Bitwarden

about key connector key connector is a self hosted application that facilitates customer managed encryption (cms), enabling an enterprise organization to serve cryptographic keys to bitwarden clients you can use key connector, which runs as a docker container on the same network as existing services, with a login with sso to serve cryptographic keys for your organization as an alternative to requiring a master password for vault decryption bitwarden supports the deployment of one key connector for use by one organization for a self hosted instance key connector requires connection to a database where you store encrypted user keys and an rsa key pair to encrypt and decrypt stored user keys you can configure key connector with a variety of database providers (such as mssql, postgresql, or mysql) and key pair storage providers (including hashicorp vault, cloud kms providers, and on prem hsm devices) to fit your business infrastructure requirements why use key connector? in implementations that leverage master password decryption, your identity provider handles authentication, and you need a member's master password for vault decryption this separation of concerns is an important step that ensures that only an organization member can access the key required to decrypt sensitive vault data in implementations that leverage key connector for decryption, your identity provider still handles authentication, but key connector handles vault decryption by accessing an encrypted key database, key connector provides users with their decryption key when they log in without requiring a master password we often refer to key connector implementations as leveraging customer managed encryption, because your business has sole responsibility for the management of the key connector application and of the vault decryption keys it serves for enterprises ready to deploy and maintain a customer managed encryption environment, key connector facilitates a streamlined vault login experience