Closed ngotchac closed 5 years ago
Thanks for the PR! This is a good start I think, but I would add the ability to lock after x minutes.
My suggestion:
AUTO_LOCK
should be a numeric value
Maybe we could expand the BW_HASH_FILE to contain a timestamp of the last unlock, when load_items()
is called we source that file, that's the perfect time to check for expiration.
if timestamp > $AUTO_LOCK
: lock the vault.
What do you think?
Yeah, that's what I initially thought as well, however, if this were implemented, I would expect the session ID in the hash file to be invalidated after N minutes. With this implementation, it wouldn't be the case as it's valid until you re-run the program.
Maybe it could spawn a new process and sleep the required amount of time before locking the Vault.
That sounds like too much trouble, the file containing the hash is only readable by the user (mod 600), so unless you source it yourself, no one is running away with your passwords. Also, if anyone were to launch bitwarden-rofi, it would check the hash file and see the expiration. You could also change the location of the state file to any place you want, making it "hard" to find for malicious programs etc.. We could however make the storage location of the hash file super random, and let it change from time to time?
Does the bwcli support any options for setting expiration on the session?
Not that I'm aware of: session management
Did some digging, in #15 I replaced sourcing the file with storing the session into keyctl
(this is a kernel key storage in ram).
@ngotchac would you mind trying this out and getting back to me?
Wow, that's great, I wasn't aware of keyctl
! That's way better, I'll close this PR, thanks!
Closes #13
This PR adds an
auto-lock
option that automatically locks the Vault when the program exists.