Open-Source Wikis

/

Bitwarden Server

/

Apps

bitwarden/server

Apps

Bitwarden Server is eleven ASP.NET Core processes that share src/Core/ and the database. Each app has its own csproj, Startup.cs, Program.cs, Dockerfile, and appsettings.*.json. The OSS distribution drops the four commercially-licensed projects under bitwarden_license/.

Service Path One-liner Page
Api src/Api/ The main REST API for clients (vault CRUD, organisations, sends, billing self-service, secrets manager). api.md
Identity src/Identity/ OAuth 2.0 / OIDC token endpoint built on Duende IdentityServer; handles every login flow. identity.md
Admin src/Admin/ Razor-Pages internal admin UI used by Bitwarden support staff for customer ops. admin.md
Billing src/Billing/ Receives Stripe / PayPal / BitPay / Braintree / FreshDesk webhooks. billing.md
Events src/Events/ Tiny write API clients post audit events to. events.md
EventsProcessor src/EventsProcessor/ Background service that drains the events queue into storage. events-processor.md
Notifications src/Notifications/ SignalR push hub for real-time client sync. notifications.md
Icons src/Icons/ Public favicon proxy / cache used by client autofill. icons.md
Sso bitwarden_license/src/Sso/ SAML / OIDC bridge between corporate IdPs and Identity. (Commercial) sso.md
Scim bitwarden_license/src/Scim/ SCIM 2.0 provisioning API for enterprise directory sync. (Commercial) scim.md
Setup (utility) util/Setup/ Self-host install / update bootstrapper. Not a long-running service. (bundled into deployment docs)

Cross-app concerns

Every app calls some subset of these in its Startup.ConfigureServices:

  • services.AddGlobalSettingsServices(Configuration, Environment) — bind GlobalSettings.
  • services.AddCustomDataProtectionServices(env, globalSettings) — ASP.NET Core data protection with Azure Blob persistence in cloud.
  • services.AddDatabaseRepositories(globalSettings) — pick Dapper or EF based on DatabaseProvider.
  • services.AddBaseServices(globalSettings) + services.AddDefaultServices(globalSettings) — the shared service registrations from src/Core/Utilities/ServiceCollectionExtensions.cs.
  • services.AddIdentityAuthenticationServices(globalSettings, env, ...) — Bearer JWT validation pointing at the Identity host.
  • services.AddCustomIdentityServices(globalSettings) — only the Identity host runs this.

The pipeline in Configure(app, ...) is similarly conventional: SecurityHeadersMiddleware → default middleware (CoreServiceCollectionExtensions.UseDefaultMiddleware) → optional rate limiting (cloud only) → CORS → auth → CurrentContextMiddleware → endpoints.

Service interaction shape

graph LR
    Client((Bitwarden client))
    Client --> Identity
    Client --> Api
    Client -->|WS| Notifications
    Client --> Events
    Client --> Icons

    subgraph Commercial
        Sso
        Scim
    end

    Sso --> Identity
    Scim --> Db[("DB")]

    Api --> Db
    Api --> Storage[("Blobs")]
    Api --> Cache[("Redis")]
    Api --> Bus[("Queue/Service Bus")]
    Bus --> EventsProcessor
    EventsProcessor --> Db

    Identity --> Db
    Notifications --> Bus

    Stripe -.->|webhook| Billing
    Billing --> Db

    Admin --> Db

Startup expectations

Production cloud topology runs each service in its own pod / app service. Self-host runs them as siblings under a single bitwarden.sh Docker Compose stack with one shared SQL Server (or other DB), one Redis, and one Notifications hub. The Setup utility (util/Setup/) writes a global.override.env that every service reads on boot so the stack stays consistent.

Pick the service page that matches what you are debugging or extending.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Apps – Bitwarden Server wiki | Factory