Say hello to Bitwarden, our password manager

sauloperez · February 25, 2019, 12:57pm

Finally I created the Bitwarden account as we agreed in the last global hangout. So far subscribed to Team plan with 11 users: Luis, Dani, Rachel, Myriam, Kirsten, Paco, Maikel, Kristina, Matt, Jen and myself. I had doubts about Lynne, Nick, Sigmund and others. Let me know if you’ll need access and I’ll create extra seats.

First of all, keep in mind I have to manually accept you once you confirm the invitation. Once done, you can add a new element and then, when it shows up in the list, click on the gear icon and “share” it with the Open Food Network organization picking the appropriate collection. For instance, I added the credentials of our Datadog account.

Regarding collections. These are the ones I thought of but we can create others as soon as we need them. Then we could grant access to particular ones and remove access to others to particular users if we think is worth.

As for the account itself, I created it as Coopdevs but Katuma will pay for it. Consider it part of our contribution to the global pot. @MyriamBoure any instructions to keep track of this expense in our holly spreadsheets?

Let’s make OFN a bit more manageable

Please, don’t hesitate to raise any questions.

lauriewayne1 · February 25, 2019, 1:57pm

Thank you Pau! Would it be possible for you to create seats for @MSFutureFarm and myself without too much trouble or expense? Does it make sense to have a collection per instance to keep track of pesky instance-specific things like email, Mailchimp, Stripe, and other passwords in addition to things like secrets?

sauloperez · February 26, 2019, 3:47pm

My idea was to use it for global accounts that were worth sharing but I don’t mind giving it also a instance-specific use. It’s 2$/month the extra seat. Having instance-collections could be a way to have it well organized.

What do others think? @Rachel you also wanted to add French specific entries?

Unrelated, do not forget to install the browser extension for it to be useful.

Rachel · February 26, 2019, 9:43am

Yes I do. But maybe each instance should deal with creating its own instance? That’s what I was going to do for France, but I’m open to other suggestions

lauriewayne1 · February 26, 2019, 12:07pm

We’ll take care of it for the US for now. There doesn’t seem to be a huge advantage to making a collection as opposed to a separate installation (but we might want to stash a key to the door of that in the global accounts bucket just in case).

sauloperez · February 26, 2019, 3:47pm

Whatever suits you best.

Rachel · March 7, 2019, 12:25pm

FYI I’ve started to use folders to organise stuff and do quick searches in bitwarden.

sauloperez · March 7, 2019, 10:38am

Sorry, I don’t understand what you mean.

Rachel · March 7, 2019, 12:26pm

@sauloperez I’ve started to create folders to filter the page. You can find the list of the folders here:

Rachel · March 18, 2019, 1:33pm

OK. Turns out folders are only seen by the users himself. So I created an OFN France collection and a “testing stuff” collection so that we can filter the accounts more easily. If the default collection becomes too big, we can create other collections as well.

Rachel · November 19, 2020, 5:28pm

Alright so we are soon welcoming new devs in the team, so we need to change our strategy for the 13 accounts we have on bitwarden.

We could increase the number of paid accounts. Who is paying currently for bitwarden? @sauloperez is that still ES?

Even with more accounts, I think we should have a strategy for who gets access to what. Instances that are managed by global sysadmin pool should all have access. I think I read somewhere that @tschumilas has not access. And I don’t see anyone from BE or DE.
This means that if something changes in Stripe, Sendgrid etc in those instances, the global team has no more access to the latest credentials to help the instance. I think this is bad, especially if we want to increase support to instances.

Support team in instances need those credentials as well, however if we rely only on adding accounts I believe we will make the budget explode…

I think @Kirsten you have mentioned somewhere that in AU you have duplicated the whole credentials within an AU account. That could do the trick, but each time you update a password, you need to update it twice in bitwarden. Is that correct?

@lin_d_hop how are you managing this?

In France, François’ account is shared among the team. Is that a viable workaround?

Otherwise we could also negociate pricing with Bitwarden?

Any other ideas?

sauloperez · November 20, 2020, 8:01am

Thanks for taking the lead, @Rachel.

Bitwarden is currently being paid by the UK. Re duplicate credentials, that’s what we’re doing for Katuma but luckily we haven’t had any issue although it does concern me as well. I’d email them on how to better solve this situation. I’m pretty sure we’re not the first ones in this situation.

I also think a single account could work, as long we store its credentials in our personal password manager

Jen · February 23, 2021, 12:01am

Yes, we duplicate, which leads to some complications as our local team use Aus bitwarden and update things there/don’t look in global bitwarden for tools and passwords. It probably doesn’t impact instance platform operation as those things get kept in global bitwarden, but it is messy