5.8 KiB
Bitwarden and Open Source
The source code for all Bitwarden software products is hosted on GitHub and we welcome everyone to review, audit, and contribute to the Bitwarden codebase.
We believe that making our source code open and available is a defining feature of Bitwarden, and that source code transparency offers critically important customer benefits for security solutions like Bitwarden.
As an open solution, Bitwarden publishes the source code for various modules under different licenses. We're providing this License Statement and FAQ document as an overview of our licensing philosophy, the specifics of module licensing, and to answer common questions regarding our licenses.
Bitwarden Software Licensing
We have two tiers of licensing for our software. The core products are offered under one of the GPL open source licenses: GPL 3 and A-GPL 3. A select number of features, primarily those designed for use by larger organizations rather than individuals and families, are licensed under a "Source Available" commercial license here.
Our current software products have the following licenses:
Bitwarden clients: The core password management code for individual password vaults, including Desktop, Web, Browser, Mobile, and CLI versions, is available under the GPL 3.0 license.
Bitwarden server: The main Bitwarden server code is licensed under the AGPL 3.0 license.
Business Portal and the SSO integration: Code for certain new modules that are designed and developed for use by larger organizations and enterprise environments is released under the Bitwarden License, a "source available" license. The Bitwarden License provides users access to product source code for non-production purposes such as development and testing, but requires a paid subscription for production use of the product, and environments supporting production. At this time, the new Business Portal and the SSO integration are the only Bitwarden modules to which this license applies.
Frequently Asked Questions
How can I contribute to Bitwarden open source projects?
We welcome new members of our developer community and there are many ways for you to contribute to our projects. For more information visit our Community Resources, specifically our Forum on GitHub Contributions.
In your GitHub repositories, how can I determine what license applies to a given software program?
Each Bitwarden repository contains a LICENSE.txt
file that spells out which license applies to the code in that repository.
In the case of the Bitwarden server repository, the files are organized into various directories. These directories are not only used for logical code organization, but also to clearly distinguish the license that a given source file falls under. All source files under the /bitwarden_license
directory at the root of the server repository are subject to the Bitwarden License. If a file is not organized under the /bitwarden_license
directory, the AGPL 3.0 license applies.
Can I offer a managed service based on Bitwarden products?
Any individual or organization considering offering Bitwarden "as a service" must be mindful of the strong "copyleft" attributes of our open source licenses, as well as the Bitwarden License. With respect to the server software available under the Bitwarden License, production use requires a separate commercial agreement with Bitwarden. With respect to the server software available under the AGPL license, as software professionals we cannot conceive a scenario in which the offering of Bitwarden "as-a-service" would not involve a modification to the applicable Bitwarden code, thereby triggering the strong copyleft provisions of the AGPL 3.0 license. We encourage anyone considering offering Bitwarden as a service, or integrating Bitwarden into a larger solution, to join the Bitwarden Partner Program for access to the comprehensive resources and support we make available to our authorized solutions partners. Please contact us for information.
What rights do I receive under the "Source Available" Bitwarden License?
Users of software licensed under the Bitwarden License receive a right to use the software source code for non-production purposes of internal development and internal testing. The right to use the software in a production environment, or environments directly supporting production, requires a paid Bitwarden subscription. This approach is modeled on the licensing approaches taken by other successful open source companies including Elastic (NYSE: ESTC) and Confluent.
Is Bitwarden open source?
As detailed above, the Bitwarden password management clients for individual use, the main Bitwarden server, and many libraries are available under the GPL family of licenses. The GPL licenses are widely used open source licenses created by the Free Software Foundation and endorsed as "open source" by the Open Source Initiative. The Bitwarden License does not qualify as an open source license under the OSI definition, but we believe that the license successfully balances the principles of openness and community with our business goals.
If I redistribute or provide services related to Bitwarden open source software can I use the "Bitwarden" name?
The Bitwarden trademark is a trusted mark applied to products distributed by Bitwarden, Inc., owner of the Bitwarden trademarks and products. We have adopted and enforce strict rules governing use of our trademarks. In limited cases, such as our Partner Program, we allow third parties to use our marks if they maintain high standards in the work they do. For more information, contact us at https://bitwarden.com/contact/.