I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.
Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.
Narrator: …but it did.
I’m amazed that vaultwarden has maintained such fantastic compatibility with bitwarden. …but all it takes is one api with an obfuscated “signed request” to bring it all down.
No?
I get that clients might break, but the web portal running inside vaultwarden isn’t gonna suddenly stop working.
Vaultwarden itself is self-contained. An API change won’t do anything to it.
Then it creates the opportunity (need) for an open sourced client, if that ever happens, I’m confident the community will come together and make one using the currently known API calls.
The current (at least android) client for bitwarden is already open source (GPL 3).
I wasn’t certain what the bitwarden clients were licensed under.
…but if they’re all GPL, then yeah - it’ll just get forked. Just like terraform vs opentufu. Just like MySQL vs MariaDB - it’s a tale as old as time (unfortunately).
Vaultwarden has a backend encrypted db and web server, with it’s own API. The bitwarden clients are currently opensource so there could be a fork for the browser extension, and desktop client. Unlike 1Password, there is a good opensource base.