Bitwarden recently introduced a special SSH Key item type, which allows you to securely generate, store, and manage SSH key pairs inside your vault.
By default, Bitwarden can generate new SSH keys for you. This is the recommended option if you are setting up new infrastructure or accounts, since you can create and manage keys directly inside Bitwarden.
However, if you already have existing SSH keys, you might want to import them into Bitwarden instead of generating new ones.
This is possible, but there is a catch: many existing keys are still in the older PEM format, starting with:
-----BEGIN RSA PRIVATE KEY-----
If you try to import such a key into Bitwarden via “SSH Key → Import from clipboard”, you’ll get the error:
Format not supported
Solution
Bitwarden only accepts SSH keys in the new OpenSSH format, which looks like this:
-----BEGIN OPENSSH PRIVATE KEY-----
.
.
.
-----END OPENSSH PRIVATE KEY-----
To convert an existing RSA key into the required format, simply run:
ssh-keygen -p -N "" -f ~/.ssh/id_rsaDescription:
-p→ rewrite the key (“change passphrase” mode)-N ""→ keep an empty passphrase-f→ specify the key file
After this, your private key will be in the correct OpenSSH format and can be imported into Bitwarden without issues.
Bitwarden will automatically generate the Public Key and the Fingerprint during import.
Summary
- Option 1: Let Bitwarden generate new SSH keys (recommended for new setups)
- Option 2: Import your existing SSH keys – just convert them to the OpenSSH format first with
ssh-keygen -p -N "" -f ~/.ssh/id_rsa.
This way, you can securely store both new and old SSH keys in Bitwarden.
