Open vpv-snbe opened 5 months ago
Can you post a screenshot of the error message and the dynamic folder configuration (with sensitive data redacted)? Also, does it actually populate the dynamic folder?
Hi StefanKoell,
I have come one step further. I still get the error message about the token, but the credentials are loaded into the dynamic folder.
However, it only works if I specify a fixed folder in line 190 of the script. As soon as the script is supposed to load several folders, it continues to run endlessly.
foreach ($folder in $tmpFolders[0]) { if ($null -ne $folder.id) { $tF = @{ Type = "Folder"; ID = $folder.id; Name = $folder.name; Objects = [array]@(Get-VaultItems -folderId $folder.id); } if ($tF.Objects.Count -ne 0) { $final.Objects[0].Objects += $tF; $tF = $null } } else {
$tF = @{ Type = "Folder"; ID = "nofolder"; Name = "No folder"; Objects = [array]@(Get-VaultItems -folderId null); }
if ($tF.Objects.Count -ne 0) { $final.Objects[0].Objects += $tF; $tF = $null }
}
}
Translated with DeepL.com (free version)
I'm still not sure what the error message is or how it is presented. For scripts where tokens are replaced you may always get warnings that tokens cannot be resolved because the parser may try to identify tokens based on some $ variables in the script. These warnings can/should just be ignored.
Regarding the other isue, I'm not sure how I can help because I'm not really familiar with the bitwarden API. Maybe someone else who has experience with bitwarden's API can help here.
Sorry, forgot to add the screenshot from the error message.
To the other issue: When I run the script directly in ISE I see that sometimes I got the entries from bitwarden, sometimes not. In the case I get no credentials, the process get stuck in different points.
Thanks for the screenshot. The warning can be ignored and is actually expected for scripting languages which also use $ chars extensively. It will not really affect the token resolution.
I find it odd, that even in the ISE you get inconsistent results. Not sure what's going on. Maybe the bitwarden backend can give some insights.
Thank you for the info, I will ignore these error-message.
I try to find something in the bitwarden backend, nothing found yet. The import breaks on different folders, sometimes on first or second, sometimes it works. In the last test, script hanged at folder "Firewall". Maybe anyone has an idea where to look for this error?
Folder overview:
Script with added status-logging:
Maybe Bitwarden support can help? Could also be an isolated issue with the specific instance/installation.
Same Problem here - I try to use different bw.exe Versions but with no luck
Hi all,
I did not had a lot of time recently to work on this until recently. I also was blocked with an issue in the latest version of the BitWarden CLI tool (bw.exe) that seems to not work anymore with API key (complains about bad master password even if correct when unlocking the vault) 😒 I had to revert back to the older version 2023.12.1 in order to get it working again... (maybe a more recent version can work, I did not test all versions!)
Anyway, I've recently reworked the whole script to make a better use of the navigation's treeview instead of having folders and subfolders at the same level.
Unfortunately right now the script is working but not ready for daily use as it now make calls to the vault for each folders/collections and it take way too long as it's not a real REST API under the hood!
For example in my setup, with 540+ credentials/notes splitted between 1 personal vault, 2 organizations and 3 collections, it took a little bit more than 3 minutes to load 😣
As I also had to work on this at my day job, I'll try to use the embedded API endpoint of the CLI tool bw serve
as it seems way quicker !
As the command does not run in background, I just had to figure out how to launch it in a background thread, make all calls and terminate the thread, all from the powershell script executed by RoyalTS 😥
I'll keep you informed as soon as I have a working version 🤞
Well ...
That was way much easier than I though to convert the script ... And it is mind blowing !
Both request the same vault on the same instance, the first using "legacy" calls to bw.exe
to get every folders/orgs/collections & their content each time, the second is using bw.exe serve
to use the REST gateway.
I just had to convert all Invoke-Command -ScriptBloc
to Invoke-WebRequest
and adapt the property of the resulting object to access the data 😱
I'll check that the result is fully compliant with my vault content. I also spotted some encoding errors to correct. But I think a working test script won't be to long to get.
Stay tuned ! 😜
Hi all !
I've pushed an update to the template on my fork of the repo.
Can you test if it works for you before I open a PR ?
Please note the following known issues:
OR
and fetch everything, so I inverted the filter to items without a collection Id and then filter the result for items without a folder Id 😖On instances with small amount of objects it can works pretty well but can struggle with large organizations. One way to mitigate that may be to take a look at some filtering options like this:
Based on criterias (with or without wildcards), instead of loading everything, I may be able to limit a bit. Adding filtering on the items name can also be an option ... 🤔
Let me know what you think! Thanks for your feedbacks !
Best Regards, Nicolas.
Hi Nicolas,
I've been testing your code for a couple of days, and it's working flawlessly 👍 And it's really fast, way faster than code from royalapplications toolbox 🙏
Where can I find filtering options you've mentioned in your post?
Many thanks and have a nice day, David
Hi Nicolas,
as a part of testing of your fork I changed my Bitwarden KDF algorithm, rotated API Key and set accordingly custom properties of Dynamic Folder. But I was getting errors that Bitwarden Key or payload has changed (Lock the user to clear the key at crypto_service_CryptoService) when opening my Royal TS file. After a little bit of experimenting, I've found out deleting file %AppData%\Roaming\Bitwarden CLI\data.json did the trick, So, maybe after changing API Client Secret in custom properties of dynamic folder, it'd be advisable to delete the file %AppData%\Roaming\Bitwarden CLI\data.json, if it exists. What do you think?
Also, I'm still curious, where can I find filtering options you've mentioned in your post?
Thanks for your response and have a nice day, David
Hi all,
today I try to connect RoyalTS to Bitwarden via dynamic folder. I created a dynamic folder with the powershell-script and inserted the values of my self-hosted Bitwarden-Server.
After clicking on "Reload" in RoyalTS, I get the error message "At least one token couldn't be resolved" and following in the details: global:OutputEncoding\r\n CustomProperty.BitWardenCLIExecutable CustomProperty.BitWardenServerURL CustomProperty.APIClientID CustomProperty.APIClientSecret CustomProperty.AccountPassword ( ( (
Any idea what I'm doing wrong?