See this:

Edit1: Normally the page should automatically scroll so the input is above the keyboard.

Edit2: See also https://developer.android.com/develop/ui/views/layout/sw-keyboard#synchronize-animation

When trying to perform the initial sync against my self-hosted Vaultwarden installation, I get the following error message:

Failed to decode a cipher-text: UserToken, symmetric key is 64b long, asymmetric key is 1219b long

The app correctly asks me for user/password and 2FA for my user, but afterwards fails to sync. I am exposing the docker container through Caddy as a reverse proxy, with Cloudflare tunnel establishing the connection to the proxy. The official apps work flawlessly though, so not sure if that chain might cause any problem. Whenever I try to add the account from Keyguard (entering the 2FA while doing so), my Vaultwarden instance shows the following logs:

[2024-01-05 15:25:21.150][error][ERROR] 2FA token not provided
[2024-01-05 15:25:21.150][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2024-01-05 15:25:38.145][request][INFO] POST /api/accounts/prelogin
[2024-01-05 15:25:38.145][response][INFO] (prelogin) POST /api/accounts/prelogin => 200 OK
[2024-01-05 15:25:38.293][request][INFO] POST /identity/connect/token
[2024-01-05 15:25:38.314][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-01-05 14:25:38 UTC IP:
[2024-01-05 15:25:38.314][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2024-01-05 15:26:14.148][request][INFO] POST /api/accounts/prelogin
[2024-01-05 15:26:14.148][response][INFO] (prelogin) POST /api/accounts/prelogin => 200 OK
[2024-01-05 15:26:14.273][request][INFO] POST /identity/connect/token
[2024-01-05 15:26:14.297][vaultwarden::api::identity][INFO] User logged in successfully. IP:
[2024-01-05 15:26:14.297][response][INFO] (login) POST /identity/connect/token => 200 OK
[2024-01-05 15:26:14.444][request][INFO] GET /api/sync?excludeDomains=true
[2024-01-05 15:26:14.480][response][INFO] (sync) GET /api/sync?<data..> => 200 OK

Any idea why those calls fail? The difference between local time shown and UTC of the server is expected, and Bitwarden official apps do accept the 2FA.

Hide the subscription option if the one-time purchase has already been made. Currently, attempting to purchase the subscription when you already own the aforementioned one-time purchase is not possible at least in my experience. This improvement aims to declutter the interface without major disruptions, enhancing the user experience.

I really love this app ❤️

When I generate a SimpleLogin alias with Bitwarden, it generates it from the website name, eg. [email protected]. This means that I can easily find the email for a specific website in SimpleLogin or know which website sent me the email. Keyguard currently generates aliases with random words, which is inconvenient to use.

It says the sync failed even tho I syncing everything from what I could tell prehaps the ability to hide the button might be nice

Completely cosmetic, would be nice to have it fixed though!

Look at the top of the screenshot where the colors are still bright:

What it should've looked like (from another app):

On the generator tab, the "create new login with the password" button uses the generated text as a username, and the "create new login with the username" button uses it as a password. Those labels should probably be swapped to reflect what they actually do.

I don't want to store my passwords and 2FA keys in the same place, so I use a different TOTP app instead of Bitwarden for 2FA. However, Keyguard shows a warning for all of those websites, saying that I should enable 2FA, even though I already have it enabled. It would be nice to have an option to disable that warning.

Hi. Thank you for open-sourcing this amazing app. It's beautiful and well designed, and fast. Amazing work.

Have you managed to work arround Samsung's whitelist of PW managers? Could you perhaps distribute a version that uses some whiltelisted package name? (Maybe distribute it on reddit, to avoid any issues here?).

I'm unsure why it does that. The Bitwarden web vault works, and so does their Android app. This seems to be a Keyguard-specific issue. If it helps, I'm getting the error code 7.

I don’t know whether this is my problem, since my device is rooted. However, I’ve tried to disable all the modules on my phone, and add Keyguard to Magisk’s DenyList, but all of these didn’t work. My device is Xiaomi Redmi K50 Pro, and the OS is MIUI 14 (Android 13, with Magisk 26.3). Thank you!

I have a somewhat specific feature request: I'd like the ability to associate multiple domains with a single account or server. However, I want to ensure that the entries are not duplicated. Specifically, I envision having one primary domain and the option to set up a backup domain. This would be useful for scenarios where the main domain might encounter issues for reasons that might seem magical, and while this isn't an urgent request, it would be a valuable addition.

Hi, looking to support with lifetime premium but have devices without gplay.

Is there a way to get one time premium standalone?

Thanks.

Autofill on windows is a pain with the native application. Possibility of making a browser extension?

The examples mentioned on GitHub would be great to have in the app, at least the HTTPS one as a default option.
This could be implemented with a toggle feature, allowing users to turn it on or off.
Alternatively, it could be added via a menu library item to avoid taking up space for users who do not intend to use it.

There is a toggle for it in the password edit page, but it doesn't seem to do anything.

See this:

There is this post: https://community.bitwarden.com/t/master-password-re-prompt-on-specified-sub-fields/32540, where if implemented you can choose certain fields to be protected. Currently only password, hidden fields, and item edit are eligible.

After that I thought about ACL (access control list). This makes so much sense when combined with #2 it guarantees to solve all of the concerns within the original post, including:

• Fine grained protection rules for fields in items.
• Apply those rules globally, or reuse them in parts of the vault (tags, folders, collections etc)

The official Bitwarden client has a feature to generate random usernames from a word and 4 random digits, eg. combust0715

Keyguard reports:

Nothing particularly obvious from vaultwarden logs.

vaultwarden  | [2024-01-16 11:22:21.614][request][INFO] GET /api/sync?excludeDomains=true
vaultwarden  | [2024-01-16 11:22:22.157][response][INFO] (sync) GET /api/sync?<data..> => 200 OK

Running behind Caddy behind Cloudflare, but I have turned off Cloudflare just in case; no difference.

Let me know what I can provide in terms of logs to assist in debugging.

Only difference I can spot is

GET /api/sync?excludeDomains=true from KeyGuard vs GET /api/sync from Bitwarden clients.
Response from vaultwarden for both is (sync) GET /api/sync?<data..> => 200 OK

Just in case the cause was the ?excludeDomains=true query parameters, set up a URL rewrite to remove it, but didn't make any difference.

The failure is instantaneous; it occurs at the beginning of sync.

I suggest enhancing the watchtower duplication feature to include an option for automatically deleting the original items when merging duplicates. Currently, when I use the "Show Duplicates" feature, it simply creates more copies, which is less effective. This proposed change will streamline password management, eliminating old duplicates and creating a merged entry.

I believe this change aligns with the concept of merging, where two items become one, rather than creating a third item with combined data.

Ideally the modal shouldn't close but deselect every single item. Going back again will then finally close the modal.

For context, I'm referring to this specifically:

When you add a username to a identity it saves to the server but immediately removes itself from keyguard but can be seen in other apps to the changes made
To me this appears to be unintended behavior

Hi! First of all, I wanted to say how much I like the app, I think it looks amazing and is so much more modern than the official app. As an android dev myself, I can't imagine the time spent to polish it to this level 🙏

One thing I found missing compared to other password managers is the ability to see (inline) autofill suggestions even when the vault is locked. Currently, you have to Open Keyguard then select your login and tap autofill. It would be nicer if the item could be selected from the inline suggestions first, trigger the vault unlock, then immediately autofill the login.

I have not logged in any Bitwarden account, but I can still use other features of the app.
When I try to use "Catch-all email", "Plus addressing email" or "Subdomain addressing email" it won't show any email.

After a Bitwarden login, they work normally

version 1.0.0-118200001.release

It would be nice to have account deletion instructions from https://justdeleteme.xyz integrated into Keyguard in some way

Description:
I propose the implementation of a feature that allows users to hide entire accounts from the main screens. Specifically, should be able to select multiple accounts and hide them along with all associated items.

Use Case:
As a user with multiple accounts, whether for testing or other reasons, I often find it inconvenient to have all accounts visible on the main screens. For instance, when testing my self-hosted instance or keeping certain accounts available for occasional use without cluttering the regular view, the current setup feels cumbersome. This feature would greatly enhance user control by providing the ability to hide entire accounts, streamlining the main screens for a more personalized experience.

I installed the app on an S23U & Pixel 8 Pro. Got the following error when logging into Bitwarden:

"Failed to allocate a 1040 byte allocation with 133680 free bytes and 130KB until OOM, target footprint 268435456, growth limit 26843545; giving up on allocation because <1% of heap free after GC."

Wonder if it has anything to do with my KDF settings (Memory 512 MB, Iterations 10, parallelism 8)

On first adding a new URI field, Keyguard should prompt the user to verify that URI's legitimacy.

There are many platforms that needs verification:

Android URIs (aka Android apps):

Verifying Android App Links

• Not all apps use this.

Verifying app signature (derived from the process that Play app signing uses).

• We could save the signature to custom fields, and use that to verify other instances of autofilling later on.

• If the signature is different from what Keyguard has: warn the user before they proceed, and optionally allow them to add this to a list of verified signatures.

Web

• /.well-known directories
• DNS
• HTTP headers

Other platforms

TBD.

IMHO is there already an infrastructure that can do all of this for us? I tried searching for uri attestation and uri verification and none came out.

Edit1: Cross posting this to Reddit.

Perhaps this is already on the roadmap for Keyguard, but in case it isn't, it would be great to be able to generate email aliases with services like Simplelogin, just like you can with the official Bitwarden clients

Whenever you open any tab other than "vault" in Keyguard, there is a back button in the top bar, which just leads to the vault page. IMO this is weird behavior, the back arrow is usually shown for screens which were pushed to the navigation stack from a different screen, not for top-level app tabs.

On Android 14 running on a pixel 7, when auto filling in chrome using the gboard password manager integration, the username/email is often set in the address bar (Top URL bar) instead of the correct username field on the web page for some reason.

This is kind of frustrating and defeats the purpose of this feature.

As a sidenote, if this can help with reproducible the bug, I also have developer tools enabled with predictive animations turned on.

Currently, Keyguard opens all links in the in-app browser. Most apps that do this offer a setting to disable it and use a proper browser instead. It would be nice if Keyguard also had such a feature.

Edit the Authenticator Key and Click Save
Screen still shows 6 digit code number from previous key. You need to exit back to the main screen and re-open the login to see the correct code number.

CA cert saved and trusted in keychain app. Bitwarden web app works without warnings.
Looks like Macos app doesnt use trusted certs from keychain

Some Chinese websites choose to let users to log in with a one-time password sent via SMS, and users need to click on a button to log in with password. Take 知乎/Zhihu for example:

The thing is, in some browsers, like 狐猴浏览器/Lemur Browser or Kiwi Browser, Keyguard can only fill in EITHER username in the first page OR password in the second page, while the official Bitwarden app can autofill both username and password correctly. I don't know whether it is Keyguard's problem, but I'd appreciate it if you could solve it!

G'day,
Is there any plans on releasing the android APK on an fdroid repo? That will make it easier for people to install and update the app.

Thanks

At the bottom of the password/username generator popup it there is a gap when you. Scroll all the way down there's no rounding so it doesn't look intentional

I think it would be an interesting addition for an app or website to include a prominent button at the top, especially when there is no login option available. While placing the login option in the corner is fine if you already have an existing login. Having a big button at the top can be a user-friendly alternative were a new login would be the main idea comaared to if you already have an account making a new one being an afterthought.

This button could be designed to say something like, 'No existing logins found. Would you like to create a new one?' or something shorter to fit into a button.

Another alternative would just to have the button be slightly larger than normal when there are no entries for a site or app more than just having the text visible. The other choice might add redundancy or confusion to the interface.

And another could be a simple tooltip that pops up when there are no entries

Hello,

I just discovered the app from reddit and it works really well but could you please add the flatpak to flathub for easier app updates ?

Basically subj.
Interestingly enough, when I see the content of the account I see # of folders (100+) but number of logins 0.

Dear developers, is it possible to have a separate exe for the in-app generator function?

This app looks and works amazing, there are reasons why it would be nice to make this app open-source:

1. Adds more trust in the app, this is a password manager after all and I think a level of trust would be nice <3

2. Allowing users to make pull requests for adding more features and faster bug fixing.

(There are probably other reasons but these are the only two I can think of in the top of my head)

This is just a.. proposal? Recommendation? Whatever, you don't have to make it open-source, but I hope you can take this into consideration! Anyways, great app :)

Would be nice if payments could be made without a google account :)

If a vault item is assigned a folder, viewing its information will show you its assigned folder. Clicking on it will navigate to the folder items view which only displays the list of the vault items that is assigned to that specific folder, but editing is not allowed. An edit feature should be provided instead of the user needing to go to Settings > Accounts > (the account) > Folders > (the folder) > Edit, which is a bit long.

Would be cool if you could setup github sponsors for donations.

make it so you could have conceal fields for custom fields and not only default ones

Pretty self-explanatory. I have a passkey registered on some services, so I want to use the passkey instead of the 2FA code. But on some other services, I don't.

I'm on Android 13 and only Android 14 (and above) support passkeys by custom apps, so this would be a nice workaround for users who are on Android 13 and below due to reasons like ending OTA updates.

Pretty self explanatory. When adding a linked field to a login, Keyguard lets you select whether it's linked to a username or a password. The problem comes when it's actually displaying it. It always shows [x] linked to password even when the field is actually linked to username.