bitwarden/server
Lore
A brief history of the Bitwarden Server codebase, derived from git history (commits, tags, and directory creation dates) on the main branch as of April 2026. Where the "why" behind a change is not obvious from the commit, the wording hedges accordingly.
Eras
The DocumentDB beginnings (Dec 2015 – early 2017)
The repository's initial commit, 437b9710, lands on 2015-12-08 with the title "initial commit of source". The earliest implementation appears to have been built around Azure DocumentDB / Cosmos DB rather than SQL Server — many late-December 2015 commits read like "Added retry logic to all documentdb queries" and "throttle bulk procs to 50 ciphers at a time". The first repository owner was Kyle Spearrin (kyle.spearrin@gmail.com), who is still by far the largest contributor with 2,360 commits across 11 years.
This era ends around early 2017 when the SQL Server schema (src/Sql/) becomes the canonical store and Dapper takes over from DocumentDB. By 2017 the codebase has grown to ~1,000 commits/year as the public launch and on-prem story stabilise.
The .NET Core migration (2018 – 2019)
ASP.NET Core (.NET Core 2.x → 3.x) replaces classic ASP.NET. Commit volume drops to ~500/year as the team focuses on stability. 2019-01-15 sees the first PostgreSQL-related commit (set up postgresql repository), foreshadowing the multi-DB future, although the work is not productized at the time. The codebase finishes the era as a single-process API plus Identity, Admin, and EventsProcessor apps.
Multi-database self-host (Mid 2021 – 2022)
In 2021-07 a sustained effort lands "Postgres & MySql Support For Self-Hosted Installations" (PR #1386, 2021-07-08) and the EF migration naming convention (PR #1464, 2021-07-15). src/Infrastructure.EntityFramework/ is fleshed out alongside Dapper, and util/MySqlMigrations, util/PostgresMigrations, and util/SqliteMigrations are added. From this point onward, every schema change has to ship in both a util/Migrator/DbScripts/*.sql file and a matching set of EF migrations.
Secrets Manager (2022 – 2023)
The first "SM-" prefixed commit is 2022-07-18 "[SM-82] Add HttpController Attribute to protect secrets manager controllers during development". The big "[SM-394] Secrets Manager" merge lands on 2023-01-13 as PR #2164, and Secrets Manager Trash (SM-281) follows on 2023-02-20. This is the first commercial product that occupies its own top-level domain (src/Core/SecretsManager) and dedicated server resources (bitwarden_license/src/Commercial.Core/SecretsManager/). Secrets Manager went GA in 2023 and continues to expand.
Domain restructuring & Admin Console era (Late 2023 – 2024)
Code ownership is rationalised across the codebase. PR #3369 on 2023-10-27 "[AC-1200] Admin Console code ownership - move OrganizationFeatures" migrates organization-feature code to the dedicated Admin Console namespaces (src/Core/AdminConsole/OrganizationFeatures/). Vault, Auth, Tools, KeyManagement, and Dirt follow with their own namespaces under src/Core/. Files acquire trailing AGPL/Bitwarden license headers driven by Directory.Build.props. The Admin Console Collections refactor (PR #4922, 2024-11-07) and Multi-Org Enterprise providers (#4920, 2024-10-23) ship in this era.
Auth modernization (2024 – 2025)
The Auth team rewrites large parts of identity. WebAuthn-based Login With Passkey and Trusted Device Encryption (TDE) ship under src/Core/Auth/UserFeatures/WebAuthnLogin/ and src/Core/Auth/UserFeatures/DeviceTrust/. Authorization is moved to attribute/handler/requirement style (PR #6001 "Move to authorization to attributes/handlers/requirements", 2025-07-15). Rate limiting and master-password policies mature. The legacy User two-factor blob format gradually moves toward a strongly-typed model.
Billing renaissance (2025 – 2026)
A long-running price migration / proration overhaul reshapes the billing code. The IPriceIncreaseScheduler (PR #7305, 2026-03-26), schedule-aware storage commands (#7350), and the migration of cancel/reinstate paths (#7331, 2026-03-31) are the visible tip. The src/Core/Billing/ directory grows substantially in 2025 and Q1 2026, and src/Billing/ (the standalone webhook receiver) sees corresponding work. Renovate-driven Stripe and Swashbuckle major bumps land throughout this era.
SDK reuse (2025 – present)
The Bitwarden Rust SDK lives at util/RustSdk/ and is integrated into util/Seeder/ and (via FFI) into the cipher domain. PR #7488 "Migrate server specific skills into correct location" (2026-04-21) and PR removing the cipher-domain SDK feature flag (2026-04-13) are part of this push to share encryption/decryption logic between server and client.
Longest-standing surviving features
Cipherand the SQL stored procedures — date back to 2015's initial commit and have weathered every refactor. Now augmented by a domain layer (src/Core/Vault/Services/Implementations/CipherService.cs) and a partial Rust SDK port.- Master-password authentication via Identity / Duende IdentityServer — present since 2016, still the default flow despite TDE and WebAuthn additions.
- Two-factor TOTP & Email — the original 2FA providers have been in the codebase since the start.
Duo,WebAuthn, andYubico OTPwere added later (Duo in 2017, WebAuthn around 2022). - Quartz.NET background jobs — wired into every service's
JobsHostedServicesince the early days.
Deprecated or replaced features
- DocumentDB — replaced by SQL Server in early 2017. Some legacy comments (e.g. "break down large arrays into manageable sizes for documentdb requests") are still buried in old migration scripts.
- U2F (legacy) — superseded by WebAuthn. The provider type is still recognised on read for old enrolments but new enrolments go through
WebAuthnTokenProvider. - The
pre-EFDapper-only repositories for self-host — replaced by the dual Dapper / EF Core repository setup in 2021. - The pre-2023
Organization-bound feature code — moved intosrc/Core/AdminConsole/in late 2023; old paths now redirect via the namespace move. - Old TDE offboarding flow — still present via
TdeOffboardingPasswordbut newer master-password rotation paths are preferred.
Major rewrites & migrations
| Era | Change |
|---|---|
| 2017 | DocumentDB → SQL Server. |
| 2018-2019 | ASP.NET (full framework) → ASP.NET Core. |
| 2021 | Single-DB → SQL Server + EF Core (MySQL / Postgres / SQLite). |
| 2022-2023 | Secrets Manager added as a new product surface. |
| 2023 | Code-ownership reshape — features moved to AdminConsole / Vault / Auth / Tools / KeyManagement / Dirt namespaces. |
| 2024-2025 | Authorization moved to attribute / handler / requirement model (PR #6001). |
| 2025-2026 | Billing schedule-aware price migration; cipher domain SDK port (util/RustSdk/). |
Growth trajectory
- The codebase has grown from a single
Api+Identitypair into 11 deployable services plus 4 commercial-license projects. - Annual commit volume has more than doubled since 2022 (426 commits in 2022 → 1,247 in 2025).
- Renovate has been by far the most prolific committer in 2024-2026, reflecting the team's investment in dependency hygiene.
- The contributor base has expanded from a single developer to ~10-15 active staff engineers plus regular community contributions; CODEOWNERS now lists 12 distinct teams.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.