Help Needed: Obtaining Protected Organization Symmetric Keys in VaultWarden API

[GrowingInstitute]

Hello, Greetings!

I’m using a self-hosted VaultWarden installation, and it has been working great, especially with the Web Client. However, I’ve recently started exploring the API to manage several organizations more effectively.

Here’s the issue I’m facing:

When I use my Private API Key, I can retrieve data for all the organizations I manage. However, the decryption key provided along with the access_token only works for items in My Private Vault. To decrypt items belonging to specific organizations, it seems I need a Protected Organization Symmetric Key for each organization separately.

The problem:
I cannot figure out how to obtain these Protected Organization Symmetric Keys.

Here’s what I’ve tried:

When I authenticate with an Organizational API Key, the endpoint only returns an access_token—no keys are included.
When I use my Private API Key, the key delivered with the access_token is solely for decrypting items in My Vault.
The /api/organizations//keys endpoint only provides the Public Key and not the Protected Organization Symmetric Key.

Based on the Bitwarden documentation, it seems the Protected Organization Symmetric Key should be delivered and then decrypted using the RSA Private Key before being used for item decryption. However, I cannot locate this Organization key anywhere in the API responses.

Has anyone encountered this issue before? Is there a specific API endpoint or a method to retrieve the Protected Organization Symmetric Keys for organizations I manage?
Any advice or support would be greatly appreciated!

Thank you in advance for your help!