Auto-connecting the password-manager-service interface for the bitwarden snap

This is a request to auto-connect the password-manager-service interface for the bitwarden snap. https://snapcraft.io/bitwarden

Bitwarden is a password management application. Without access to the password-manager-service the application cannot persist encryption keys (available as an option under settings). This requires a user to type in their master password each time they access the application which is not the desired functionality for some.

@kspearrin is the upstream, and this seems like a sensible request given the nature of the application. +1

While bitwarden is a password manager application, it isn’t clear to me why it needs the password-manager-service interface. Is it using it to autofill in bitwarden’s database? Is bitwarden using it as its data store?

If the former, I would prefer the interface remain manually connected. If the latter, it seems like the most secure way for bitwarden to store passwords would be for it to not store them in the password manager service since any other snap that has password-manager-service interface connected and all non-snap user processes would be able to access bitwarden’s passwords.

All that said, the request says:

Without access to the password-manager-service the application cannot persist encryption keys (available as an option under settings). This requires a user to type in their master password each time they access the application which is not the desired functionality for some.

On the face of it, “for some” implies manual connection to me. Are you saying bitwarden can be auto-unlocked on login? Can you describe exactly how bitwarden is using the password-manager-service interface?

@jdstrand

Bitwarden uses a “master password” as the encryption key to a user’s password vault. A user can choose not to have to enter their master password (encryption key) each time they open the application. In this case Bitwarden uses libsecret (a la node-keytar) to persist their encryption key.

Without the password-manager-service connected we cannot allow this feature of the application.

Thanks for the clarification!

It still isn’t clear to me why bitwarden needs to have the interface auto-connected. Auto-connection to the interface would then give anything that can use libsecret access to bitwarden’s master password and it gives bitwarden access to all passwords in the database. I fully understand why your application supports the feature, I’m not sure why use of the interface shouldn’t be opt-in by the user via manual connection. It seems possible that when the user selects this feature in bitwarden, bitwarden could quickly check if it can connect to the service and alert the user that the interface needs to be connected if it can’t.

Also note, I’m not blocking the request-- I’m gathering information so that I and other reviewers can make an informed decision when casting their vote for auto-connection.

Thanks again!

I am still new to working with snap development so perhaps it is possible for us to gracefully detect that the user is using the application as a snap and does not have the needed password-manager-service connected. Right now the application just silently fails if a user tries to use this option (AppArmor errors), so it would be nice to present a notification of some sort or else we’re just going to get bug reports from users. Is this possible?

Your snap could detect the AppArmor dbus denial (this is a different DBus message than other errors). If you’re asking if this is provided by snapd today, it is not, but something that would be interesting to consider if tastefully done. We’re already considering other forms of prompting with denied access so this would fit in with that work.

1 Like