Implement cipher key encryption #3990
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BlackDex
reviewed
Oct 21, 2023
BlackDex
reviewed
Oct 21, 2023
|
Doesn't seem to be in the master branch yet. |
|
The changes are in master but you need to enable them in the web vault flags before building the project: After that, the new build will create new ciphers with individual keys, but it won't update the old ones just yet. The clients PR is here, and it also links to the server changes: bitwarden/clients#6241 |
BlackDex
approved these changes
Oct 22, 2023
jayknyn
pushed a commit
to ayamsecure/secrets
that referenced
this pull request
Oct 28, 2023
arthurgeek
referenced
this pull request
in arthurgeek/vaultwarden-fly-template
Nov 12, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [vaultwarden/server](https://togithub.com/dani-garcia/vaultwarden) | stage | minor | `1.29.2-alpine` -> `1.30.0-alpine` | --- ### Release Notes <details> <summary>dani-garcia/vaultwarden (vaultwarden/server)</summary> ### [`v1.30.0`](https://togithub.com/dani-garcia/vaultwarden/releases/tag/1.30.0) [Compare Source](https://togithub.com/dani-garcia/vaultwarden/compare/1.29.2...1.30.0)⚠️ **Note:** The WebSockets service for live sync has been integrated in the main HTTP server, which means simpler proxy setups that don't require a separate rule to redirect WS traffic to port 3012. Please check the updated examples in the [wiki](https://togithub.com/dani-garcia/vaultwarden/wiki/Proxy-examples). It's recommended to migrate to this new setup as using the old server on port 3012 is deprecated, won't receive new features and will be removed in a future release. #### Major changes and New Features - Added `passkey` support, allowing the browser extensions to store and use your `passkeys`, make sure the extension is updated to version `2023.10.0` or newer for passkey support. - Updated web vault to 2023.10.0. - Fixed crashes in ARMv6 devices - Fixed crashes when trying to create/edit a cipher in the mobile applications. #### What's Changed - Update Rust and Crates by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3808](https://togithub.com/dani-garcia/vaultwarden/pull/3808) - update web-vault to v2023.8.2 by [@​stefan0xC](https://togithub.com/stefan0xC) in [https://github.com/dani-garcia/vaultwarden/pull/3821](https://togithub.com/dani-garcia/vaultwarden/pull/3821) - Fix Login With Device without MasterPassword by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3831](https://togithub.com/dani-garcia/vaultwarden/pull/3831) - Update GitHub Workflow by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3910](https://togithub.com/dani-garcia/vaultwarden/pull/3910) - Fix arm builds by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3911](https://togithub.com/dani-garcia/vaultwarden/pull/3911) - Fix typos by [@​tuhanayim](https://togithub.com/tuhanayim) in [https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959) - csp: rename anonaddy.com to addy.io by [@​stefan0xC](https://togithub.com/stefan0xC) in [https://github.com/dani-garcia/vaultwarden/pull/3950](https://togithub.com/dani-garcia/vaultwarden/pull/3950) - filter handlebars logs by [@​stefan0xC](https://togithub.com/stefan0xC) in [https://github.com/dani-garcia/vaultwarden/pull/3859](https://togithub.com/dani-garcia/vaultwarden/pull/3859) - Remove unnecessary variable clone by [@​mvalois](https://togithub.com/mvalois) in [https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981) - README.md: Fix grammar nit by [@​AndreasHGK](https://togithub.com/AndreasHGK) in [https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965) - Fix small issues by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3964](https://togithub.com/dani-garcia/vaultwarden/pull/3964) - Adds LastActive on /admin/users API route by [@​mvalois](https://togithub.com/mvalois) in [https://github.com/dani-garcia/vaultwarden/pull/3951](https://togithub.com/dani-garcia/vaultwarden/pull/3951) - Reopen log file on SIGHUP by [@​tobiasmboelz](https://togithub.com/tobiasmboelz) in [https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909) - Fix External ID not set during DC Sync by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3804](https://togithub.com/dani-garcia/vaultwarden/pull/3804) - New config option disable email change by [@​admav](https://togithub.com/admav) in [https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986) - 2FA Confirmation Code Email subject line change to fix triggering Google spam blocker by [@​aureateflux](https://togithub.com/aureateflux) in [https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572) - Implement cipher key encryption by [@​dani-garcia](https://togithub.com/dani-garcia) in [https://github.com/dani-garcia/vaultwarden/pull/3990](https://togithub.com/dani-garcia/vaultwarden/pull/3990) - Container building changes by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3958](https://togithub.com/dani-garcia/vaultwarden/pull/3958) - Fix issue with MariaDB/MySQL migrations by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3994](https://togithub.com/dani-garcia/vaultwarden/pull/3994) - feat: Working passkeys storage by [@​GeekCornerGH](https://togithub.com/GeekCornerGH) in [https://github.com/dani-garcia/vaultwarden/pull/4025](https://togithub.com/dani-garcia/vaultwarden/pull/4025) - ci: add trivy workflow by [@​mightyBroccoli](https://togithub.com/mightyBroccoli) in [https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997) - Fix importing Bitwarden exports by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/4030](https://togithub.com/dani-garcia/vaultwarden/pull/4030) #### New Contributors - [@​tuhanayim](https://togithub.com/tuhanayim) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959) - [@​mvalois](https://togithub.com/mvalois) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981) - [@​AndreasHGK](https://togithub.com/AndreasHGK) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965) - [@​tobiasmboelz](https://togithub.com/tobiasmboelz) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909) - [@​admav](https://togithub.com/admav) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986) - [@​aureateflux](https://togithub.com/aureateflux) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572) - [@​mightyBroccoli](https://togithub.com/mightyBroccoli) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997) **Full Changelog**: dani-garcia/vaultwarden@1.29.2...1.30.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/arthurgeek/vaultwarden-fly-template). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
arthurgeek
referenced
this pull request
in arthurgeek/vaultwarden-fly
Nov 12, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [vaultwarden/server](https://togithub.com/dani-garcia/vaultwarden) | stage | minor | `1.29.2-alpine` -> `1.30.0-alpine` | --- ### Release Notes <details> <summary>dani-garcia/vaultwarden (vaultwarden/server)</summary> ### [`v1.30.0`](https://togithub.com/dani-garcia/vaultwarden/releases/tag/1.30.0) [Compare Source](https://togithub.com/dani-garcia/vaultwarden/compare/1.29.2...1.30.0)⚠️ **Note:** The WebSockets service for live sync has been integrated in the main HTTP server, which means simpler proxy setups that don't require a separate rule to redirect WS traffic to port 3012. Please check the updated examples in the [wiki](https://togithub.com/dani-garcia/vaultwarden/wiki/Proxy-examples). It's recommended to migrate to this new setup as using the old server on port 3012 is deprecated, won't receive new features and will be removed in a future release. #### Major changes and New Features - Added `passkey` support, allowing the browser extensions to store and use your `passkeys`, make sure the extension is updated to version `2023.10.0` or newer for passkey support. - Updated web vault to 2023.10.0. - Fixed crashes in ARMv6 devices - Fixed crashes when trying to create/edit a cipher in the mobile applications. #### What's Changed - Update Rust and Crates by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3808](https://togithub.com/dani-garcia/vaultwarden/pull/3808) - update web-vault to v2023.8.2 by [@​stefan0xC](https://togithub.com/stefan0xC) in [https://github.com/dani-garcia/vaultwarden/pull/3821](https://togithub.com/dani-garcia/vaultwarden/pull/3821) - Fix Login With Device without MasterPassword by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3831](https://togithub.com/dani-garcia/vaultwarden/pull/3831) - Update GitHub Workflow by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3910](https://togithub.com/dani-garcia/vaultwarden/pull/3910) - Fix arm builds by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3911](https://togithub.com/dani-garcia/vaultwarden/pull/3911) - Fix typos by [@​tuhanayim](https://togithub.com/tuhanayim) in [https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959) - csp: rename anonaddy.com to addy.io by [@​stefan0xC](https://togithub.com/stefan0xC) in [https://github.com/dani-garcia/vaultwarden/pull/3950](https://togithub.com/dani-garcia/vaultwarden/pull/3950) - filter handlebars logs by [@​stefan0xC](https://togithub.com/stefan0xC) in [https://github.com/dani-garcia/vaultwarden/pull/3859](https://togithub.com/dani-garcia/vaultwarden/pull/3859) - Remove unnecessary variable clone by [@​mvalois](https://togithub.com/mvalois) in [https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981) - README.md: Fix grammar nit by [@​AndreasHGK](https://togithub.com/AndreasHGK) in [https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965) - Fix small issues by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3964](https://togithub.com/dani-garcia/vaultwarden/pull/3964) - Adds LastActive on /admin/users API route by [@​mvalois](https://togithub.com/mvalois) in [https://github.com/dani-garcia/vaultwarden/pull/3951](https://togithub.com/dani-garcia/vaultwarden/pull/3951) - Reopen log file on SIGHUP by [@​tobiasmboelz](https://togithub.com/tobiasmboelz) in [https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909) - Fix External ID not set during DC Sync by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3804](https://togithub.com/dani-garcia/vaultwarden/pull/3804) - New config option disable email change by [@​admav](https://togithub.com/admav) in [https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986) - 2FA Confirmation Code Email subject line change to fix triggering Google spam blocker by [@​aureateflux](https://togithub.com/aureateflux) in [https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572) - Implement cipher key encryption by [@​dani-garcia](https://togithub.com/dani-garcia) in [https://github.com/dani-garcia/vaultwarden/pull/3990](https://togithub.com/dani-garcia/vaultwarden/pull/3990) - Container building changes by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3958](https://togithub.com/dani-garcia/vaultwarden/pull/3958) - Fix issue with MariaDB/MySQL migrations by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/3994](https://togithub.com/dani-garcia/vaultwarden/pull/3994) - feat: Working passkeys storage by [@​GeekCornerGH](https://togithub.com/GeekCornerGH) in [https://github.com/dani-garcia/vaultwarden/pull/4025](https://togithub.com/dani-garcia/vaultwarden/pull/4025) - ci: add trivy workflow by [@​mightyBroccoli](https://togithub.com/mightyBroccoli) in [https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997) - Fix importing Bitwarden exports by [@​BlackDex](https://togithub.com/BlackDex) in [https://github.com/dani-garcia/vaultwarden/pull/4030](https://togithub.com/dani-garcia/vaultwarden/pull/4030) #### New Contributors - [@​tuhanayim](https://togithub.com/tuhanayim) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3959](https://togithub.com/dani-garcia/vaultwarden/pull/3959) - [@​mvalois](https://togithub.com/mvalois) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3981](https://togithub.com/dani-garcia/vaultwarden/pull/3981) - [@​AndreasHGK](https://togithub.com/AndreasHGK) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3965](https://togithub.com/dani-garcia/vaultwarden/pull/3965) - [@​tobiasmboelz](https://togithub.com/tobiasmboelz) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3909](https://togithub.com/dani-garcia/vaultwarden/pull/3909) - [@​admav](https://togithub.com/admav) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3986](https://togithub.com/dani-garcia/vaultwarden/pull/3986) - [@​aureateflux](https://togithub.com/aureateflux) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3572](https://togithub.com/dani-garcia/vaultwarden/pull/3572) - [@​mightyBroccoli](https://togithub.com/mightyBroccoli) made their first contribution in [https://github.com/dani-garcia/vaultwarden/pull/3997](https://togithub.com/dani-garcia/vaultwarden/pull/3997) **Full Changelog**: dani-garcia/vaultwarden@1.29.2...1.30.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/arthurgeek/vaultwarden-fly). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New versions of the bitwarden clients will very soon start using separate encryption keys for each cipher, so we need to handle those.
At the same time, I've noticed that the clients have started depending on the version value of the
/configendpoint to do backwards compatibility checks, so I think the simplest solution for everyone would be for us to return the server version that most closely matches the features we support.They are doing the semver checks here:
https://github.com/bitwarden/clients/blob/3e495ab082e2152284a36bb5d2b2fb7a4060cfb3/libs/common/src/platform/services/config/config.service.ts#L116-L127
For now the only check they are doing is for version 2023.9.1 for the cipher key encryption feature that this PR implements, so we report that we support that version:
https://github.com/bitwarden/clients/blob/3e495ab082e2152284a36bb5d2b2fb7a4060cfb3/libs/common/src/vault/services/cipher.service.ts#L56
Also added the section for feature flags in the config, the current ones reported on the official vault are:
For now as a test I've enabled autofill-v2 as that is an entirely client side change, so it won't affect us