Vaultwarden Service #6

Open
opened 2026-06-24 15:34:27 +00:00 by dark · 1 comment
Owner

Given that we're gradually transitioning our userbase to matrix, users are going to need a secure place to store their security keys. I keep encouraging our users to use a password manager, so why not offer our own?

Given that we're gradually transitioning our userbase to matrix, users are going to need a secure place to store their security keys. I keep encouraging our users to use a password manager, so why not offer our own?
Member

Findings relevant to this in #21: Vaultwarden OIDC SSO is upstream now (wire to Authentik), but the master password remains architecturally required — zero-knowledge means SSO authenticates while the vault key never reaches the server. That's a feature for us: infrastructure compromise can't open vaults. Open items before rollout (tracked in #21): emergency-access/recovery story, since a forgotten master password is an unrecoverable vault.

Findings relevant to this in #21: Vaultwarden OIDC SSO is upstream now (wire to Authentik), but the master password remains architecturally required — zero-knowledge means SSO authenticates while the vault key never reaches the server. That's a feature for us: infrastructure compromise can't open vaults. Open items before rollout (tracked in #21): emergency-access/recovery story, since a forgotten master password is an unrecoverable vault.
Sign in to join this conversation.
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
nether/meta#6
No description provided.