Home
/
News
/
Bitwarden starts using the OS password manager service, and it's breaking

Bitwarden starts using the OS password manager service, and it's breaking

https://github.com/bitwarden/clients/issues/8651

Hello,

As this thread has a lot of history, we felt it would be good to summarize the current status of the issue and the options available.

Summary of current behavior

The current version (2024.5.0) uses libsecret to communicate over D-BUS with the org.freedesktop.secrets Secret Service implementation (e.g. gnome-keyring) in order to store persistent authentication tokens if your vault timeout action is "Lock". If there is no such service configured (or the application has issues communicating with the service), the current version does not have any built-in fallback to disk storage for the tokens, which is what is causing the errors experienced in this ticket. The mechanism for fallback will be introduced in the next release of our desktop application, as we are doing extensive internal testing to make sure that we do not introduce any regressions in behavior across all of the affected OSes.

As there are a lot of different parties involved in that communication path, we have seen some issues arise and raised on this thread. We'd like to highlight them below and make sure that the solutions are documented. We will also be updating our Help Center documentation to reflect this in more detail as we release the next update.

🗒️ Issue 1: The application doesn't have permission to communicate over D-BUS to the Secret Service

For our Snap sandboxed deployments, it is necessary to grant the application permission to access the service via D-BUS. This can be done with sudo snap connect bitwarden:password-manager-service.

🗒️ Issue 2: There is no Secret Service configured

As some have noted, configuring gnome-keyring will satisfy this requirement. It was an oversight on our part to not provide documentation for those users who would not have such a provider configured by default.

For those using kwallet, additional configuration may be required, as @Caligatio called out here:

[D-BUS Service]
Name=org.freedesktop.secrets
Exec=/usr/bin/kwalletd6

In addition, there is a recent bug reported with Flatpak and kwallet that would potentially affect Flatpak users who are attempting to use kwallet as their secret provider.

If you do not have a Secret Service configured, and prefer not to do so, this build is available to install. This is the build currently under test for our next release. This is a development build and we recommend backing up your vault before use.

Once again, we thank you for your patience as we work through this issue. If there are any problems that do not conform to these assumptions, please raise them so that we can make sure that we take them into consideration.

{
  "by": "NabiDev",
  "descendants": 0,
  "id": 40232148,
  "kids": [
    40232429
  ],
  "score": 9,
  "time": 1714617094,
  "title": "Bitwarden starts using the OS password manager service, and it's breaking",
  "type": "story",
  "url": "https://github.com/bitwarden/clients/issues/8651"
}
{
  "author": "bitwarden",
  "date": "2024-04-09T12:00:00.000Z",
  "description": "Steps To Reproduce Go to ‘File’ Click on ‘sync vault’ Error sync vault Expected Result sync vault Actual Result Error sync vault Screenshots or Videos No response Additional Context I have installe…",
  "image": "https://opengraph.githubassets.com/554e646f7c157dd291634d3cb589f8fe72525a7e34f2a6aaa9765d90fc6934dd/bitwarden/clients/issues/8651",
  "logo": "https://logo.clearbit.com/github.com",
  "publisher": "GitHub",
  "title": "Error when syncing the vault on Linux desktop · Issue #8651 · bitwarden/clients",
  "url": "https://github.com/bitwarden/clients/issues/8651"
}
{
  "url": "https://github.com/bitwarden/clients/issues/8651",
  "title": "Error when syncing the vault on Linux desktop · Issue #8651 · bitwarden/clients",
  "description": "Steps To Reproduce Go to 'File' Click on 'sync vault' Error sync vault Expected Result sync vault Actual Result Error sync vault Screenshots or Videos No response Additional Context I have installe...",
  "links": [
    "https://github.com/bitwarden/clients/issues/8651"
  ],
  "image": "https://opengraph.githubassets.com/554e646f7c157dd291634d3cb589f8fe72525a7e34f2a6aaa9765d90fc6934dd/bitwarden/clients/issues/8651",
  "content": "<div>\n          <p>Hello,</p>\n<p>As this thread has a lot of history, we felt it would be good to summarize the current status of the issue and the options available.</p>\n<h2>Summary of current behavior</h2>\n<p>The current version (<code>2024.5.0</code>) uses <code>libsecret</code> to communicate over D-BUS with the <code>org.freedesktop.secrets</code> Secret Service implementation (e.g. <code>gnome-keyring</code>)  in order to store persistent authentication tokens if your vault timeout action is \"Lock\".  If there is no such service configured (or the application has issues communicating with the service), the current version does not have any built-in fallback to disk storage for the tokens, which is what is causing the errors experienced in this ticket.  <strong>The mechanism for fallback will be introduced in the next release of our desktop application</strong>, as we are doing extensive internal testing to make sure that we do not introduce any regressions in behavior across all of the affected OSes.</p>\n<p>As there are a lot of different parties involved in that communication path, we have seen some issues arise and raised on this thread.  We'd like to highlight them below and make sure that the solutions are documented.  We will also be updating our Help Center documentation to reflect this in more detail as we release the next update.</p>\n<h4>🗒️  Issue 1: The application doesn't have permission to communicate over D-BUS to the Secret Service</h4>\n<p>For our Snap sandboxed deployments, it is necessary to grant the application permission to access the service via D-BUS.  This can be done with <code>sudo snap connect bitwarden:password-manager-service</code>.</p>\n<h4>🗒️ Issue 2: There is no Secret Service configured</h4>\n<p>As some have noted, configuring <code>gnome-keyring</code> will satisfy this requirement.  It was an oversight on our part to not provide documentation for those users who would not have such a provider configured by default.</p>\n<p>For those using <code>kwallet</code>, additional configuration may be required, as <a target=\"_blank\" href=\"https://github.com/Caligatio\">@Caligatio</a> called out <a target=\"_blank\" href=\"https://github.com/bitwarden/clients/issues/8651#issuecomment-2119900100\">here</a>:</p>\n<div><pre><code>[D-BUS Service]\nName=org.freedesktop.secrets\nExec=/usr/bin/kwalletd6\n</code></pre></div>\n<p>In addition, there is a <a target=\"_blank\" href=\"https://bugs.kde.org/show_bug.cgi?id=487348\">recent bug</a> reported with Flatpak and <code>kwallet</code> that would potentially affect Flatpak users who are attempting to use <code>kwallet</code> as their secret provider.</p>\n<p>If you do not have a Secret Service configured, and prefer not to do so, <a target=\"_blank\" href=\"https://github.com/bitwarden/clients/actions/runs/9195397078\">this</a> build is available to install.  This is the build currently under test for our next release.  <strong>This is a development build and we recommend backing up your vault before use</strong>.</p>\n<p>Once again, we thank you for your patience as we work through this issue.  If there are any problems that do <strong>not</strong> conform to these assumptions, please raise them so that we can make sure that we take them into consideration.</p>\n      </div>",
  "author": "",
  "favicon": "https://github.githubassets.com/favicons/favicon.svg",
  "source": "github.com",
  "published": "",
  "ttr": 85,
  "type": "object"
}