audits Bitwarden regularly conducts comprehensive third-party security audits with notable security firms. These annual audits include source code assessments and penetration testing across Bitwarden IPs, servers, and web applications. Advanced 2FA Secure your login with a third-party authenticator, emailed codes, or FIDO2 WebAuthn credentials such as a hardware security key or passkey. Bitwarden Send Transmit data directly to others while maintaining end-to-end encrypted security and limiting exposure. Built-in Generator Create long, complex, and distinct passwords and unique usernames for every site you visit. Integrate with email alias providers for additional privacy. Global Translations Bitwarden translations exist for more than 50 languages. Cross-Platform Applications Secure and share sensitive data within your Bitwarden Vault from any browser, mobile device, or desktop OS, and more.


Rated 4.53 out of 5 stars by 4,223 users

Version Info

  • Current Version 2024.2.1
  • Last Updated 21 Mar 24
  • First Released 02 Sept 16
  • Minimum iOS Version 11.0
  • Device Models Supported 94

App Details

  • IPA Size 171.79 Mb
  • Price Free (USD)
  • Age Advisory 4+
  • Supported Languages 32
  • Developer Bitwarden Inc
  • Bundle ID com.8bit.bitwarden


Bitwarden Docker

Container Info


This is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal..


DockerHub Metrics

  • Pull Count 325,397,259
  • Stars 417
  • Date Created 12 May 19
  • Last Updated 2 years ago

View on DockerHub


Run Command

docker run -d \ 
  -p :80/tcp \
  -v /portainer/Files/AppData/Config/Bitwarden-rs:/config \
  --restart=unless-stopped \

Compose File

version: 3.8
    image: bitwardenrs/server:latest
      - :80:tcp
      - /portainer/Files/AppData/Config/Bitwarden-rs:/config
    restart: unless-stopped

Port List

  • :80/tcp

Volume Mounting

  • /portainer/Files/AppData/Config/Bitwarden-rs /config


  • read ✅ Yes
  • write ✅ Yes
  • admin ✅ Yes

Bitwarden Socials

Bitwarden Reviews

More Password Managers

About the Data: Bitwarden


You can access Bitwarden's data programmatically via our API. Simply make a GET request to:

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Bitwarden

Help your friends compare Password Managers, and pick privacy-respecting software and services.
Share Bitwarden and Awesome Privacy with your network!

View Password Managers (6)