Home
Welcome to the cryptomator-bitwarden wiki!
The plug-in is feature complete.
cryptomator-bitwarden is a plug-in that extends the functionality of Cryptomator. With this plug-in configured, Cryptomator can use Bitwarden Secrets Manager as a backend to store and retrieve passwords for vaults:
Updated versions of cryptomator-bitwarden are published as releases in this same GitHub repository.
Below each release, in the Assets section, there is a jar-file called cryptomator-bitwarden-RELEASE_TAG.jar that is the ready-to-use plug-in.
Releases follow the release cycle of the Bitwarden SDK.
The following is required to use the plug-in:
- Cryptomator's
pluginDiris available since release 1.6.0 Beta 2. - You need to set up a Service Account in the Bitwarden Secrets Manager.
- To configure and enable the plug-in for Cryptomator, you need to provide two environment variables, that let the plug-in login to Bitwarden Secrets Manager. See below.
The jar-file cryptomator-bitwarden-RELEASE_TAG.jar needs to be copied to Cryptomator. The default values for the pluginDir on an unchanged Crytomator installation on the different operating systems are:
| OS | Default Dir |
|---|---|
| Mac | ~/Library/Application Support/Cryptomator/Plugins |
| Linux | ~/.local/share/Cryptomator/plugins |
| Windows | %homepath%\AppData\Roaming\Cryptomator\Plugins |
| Var | Hints |
|---|---|
| BITWARDEN_ACCESS_TOKEN | Generate it in your Bitwarden Service Account |
| BITWARDEN_ORGANIZATION_ID | Create a new organization for your Bitwarden Account. The organization id is visible as part of the URL, when you click on the organization |
After starting Cryptomator, the new password backend can be choosen on the General tab of the Cryptomator preferences as shown in the screenshot above.
A note on how Cryptomator enables password backends (the cryptomator-bitwarden plug-in is one of them) on statup: Cryptomator checks on startup, what backends are available. Every available backend gets configured and will show up in the prefs dialog. If it's not there, Cryptomator hadn't configured it and won't be able to use it.
Plug-in releases are signed. It is wise and more secure to check out for their integrity.
You can check that the version of the cryptomator-bitwarden plug-in that you want to install is original and unmodified by verifying the file's signature.
For example, to check the signature of the file cryptomator-bitwarden-0.5.0-SNAPSHOT.jar, you can use this command:
$ gpg --verify cryptomator-bitwarden-0.5.0-SNAPSHOT.jar.sig cryptomator-bitwarden-0.5.0-SNAPSHOT.jar
You should see something like the following output:
gpg: Signature made Tue Apr 30 20:01:53 2024 CEST
gpg: using RSA key 54CF8E1F55CE7E977A0E41895BFB2076ABC48776
gpg: Good signature from "Ralph Plawetzki <ralph@purejava.org>" [unknown]