Using Bitwarden to Manage SSH Keys

Over the last few years, I've seen an increasing trend in services asking you to authenticate using SSH keys over a traditional password. Learn how to use Bitwarden to overcome some of the challenges.

Published on March 25, 2026 in Technology.

Over the last few years, I’ve noticed more and more services encouraging SSH keys instead of traditional passwords for authentication. DigitalOcean, for example, recommends disabling password-based logins and using SSH keys for new droplets.

While I understood the security benefits, SSH keys always felt like swapping one problem for another.

  • I still needed to protect each key with a passphrase, which meant there was still a password to remember.
  • The keys were usually tied to a single device, making it awkward to work across multiple machines.
  • If I lost a key, I risked losing access to the services and accounts that depended on it, so I also had to think about backups and storage.

Since I already use Bitwarden as my password manager, I was pleased to discover that it can also manage SSH keys. Bitwarden lets you generate or import SSH keys directly into your vault, and it can also act as an SSH agent. In practice, that means your keys stay in Bitwarden and access is controlled through your vault instead of being managed as loose files on your machine.

That immediately solves a few of the frustrations I had with local key storage. My keys are no longer tied to one computer, they are much easier to manage centrally, and I do not have to worry about manually backing them up in the same way.

Instead of treating SSH keys like files scattered across devices, Bitwarden lets you manage them like the high-value credentials they really are.

The only small hiccup I ran into was during setup: after enabling Bitwarden’s SSH agent, you also need to set the SSH_AUTH_SOCK environment variable so your system knows where to find it. That step was not especially obvious at first, but once it was in place, everything worked smoothly.

How to Set It Up

In the Bitwarden desktop app, go to Settings and enable SSH agent.

Then choose how often Bitwarden should ask for authorisation: Always, Never, or Remember until vault is locked. This controls when you will be prompted to unlock or approve key use.

Next, set SSH_AUTH_SOCK in your shell profile, such as ~/.bashrc:

# Official Bitwarden package
export SSH_AUTH_SOCK=/home/$USER/.bitwarden-ssh-agent.sock

# Snap version
export SSH_AUTH_SOCK=/home/$USER/snap/bitwarden/current/.bitwarden-ssh-agent.sock

Tip: After updating your shell profile, reload it or open a new terminal before testing. Once everything is configured, Bitwarden should prompt you when a key is requested.

After reloading your shell, you can generate or import SSH keys in Bitwarden and use them with any SSH-based workflow, whether that is logging into a server or authenticating Git operations.

Switching to this setup has made SSH keys feel much less like a burden. I still get the security benefits, but with a workflow that is far more convenient and much easier to manage.

Back to posts
Previous: Easy Butter Chicken