17 Apr 2024 |
fabolicious312 | Redacted or Malformed Event | 20:00:20 |
18 Apr 2024 |
BlackDex | If you ever saved the config via the admin interface, then there is a config.json file in your data directory. Which overrules any environment variable | 08:45:19 |
| Gaëlle joined the room. | 10:45:09 |
fabolicious312 | Redacted or Malformed Event | 10:46:28 |
Kevin P. Fleming | Some day, when someone has time, it would be really nice if the admin page showed the source of each of the values it is displaying, so that the admin could see that the value displayed did not actually come from the environment variable they set :-) | 11:06:21 |
BlackDex | It already does | 11:06:53 |
BlackDex | Download image.png | 11:07:30 |
| @thib:ergaster.org left the room. | 12:15:23 |
| Anne Kootstra changed their profile picture. | 13:55:22 |
| Kakious changed their profile picture. | 16:09:49 |
fabolicious312 | * Oh that was indeed it. Sorry, shoulda checked that beforehand. | 18:42:06 |
| @andreas:due.ren left the room. | 23:15:16 |
19 Apr 2024 |
nko | Hi,
Is there a way to block users from exporting the whole organization's vault?
I found this: https://vaultwarden.discourse.group/t/disable-personal-vault-export-policy/1374 | 05:31:35 |
BlackDex | Users aren't able to export the whole organization vault. Only admins and owners of that org are.
Users can only export their personal vault. Which of course could contain cloned items.
And using the cli they are able to do something similar of course.
| 05:54:53 |
BlackDex | And, there is no way to fully block something like that. The users have access to the org and to the secrets it contains. Since users can decrypt those items, there is no way to prevent this. | 05:58:26 |
BlackDex | * And, there is no way to fully block something like that. The users hase access to the org and to the secrets it contains. Since users can decrypt those items, there is no way to prevent this. | 05:58:51 |
nko | Understood, I just needed to avoid exporting the whole vault "easily" | 06:22:56 |
Mat | Hello! Does VW support the Vault Management API (https://preview.bitwarden.com/fr-fr/help/vault-management-api/)? | 10:40:43 |
BlackDex | Results in a 404 | 10:59:23 |
BlackDex | And probably not | 10:59:28 |
danig | you need to use the `bw serve` CLI command, as far as I know it’s just a normal client to Vaultwarden, the HTTP api is provided by the CLI | 11:14:11 |
danig | So I think it should work, but I’ve never tried it | 11:15:28 |
Mat | oh, I thought it was a server API. But bw server acts as a proxy between clients and VW right? | 11:42:23 |
Mat | more likely to be used by independant web clients like browsers and so on | 11:42:46 |
danig | Yeah the bw serve exposes an unencrypted http api that you can use to create and modify items in your vault, but then the CLI internally encrypts items and uses the internal server API that all the clients use | 11:48:34 |
Mat | fine, very interesting! | 11:54:37 |
Mat | thank you | 11:54:42 |
| @ekoeppl:m.datalok.de joined the room. | 14:57:57 |
| @ekoeppl:m.datalok.de left the room. | 14:59:27 |
| fabolicious312 left the room. | 19:19:24 |