Just tried it, and it seems you can’t edit or add items without a premium subscription??

Or am I missing something?

Edit: Apparently only when installing via the Play Store. Very weird decision.

Ah damn it -.-

Too bad, the app is really nice to use :/

Thank you! It seems this whole thing was a misunderstanding however. It was an error on Bitwarden’s part that they intend to correct. I may still switch to kepassxc later on, mostly to save the money.

That “explanation” is unsatisfactory and likely wrong: https://www.gnu.org/licenses/gpl-faq.html#MereAggregation

So they either have to license their SDK under a GPLv3 compatible license, or switch the license of their client to a non-GPL one.

Their “explaination” only mentions why they think can do it, but not why they are doing it.

That’s the technical explanation for the changes, no an explanation for closing the discussion all together.

GPL’d clients. Everything is encrypted/decrypted on the client before sending/receiving to/from the server. I may later switch to a self-hosted solution, but don’t want to set one up right now (was using BitWarden’s cloud before).

as another option this KeePassXC(PC)+radicale+DAVx5 The same for KeepassDX

There’s an Android app, but it’s not being developed any more https://github.com/android-password-store/Android-Password-Store

There’s an iOS app as well https://mssun.github.io/passforios/

They have a list with all the clients and other tools on their website
https://www.passwordstore.org/#other

Integration with Android

The GnuPG implementation for Android is called OpenKeychain. To configure it, just go to the “key management” menu and import the previously created secret key. The only drawback of OpenKeychain for me personally is that there is no fingerprint unlocking.

The pass implementation for Android is called android-password-store, or simply APS.

Install and launch APS. Before synchronizing the password store, go to the “Settings” menu. There we will need the following items:

1. Git server settings. The resulting URL should be the same as that specified on the repository page on github. Authorization type - OpenKeychain.

2. Git utils. In this section, specify the username and email from the gpg key.

3. OpenPGP provider. Select OpenKeychain.

4. Autofill.

Now you can clone. Select “clone from server” on the main screen, specify the desired location of the repository, check the git settings.

Of course, pass is not that easy to set up. However, this price buys confidence that the tools we use will not one day be declared obsolete, will not change their data format, and will not be left without support.

A small script for entering passwords into various windows via rofi, I take passwords from pass.

Example script:

#!/bin/bash
# Sample file rofi_pass.sh
passwords=$(find /home/fireshell/.password-store/ -type f -name *.gpg)
selected_pass=$(echo -e "$passwords" | awk -F "/" '{printf "%s > %s\n", $5, $6}' | rofi -dmenu -p Pass)
item=$(echo "$selected_pass" | awk '{printf "%s/%s", $1, $3}' | sed 's/\.gpg//g')
data=$(pass show $item)
pass=$(echo -e "$data" | head -n1)
login=$(echo -e "$data" | grep -e "^login: " | sed 's/^login: //g')
xdotool type "$login"
xdotool key Tab
xdotool type "$pass"

In awesome wm I bound a key that calls it like this:

awful.key({ modkey}, "p", function () awful.spawn.with_shell("/home/fireshell/Scripts/rofi_pass.sh") end    ,
{description = "rofi pass", group = "launcher"}),  

I turn on the computer, press the key combination and the script works, or I run this script from the terminal (~/Scripts/rofi_pass.sh), select the password - it works (if necessary, pinentry is called to enter the main password), after that I press the key combination, select the desired entry

passmenu: extremely useful and wonderful dmenu script.

They claim the SDK and Bitwarden are completely separate, so Bitwarden is still open source.

The fact that the current version of Bitwarden doesn’t work at all without the SDK is just a bug, which will be fixed Soon™

They’re trying to argue legal technicalities because acknowledging that they’re trying to reduce compatibility with servers like vaultwarden would be bad PR.

Per their new license, anyone that uses their SDK to build a client cannot say, “this is for Bitwarden and compatible servers like vaultwarden”. They cannot support those other servers, per their license. Anyone that gets suckered into using their SDK now becomes a force against alternative implementations.

The main program is open, but the development tools are not

The direction that the company is taking. Clearly that Bitwarden feels like other open source projects are diverting revenue from them.

That’s a small step towards enshittification. They close this part of the software, then another part until slowly it is closed source.

We’ve seen this move over and over.

Stopping your business with Bitwarden over that issue sends a message that many customers don’t find this acceptable. If enough people stop using their service, they have a chance to backtrack. But even then, if they’ve done it once, they’ll try it again.

Your current price is 10$/year now. But the moment a company tries to cull any open source of their project is the moment they try to cash it in.

How will anyone know what they add to the code now? That’s the problem, and with our fucking passwords no less. They can fuck right off. In my environment alone they will be loosing upwards of 3,500 dollars yearly, 700,000 if I can convince my boss to dump them for the company as well.

I doubt it. What’ll probably happen is them moving more and more of the logic into the SDK (or adding the back-end of new features there), and leaving the original app to be more or less an agpl-licensed ui, while the actual logic becomes source-available. Soo, somewhat red-hat-esque vibes: no-no, we don’t violate no stupid licenses, we just completely go against their spirit.