Skip to main content

SDK Architecture

Bitwarden provides a public Software Development Kit (SDK) for Secrets Manager and an internal SDK for the Bitwarden Password Manager. The SDK is written in Rust and provides bindings for multiple languages. The general end goal of the SDK is to own everything up to the presentational layers. This includes but is not limited to: API calls, data models, encryption, and business logic.

For API documentation view the latest API documentation that also includes internal private items.

Architecture

The Bitwarden SDK is structured as a single Git repository with multiple internal crates. Please review the README in the repository for up to date information about the different crates.

We generally strive towards extracting features into separate crates to keep the bitwarden-core crate as lean as possible. This has multiple benefits such as faster compile-time and clear ownership of features.

bitwarden crate

The bitwarden crate represents the entry point for consumers of the SDK and is responsible for providing a cohesive interface. The crate re-exports functionality of the internal crates and contains very little logic itself.

bitwarden-core crate

The bitwarden-core crate contains the underlying functionality of the SDK. This includes a Client struct. Other crates in the SDK depend on bitwarden-core and provide extensions to the Client struct to implement specific domains.

Client struct

The Client struct is the main entry point for the SDK and represents a single account instance. Any action that needs to be performed on the account is generally done through the Client struct. This allows the internals to be hidden from the consumer and provides a clear API.

We can extend the Client struct using extension traits in feature crates. This allow the underlying implementation to be internal to the crate with only the public API exposed through the Client struct. Below is an example of a generator extension for the Client struct.

pub struct ClientGenerator<'a> {
client: &'a Client,
}

impl<'a> ClientGenerator<'a> {
fn new(client: &'a Client) -> Self {
Self { client }
}

pub fn password(&self, input: PasswordGeneratorRequest) -> Result<String, PasswordError> {
password(input)
}

}

// Extension which exposes `generator` method on the `Client` struct.
pub trait ClientGeneratorExt<'a> {
fn generator(&'a self) -> ClientGenerator<'a>;
}

impl<'a> ClientGeneratorExt<'a> for Client {
fn generator(&'a self) -> ClientGenerator<'a> {
ClientGenerator::new(self)
}
}

Language bindings

The SDK is currently exposed with multiple language bindings. Currently we utilize a mix of hand written bindings for a C API, and programmatically generated bindings.

Mobile bindings

We use UniFFI to generate bindings for the mobile platforms, more specifically we publish Android and iOS libraries with Kotlin and Swift bindings, respectively. While UniFFI supports additional languages they typically lag a few releases behind the UniFFI core library.

The Android bindings are currently published on GitHub Packages in the SDK repository. The swift package is published in the sdk-swift repository.

Web bindings

For the web bindings we use wasm-bindgen to generate a WebAssembly module that can be used in JavaScript / TypeScript. To ensure compatibility with browsers that do not support WebAssembly, we also generate a JavaScript module from the WebAssembly that can be used as a fallback.

The WebAssembly module is published on npm.

C bindings

Many language bindings utilize the bitwarden-c crate that exposes a C API. This is then combined with hand written bindings for the specific language. Since manually writing FFI bindings is time consuming and difficult we generally provide a JSON based API through the bitwarden-json crate which allows the language bindings to just contain three FFI functions, init, run_command and free_memory.