The connector syncs the members of a single Bitwarden organization as user
identities and the organization’s groups. Each member carries their role
(Owner, Admin, User, Manager, or Custom), their invitation status (Invited,
Accepted, Confirmed, or Revoked), and whether two-step login is enabled. Each
group exposes a Member entitlement, and every member of a group is recorded
as a grant of that entitlement, so you can see who belongs to which group in
your Bitwarden organization.
You need your Bitwarden organization API key (a Client ID and Client
secret). It grants programmatic read access to your organization’s members,
groups, and collections, so treat the secret as sensitive.
1
Sign in to the Bitwarden web vault as an owner or admin of the organization
you want to sync.
2
Open the Admin Console, then go to Settings > Organization info.
3
In the API key area, click View API key. You may be prompted to
re-enter your master password.
4
Copy the client_id and client_secret values. The client_id looks
like organization.<uuid>. If you ever need to invalidate the credentials,
use Rotate API key on the same screen.
Follow these instructions to use a built-in, no-code connector hosted by C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for Bitwarden and click Add.
3
Choose how to set up the new Bitwarden connector.
4
Set the owner for this connector.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Enter the Bitwarden credentials:
Client ID: The organization API key client_id.
Client secret: The organization API key client_secret.
Identity token URL: The Bitwarden identity token endpoint. Use https://identity.bitwarden.com/connect/token for US cloud or https://identity.bitwarden.eu/connect/token for EU cloud.
Base URL: Leave blank for US cloud (https://api.bitwarden.com), or set https://api.bitwarden.eu for EU cloud.
8
Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
Done. Your Bitwarden connector is now pulling access data into C1.
Follow these instructions to run the Bitwarden connector in your own
environment.
1
Create secrets for the Bitwarden organization API key (client_id and client_secret).
2
Configure the connector environment variables:
BATON_BITWARDEN_CLIENT_ID: The organization API key client_id (store this as a secret).
BATON_BITWARDEN_CLIENT_SECRET: The organization API key client_secret (store this as a secret).
BATON_BITWARDEN_TOKEN_URL: The identity token endpoint, e.g. https://identity.bitwarden.com/connect/token (US cloud), https://identity.bitwarden.eu/connect/token (EU cloud), or https://<your-host>/identity/connect/token (self-hosted).
BATON_BITWARDEN_BASE_URL: Optional. Defaults to https://api.bitwarden.com. Set https://api.bitwarden.eu for EU cloud or https://<your-host>/api for a self-hosted instance.
3
Deploy the connector using your standard self-hosted connector process.
Done. Your Bitwarden connector is now pulling access data into C1.
