This got merged recently and today I updated my system with nix flake update followerd by nixos-rebuild switch --flake. The bitwarden application seems to amongst other stuff have updated Bitwarden Desktop. But now I miss the “Unlock with system authentication” option entirely.
Is anyone here using Bitwarden and has found a solution? It’s really annoying, having to type the master password every time I close the browser
I would log in to Bitwarden, open the settings, and check the ‘Unlock with system authentication’ option. A popup would pop up and ask you for your password. Then it would work.
For unlocking the browser extension with the desktop app, you would activate the biometric login in the the Bitwarden browser extension.
I do use bitwarden on NixOS, but explicitely do not want to have it unlocked on login.
I also do not use plasma on NixOS, so I can not easily reproduce what you are trying to achieve.
I can say though, if I start and unlock my libsecrets provider first, and then start bitwarden, then bitwarden is unlocked without entering a password.
In the BitWarden extension, you can (logout, and then) re-sign-in with another device. This sends a notification to other authenticated devices (like my Pixel 9 Pro, with biometrics, etc, etc). When the other device approves the request, (something, either) the trusted device or the server releases some key that can is then used to open the extension’s vault.
This means I don’t even know my master password, and I don’t have to let it auto-unlock with some (almost surely ~not-so-secure) libsecret implementation.
Highly recommended. Not a direct answer though, hope y’all don’t mind the info.
Though I do usually not log out. I just lock the database (I actually configured auto lock after 5 minutes of idle) and then I unlock with a PIN.
I disabled asking for the master password (knowing about the implications).
But my thread model does see more poeple quickly using my browser, than it sees poeple knowing how to open a file that might contain the password in semi-clear fashion or even how to use a libsecret provider
So auto-lock + a PIN gives me enough of comfort to not have to remember the master password while at the same time it makes it harder for poeple to access my DB in the seconds I look away.
Another weird issue that I saw yesterday, was that I was still using the 2025.06.01 version, even though I had updated the system several times in the mean time. Could it be that turning on the autostart in the menu of the Bitwarden application causes it to point to the the old version in the nix store, no matter what you install in the mean time?
For the login I guess I have to figure out how it is supposed to work on a regular Linux and than track down what exactly is missing on my version. Unfortunately I never did that before, as it just worked.
Possible, depending on how they implemented it. Rather than managing that setting via GUI, I’d put that autostart code into my NixOS config.
EDIT: And yes it does seem to use an absolute store path which could even be garbage-collected See the contents of ~/.config/autostart/bitwarden.desktop.
Had some more time to dig. The only error I could find was this, when starting Bitwarden from terminal. The errors go away when setting the GTK_USE_PORTAL=0 env variable. But then no auth related logs at all can be seen. I’ve tried explicitly enabling the xdg portals in my nix config, but to no avail. Does anyone else has an idea?
Does anyone have
10:35:11.958 › Disabling coredumps in main process
10:35:11.960 › Disabling memory dumps in main process
10:35:13.506 › Firefox not found, skipping.
10:35:13.507 › Chrome not found, skipping.
10:35:13.507 › Chromium not found, skipping.
10:35:13.507 › Microsoft Edge not found, skipping.
10:35:13.514 › Native messaging server started at: /home/user/.cache/com.bitwarden.desktop/app.bitwarden
10:35:13.889 › [Native Messaging IPC] Browser integration fingerprint validation is disabled, untrusting all connected apps
10:35:13.890 › State version: 72
falling back to get legacy Bitwarden_auto de6924af-1e1e-4ef2-8123-b15600978e97_user_auto
falling back to get legacy Bitwarden de6924af-1e1e-4ef2-8123-b15600978e97_refreshToken
deleting legacy secret service entry Bitwarden de6924af-1e1e-4ef2-8123-b15600978e97_refreshToken
10:35:13.947 › [Credential Storage Listener] getPassword failed Error: File backend error Portal communication failed Portal request failed: org.freedesktop.zbus.Error: Portal operation not allowed: Unable to open /proc/67424/root
10:35:13.971 › Refresh token not found in secure storage. Access token will fail to refresh upon expiration or manual refresh.
10:35:13.992 › Error refreshing access token: Error: Cannot refresh access token, no refresh token or api keys are stored.
I am not sure how you installed the package, but I found a comment on github that it would not work if installed with home-manager, which turned out to be my problem. Installing it instead from environment.systemPackages fixed the problem for me.
