Bitwarden

key connector is a self hosted application that facilitates customer managed encryption (cms), enabling an enterprise organization to serve cryptographic keys to bitwarden clients key connector runs as a docker container on the same network as existing services, and you can use it with an sso login to serve cryptographic keys as an alternative to requiring a master password for vault decryption bitwarden supports the deployment of one key connector for use by a single organization for a self hosted instance key connector requires a connection to a database that stores encrypted user keys and an rsa key pair to encrypt and decrypt stored user keys you can configure key connector with a variety of database providers (such as mssql, postgresql, or mysql) and key pair storage providers (including hashicorp vault, cloud kms providers, and on prem hsms) to fit your business infrastructure requirements why use key connector? in implementations that leverage master password decryption, your identity provider handles authentication, and you need a member's master password for vault decryption this separation of concerns is an important step that ensures that only an organization member can access the key required to decrypt your sensitive vault data in implementations that leverage key connector for decryption, your identity provider still handles authentication, but key connector handles vault decryption by accessing an encrypted key database, key connector provides users with their decryption key when they log in without requiring a master password we often refer to key connector implementations as leveraging customer managed encryption because your business is solely responsible for managing the key connector application and the vault decryption keys it serves for enterprises ready to deploy and maintain a customer managed encryption environment, key connector facilitates a streamlined vault login experience