search

doy / rbw

unofficial bitwarden cli
https://git.tozt.net/rbw
Other
611 stars 84 forks source link

[Feature request] Give password of unlock command in a CLI parameter #65

Open aacebedo opened 2 years ago

aacebedo commented 2 years ago

Hi ! I am using rbw through rofi-rbw, both projects are awesome. I am considering adding a little functionality to rofi-rbw but to do that I need a new feature from rbw. Would it be possible to add the capacity to enter the vault password via an argument of the unlock command ? Currently a new window is popping to ask me the password but I would like to enter it through the CLI.

jiampong212 commented 2 years ago

you can use an ncurses pinentry. Though it would also be good to be able to enter the vault password via a rofi prompt. similar to sudo -A

doy commented 2 years ago

a command line argument is not a good idea - this will expose the password to anyone on the system who can run ps. an option to read the passphrase from stdin is plausible, but i am also curious whether just using an ncurses pinentry would be sufficient here.

5cat commented 2 years ago

I tried pinentry-curses and i couldint get it to work. echoing with a pipe doesnt work echoing to /proc/X/fd/0 for the pinentry didnt work tried to use script -q -c 'rbw ublock' and playing with that didnt work.

after many hours of looking up the internet and man pages here is a working solution

first make sure your pinentry is pinentry-tty rbw config set pinentry pinentry-tty

export PASSWORD=$(printf '' | rofi -dmenu -p "Master Password" -password -lines 0)

expect -c "
spawn rbw unlock
expect \"Master Password: \"
send \"$::env(PASSWORD)\\n\"
interact
"

unset PASSWORD

the PASSWORD enviroment variable will not be available to other shells or processes running outside so it is safer than passing the password as an argument but it will be available to processes running in the shell if you ran them after the above script so just incase i added the unset thingy.

i tried to edit the source code to pass the password via stdin without using pinentry in rbw-agent, but i'm new to rust and mid way through looking into the topic more and seeing the structure of the source code. it might be better to just use pinentry.

one solution that might work is by using a different pinentry if you want more visual control (here is an example of a pinentry-rofi) and make rbw use that instead. or you can build one your self since like the one in here or read the full docs about it .

I hope this response help others.

tdnguyen6 commented 2 years ago

The best way in this case is to get password from either a config file or an environment variable. I'm trying to use the tool uninteractively inside a container and there is currently no way to login uninteractively.

xav-ie commented 2 years ago

Where do you save the script and how to use it? I am very interested in getting rofi to work with rbw