Open-Source Wikis

/

Bitwarden Server

/

Bitwarden Server

/

Glossary

bitwarden/server

Glossary

Bitwarden uses a lot of domain-specific vocabulary. This page is a quick reference; more detail lives in the relevant feature page.

Term Definition
Account revision date Timestamp on User.AccountRevisionDate (src/Core/Entities/User.cs) bumped whenever something a client cares about changes. Clients sync only when this advances.
Admin Console The organization-management surface (members, groups, collections, policies, billing). Code lives under src/Core/AdminConsole/ and src/Api/AdminConsole/.
Application cache In-process cache of organization "abilities" / provider abilities, kept fresh across hosts via a Service Bus topic. See src/Core/Services/IApplicationCacheService.cs.
Attachment Encrypted file attached to a cipher, stored in Azure Blob Storage / local filesystem. See src/Core/Services/IAttachmentStorageService.cs.
BREAD Bitwarden's internal acronym for the standard CRUD-ish operations on an entity (Browse, Read, Edit, Add, Delete).
Cipher A vault item: login, secure note, card, identity, SSH key, or FIDO2 passkey. The fundamental unit of encrypted user data. src/Core/Vault/Entities/Cipher.cs.
Collection A shared bucket of ciphers inside an organization. Maps to Collection and CollectionCipher.
Device-trust / TDE Trusted Device Encryption — passwordless decryption flow where another logged-in device approves a new device. See src/Core/Auth/UserFeatures/DeviceTrust/.
Dirt Internal nickname for Bitwarden's Data Insights and Reporting team — owns src/Core/Dirt/, src/Events/, src/EventsProcessor/, and the password-health / breach reports.
Emergency Access Designate someone who can request access to your vault (with grace-period delay or instant takeover). src/Core/Auth/Entities/EmergencyAccess.cs.
Event An immutable audit-log row (src/Core/Entities/EventTableEntity.cs + src/Events/). Used to power org audit reports.
External directory A SCIM-driven or Directory-Connector-driven source-of-truth for org membership.
Feature flag Runtime toggle resolved by IFeatureService (LaunchDarkly in cloud, static in self-host). Keys are constants in src/Core/Constants.cs (FeatureFlagKeys).
Folder A personal grouping of ciphers (private to a user; orgs use Collections instead).
Global settings The strongly-typed config object bound from appsettings.*.json, env vars, secrets and Key Vault. src/Core/Settings/GlobalSettings.cs.
Group A subset of organization users used to grant collection access in bulk. src/Core/AdminConsole/Entities/Group.cs.
Installation / installation key A self-hosted instance is identified by an InstallationId + InstallationKey issued by the cloud installation API. The pair signs identity tokens for the relay.
Kdf Key Derivation Function. PBKDF2 (legacy) or Argon2id. Stored on the user (User.Kdf, KdfIterations, KdfMemory, KdfParallelism).
Key Connector A self-hosted appliance that owns the user encryption key in a key-management-service mode. See policies under src/Core/AdminConsole/OrganizationFeatures/Policies/.
Login with device / Auth Request Passwordless authentication: a logged-in device approves a pending request from a new device (src/Core/Auth/Entities/AuthRequest.cs).
Master password hash Server-side hash (PBKDF2 again) of the client-derived master key. Stored in User.MasterPassword.
Member UI-level term for an organization user (the row in OrganizationUser).
Organization The top-level multi-tenant container holding members, groups, collections, policies, subscriptions.
Organization user The membership record linking a User to an Organization, with role + status.
Plan A PlanType enum value (Free, Families, TeamsStarter, Teams, Enterprise, Custom etc.). Static plan definitions live in src/Core/Utilities/StaticStore.cs.
Policy An organization-wide rule (require 2FA, master-password complexity, single-organization, disable-personal-vault, …). src/Core/AdminConsole/Entities/Policy.cs.
Provider A managed-services-provider tenant that owns multiple client organizations. src/Core/AdminConsole/Providers/.
Push relay The service Bitwarden's cloud runs that lets self-hosted instances send mobile push notifications via the upstream Notification Hub.
Refresh token OAuth refresh token issued by Identity (rotates on each use).
Send One-time / time-limited shared encrypted file or text. src/Core/Tools/Entities/Send.cs.
SCIM System for Cross-domain Identity Management — the provisioning protocol enterprise tenants use to push users/groups into Bitwarden via bitwarden_license/src/Scim/.
Secrets Manager Bitwarden's developer-secrets product (commercial). Code under src/Core/SecretsManager/ and bitwarden_license/src/Commercial.Core/SecretsManager/.
Security stamp Random string bumped on auth-sensitive changes; invalidates all existing JWTs for a user.
Self-host A Bitwarden instance running on customer infrastructure. Toggled by globalSettings.SelfHosted.
Sponsorship A Families-for-Enterprise membership perk — an enterprise org sponsors a free Families plan for an employee.
SSO config Per-organization SAML/OIDC configuration that drives the Sso host. src/Core/Auth/Entities/SsoConfig.cs.
TDE Trusted Device Encryption (see "Device-trust").
Two-factor provider One of TOTP, Email, Duo, YubiKey, WebAuthn, U2F-legacy, or Remember. Implementations under src/Core/Auth/Identity/TokenProviders/.
User key The 64-byte symmetric key that encrypts everything in a user's vault. Master-password-derived in classic mode; held by Key Connector or a TDE device in alternative modes.
Vault The collection of all ciphers, folders, sends, and attachments belonging to a user (their personal vault) or an organization (a shared vault).
Vault timeout Client-enforced lock policy. Mirrored on the server only as a policy under src/Core/AdminConsole/OrganizationFeatures/Policies/.
WebAuthn login Passwordless login using a FIDO2 authenticator's PRF extension to derive a key. src/Core/Auth/UserFeatures/WebAuthnLogin/.

If you encounter a term that isn't here, grep for it under src/Core/ — most domain words are surfaced as enum values or table names.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Glossary – Bitwarden Server wiki | Factory