BitBetter is is a tool to modify Bitwarden's core dll to allow you to generate your own individual and organisation licenses. You must have an existing installation of Bitwarden for BitBetter to modify.
Please see the FAQ below for details on why this software was created.
Beware! BitBetter does janky stuff to rewrite the bitwarden core dll and allow the installation of a self signed certificate. Use at your own risk!
The following instructions are for unix-based systems (Linux, BSD, macOS), it is possible to use a Windows systems assuming you are able to enable and install WSL.
Aside from docker, which you also need for Bitwarden, BitBetter requires the following:
With your dependencies installed, begin the installation of BitBetter by downloading it through Github or using the git command:
git clone https://github.com/jakeswenson/BitBetter.git
Now that you've set up your build environment, you can run the main build script to generate a modified version of the
bitwarden/identity docker images.
From the BitBetter directory, simply run:
This will create a new self-signed certificate in the
.keys directory if one does not already exist and then create a modified version of the official
bitbetter/api and a modified version of the
You may now simply create the file
/path/to/bwdata/docker/docker-compose.override.yml with the following contents to utilize the modified images.
version: '3' services: api: image: bitbetter/api identity: image: bitbetter/identity
You'll also want to edit the
/path/to/bwdata/scripts/run.sh file. In the
function restart() block, comment out the call to
You can now start or restart Bitwarden as normal and the modified api will be used. It is now ready to accept self-issued licenses.
If you wish to generate your self-signed cert & key manually, you can run the following commands.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test openssl x509 -inform DER -in cert.cert -out cert.pem openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
Note that the password here must be
To update Bitwarden, the provided
update-bitwarden.sh script can be used. It will rebuild the BitBetter images and automatically update Bitwarden afterwards. Docker pull errors can be ignored for api and identity images.
You can either run this script without providing any parameters in interactive mode (
./update-bitwarden.sh) or by setting the parameters as follows, to run the script in non-interactive mode:
./update-bitwarden.sh param1 param2 param3
param1: The path to the directory containing your bwdata directory
param2: If you want the docker-compose file to be overwritten (either
param3: If you want the bitbetter images to be rebuild (either
There is a tool included in the directory
src/licenseGen/ that will generate new individual and organization licenses. These licenses will be accepted by the modified Bitwarden because they will be signed by the certificate you generated in earlier steps.
First, from the
BitBetter/src/licenseGen directory, build the license generator.2
In order to run the tool and generate a license you'll need to get a user's GUID in order to generate an invididual license or the server's install ID to generate an Organization license. These can be retrieved most easily through the Bitwarden Admin Portal.
If you generated your keys in the default
BitBetter/.keys directory, you can simply run the license gen in interactive mode from the
Bitbetter directory and follow the prompts to generate your license.
The license generator will spit out a JSON-formatted license which can then be used within the Bitwarden web front-end to license your user or org!
If you wish to run the license gen from a directory aside from the root
BitBetter one, you'll have to provide the absolute path to your cert.pfx.
./src/licenseGen/run.sh /Absolute/Path/To/BitBetter/.keys/cert.pfx interactive
Additional, instead of interactive mode, you can also pass the parameters directly to the command as follows.
./src/licenseGen/run.sh /Absolute/Path/To/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID" ./src/licenseGen/run.sh /Absolute/Path/To/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server"
We agree that Bitwarden is great. If we didn't care about it then we wouldn't be doing this. We believe that if a user wants to host Bitwarden themselves, in their house, for their family to use amd with the ability to share access, they would still have to pay a monthly enterprise organization fee. When hosting and maintaining the software yourself there is no need to pay for the level of service that an enterprise customer needs.
Unfortunately, Bitwarden doesn't seem to have any method for receiving donations so we recommend making a one-time donation to your open source project of choice for each BitBetter license you generate if you can afford to do so.
In the past we have done so but they were not focused on the type of customer that would want a one-time license and would be happy to sacrifice customer service. We believe the features that are currently behind this subscription paywall to be critical ones and believe they should be available to users who can't afford an enterprise payment structure. We'd even be happy to see a move towards a Gitlab-like model where premium features are rolled out first to the enterprise subscribers before being added to the fully free version.
1 If you wish to change this you'll need to change the value that
src/licenseGen/Program.cs uses for its
GenerateOrgLicense calls. Remember, this is really unnecessary as this certificate does not represent any type of security-related certificate.
2This tool builds on top of the
bitbetter/api container image so make sure you've built that above using the root