Skip to content

tech-debt: Trust user certificates in debug builds#7108

Merged
david-livefront merged 1 commit into
mainfrom
debug-trust-user-certs
Jun 26, 2026
Merged

tech-debt: Trust user certificates in debug builds#7108
david-livefront merged 1 commit into
mainfrom
debug-trust-user-certs

Conversation

@david-livefront

@david-livefront david-livefront commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

🎟️ Tracking

N/A

📔 Objective

This PR updates the debug network_security_config to allow user certificates on the Bitwarden domains.

@david-livefront david-livefront requested a review from a team as a code owner June 26, 2026 18:17
@david-livefront david-livefront added the ai-review-vnext Request a Claude code review using the vNext workflow label Jun 26, 2026
@github-actions github-actions Bot added app:password-manager Bitwarden Password Manager app context t:tech-debt Change Type - Tech debt labels Jun 26, 2026
@github-actions

github-actions Bot commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR adds <certificates src="user" /> to the Bitwarden domain-config trust anchors in the debug network security config, allowing debug builds to trust user-installed CAs (e.g., for proxy-based traffic inspection) on Bitwarden domains. The change is scoped to app/src/debug/ and does not affect release builds. Verified that the production main config still trusts only system CAs for Bitwarden domains, and that the beta variant already uses this same pattern — so this brings debug in line with an existing codebase convention.

No security, correctness, or breaking-change concerns were identified.

Code Review Details

No findings. Reviewed for:

  • Production trust-anchor integrity — app/src/main/res/xml/network_security_config.xml is unchanged and still trusts only system CAs for Bitwarden domains.
  • Scope — change is isolated to the debug source set and does not weaken release/production builds.
  • Pattern consistency — matches the existing beta variant configuration.

@david-livefront

david-livefront commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator Author

Thanks @SaintPatrck

@david-livefront david-livefront added this pull request to the merge queue Jun 26, 2026
Merged via the queue into main with commit fa09764 Jun 26, 2026
24 of 28 checks passed
@david-livefront david-livefront deleted the debug-trust-user-certs branch June 26, 2026 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SaintPatrck SaintPatrck SaintPatrck approved these changes

Assignees

No one assigned

Labels

ai-review-vnext Request a Claude code review using the vNext workflow app:password-manager Bitwarden Password Manager app context t:tech-debt Change Type - Tech debt

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@david-livefront @SaintPatrck