Skip to Content

Not for sale yet.

Drop your email and we'll let you know the moment it goes live.

SecretSwapWarden · Harrison Consulting
ODOO MODULE · BITWARDEN-COMPATIBLE API

Bitwarden clients, talking to your Odoo vault.

Warden exposes a Bitwarden-compatible REST API on your Odoo instance. The browser extension, mobile app, and CLI your team already uses point at your domain instead of bitwarden.com.

See how it works Talk to us →

Why

SecretSwap Passwords is a vault, but a vault you can only reach through Odoo's backend is half a vault. Warden adds the missing surface: the same wire protocol Bitwarden clients speak, served by Odoo controllers, backed by your own audit log. Your team keeps its autofill and tooling; the data and the access record move home.

How it works

  1. Enable Warden on a user
    Set the user's Warden master password and flip the access flag. The master password is encrypted via SecretSwap Core, never stored as plaintext.
  2. Point the client at your server
    In the Bitwarden client's self-hosted settings, set the server URL to your Odoo base URL. Sign in with the username and master password.
  3. The client syncs
    The /api/sync endpoint returns the full vault — ciphers, folders, collections, profile — transformed into the client's expected JSON shape.
  4. Read, write, autofill
    Browser autofill, password generation, secure note edits, and TOTP all round-trip through /api/ciphers back to the Odoo records.
  5. Audit every call
    Token use, sync events, and write operations land in the SecretSwap audit log with token name, IP, and item context.

What's in the box

Compatible endpoints

Identity, sync, ciphers, folders, collections, organizations, accounts, devices, two-factor — the routes Bitwarden clients call during normal use.

OAuth2 password and client-credentials grants

/identity/connect/token accepts both grant types, with in-memory rate limiting at ten attempts per fifteen minutes per IP+username.

API tokens with rotation

Issue bw_-prefixed tokens, stored as SHA-256 hashes, with expiry, IP allow-lists, last-used tracking, and one-click revocation.

Deterministic UUIDs

Odoo IDs are mapped to stable UUID5 identifiers, so clients see the same cipher ID across syncs without storing a separate translation table.

Bitwarden JSON import

A wizard imports unencrypted or password-encrypted Bitwarden vault exports straight into a collection — useful for moving customers off the hosted plan.

Cleanup cron

A scheduled job deactivates expired tokens and notifies via chatter; the same job is used to gate long-lived integrations.

Compatibility

Odoo 19.0 secretswap_core secretswap_passwords

Requires secretswap_passwords as the storage layer. Tested with the open-source Bitwarden browser extension and CLI; vendor compatibility may shift between client releases — Warden tracks the calls clients actually make, not the full server specification.