The Bitwarden integration allows you to ingest security-relevant events from your Bitwarden organization, including:
- User authentication: Track successful and failed login attempts, password changes, and two-factor authentication events
- Vault activity: Monitor item creation, access, and modifications
- Organization management: See user invitations, role changes, and policy updates
- Secrets Manager events: Track access to secrets, projects, and machine accounts
Prerequisites
Before setting up this integration, ensure you have:
- A Bitwarden Teams or Enterprise organization
- Owner privileges in your Bitwarden organization
- Access to the Bitwarden Admin Console
The Bitwarden Public API is available for Teams and Enterprise organizations only.
Step 1: Obtain Your Organization API Key
- Sign in to your Bitwarden Web Vault
- Open the Admin Console using the product switcher
- Navigate to Settings → Organization info
- Scroll down to the API key section
- Click View API Key (you may need to re-authenticate)
- Copy both the client_id and client_secret
Your organization API key provides full access to your organization. Keep it private and store it securely. If you believe it has been compromised, use the Rotate API key button to generate a new one.
Step 2: Identify Your Server URLs
Bitwarden uses different server URLs based on your hosting option and region:
Cloud-Hosted (US)
| Server Type | URL |
|---|
| API Server | https://api.bitwarden.com |
| Identity Server | https://identity.bitwarden.com |
Cloud-Hosted (EU)
| Server Type | URL |
|---|
| API Server | https://api.bitwarden.eu |
| Identity Server | https://identity.bitwarden.eu |
Self-Hosted
| Server Type | URL |
|---|
| API Server | https://your.domain.com/api |
| Identity Server | https://your.domain.com/identity |
If you’re unsure which region you’re on, check your Bitwarden sign-in URL. US users typically sign in at vault.bitwarden.com, while EU users sign in at vault.bitwarden.eu.
Step 3: Add the Integration in Wirespeed
- Log in to Wirespeed
- Navigate to Integrations → Add Integration
- Search for and select Bitwarden
- Enter the following information:
- API Server URL: The API server URL from Step 2
- Identity Server URL: The identity server URL from Step 2
- Client ID: The client_id from Step 1
- Client Secret: The client_secret from Step 1
- Click Integrate to complete the setup
What Events Are Collected?
User Events
Authentication and account-related events:
- Successful and failed login attempts
- Password changes
- Two-step login enable/disable
- Account recovery events
- Device approval requests
Item Events
Vault item activity:
- Item creation, editing, and deletion
- Viewing passwords, hidden fields, and security codes
- Copying credentials
- Autofill usage
- Attachment management
Collection & Group Events
Organizational structure changes:
- Collection creation, editing, and deletion
- Group management
Organization Events
Administrative actions:
- User invitations, confirmations, and removals
- Role and group assignments
- SSO configuration changes
- Policy modifications
- Organization settings updates
- Vault exports and purges
Secrets Manager Events
For organizations using Bitwarden Secrets Manager:
- Secret access, creation, editing, and deletion
- Project management
- Machine account changes
Troubleshooting
Authentication Errors
If you see authentication errors:
- Verify your client_id and client_secret are correct
- Ensure you’re using the correct API and Identity server URLs for your region/hosting
- Check that your API key hasn’t been rotated since setup
No Events Appearing
If events aren’t showing up:
- Events may take a few minutes to appear after initial setup
- Verify that activity is occurring in your Bitwarden organization
- Ensure your organization has an active Teams or Enterprise subscription
Rate Limiting
The Bitwarden Public API has rate limits. If you encounter rate limiting:
- Wirespeed will automatically retry with exponential backoff
- Events will be collected on the next sync cycle
Additional Resources
