search

snowdrop / team

Repository hosting daily tasks, general information, wiki, tricks, ...
3 stars 0 forks source link

Implement team bitwarden #835

Open jacobdotcosta opened 2 years ago

jacobdotcosta commented 2 years ago

Passwordstore vs Bitwaren

Passwordstore Bitwaren
Offline x x
GPG key x -
Local data copy x -

Installation

Download bitwarden CLI 

curl -O -L -J "https://vault.bitwarden.com/download/?app=cli&platform=linux"

Unzip the file.

 unzip -d ~/.local/bin/ bw-linux-1.22.1.zip

Add execution permission

chmod 755 ~/.local/bin/bw

Usage

Login

Manual login

$ bw login
? Email address: myemail@mydomain.com
? Master password: [hidden]
? Two-step login code: xxxxxx
? Additional authentication required.
API key client_secret: XXXXXXXXXXXXXXXXXXXXXXXXX
You are logged in!

To unlock your vault, set your session key to the `BW_SESSION` environment variable. ex:
$ export BW_SESSION="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
> $env:BW_SESSION="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

You can also pass the session key to any command with the `--session` option. ex:
$ bw list items --session xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Batch login

Export 2 environment variables with the client id and the client secret.

export BW_CLIENTID=
export BW_CLIENTSECRET=

Login

$ bw login --apikey
You are logged in!

To unlock your vault, use the `unlock` command. ex:
$ bw unlock

Usage

bw list collections
bw list items
bw get template item 
bw get template item | jq '.type = 1 | .name = "My Secure login 1" | .login.username = "john" | .login.password = "doe" ' | bw encode | bw create item
cmoulliard commented 2 years ago

I did a test but when I re-open the terminal, bw is still asking me about the master password. Can we skip that ? @jacobdotcosta

Scenario

bw login --apikey
? client_id: user.xxxxxxxxxxxx
? client_secret: tttttttttt
You are logged in!

To unlock your vault, use the `unlock` command. ex:
$ bw unlock
 ~ bw unlock
? Master password: [hidden]
Your vault is now unlocked!
...
Restarted the terminal
bw list items
? Master password: [input is hidden]

Is the solution what I suggest hereafter ?

BW_USER=cmoulliard
bw logout
export BW_CLIENTID=$(pass redhat/bitwarden/${BW_USER}/client_id | awk 'NR==1{print $1}')
export BW_CLIENTSECRET=$(pass redhat/bitwarden/${BW_USER}/client_secret | awk 'NR==1{print $1}')
bw login ${BW_USER}@redhat.com --apikey
export BW_PASSWORD=$(PASSWORD_STORE_DIR=~/.password-store-work pass show redhat/bitwarden/${BW_USER}/pwd | awk 'NR==1{print $1}')
export BW_SESSION=$(bw unlock --passwordenv BW_PASSWORD --raw)

bw list items | jq .
cmoulliard commented 2 years ago

The bitwarden client command to create or insert a key/value in a store is more verbose than password store and requires to use a json object - https://bitwarden.com/help/cli/#create ? Can we simplify this process ? @jacobdotcosta

Remark: To be honest, I don't really see the advantage to use bitwarden as it is far verbose to be used vs password store.

Example to create a user/pwd for an item of type login 

bw get template item | jq ".name=\"My Login Item\" | .login=$(bw get template item.login | jq '.username="jdoe" | .password="myp@ssword123"')" | bw encode | bw create item

WDYT? @iocanel @metacosm @aureamunoz @BarDweller @Sgitario @geoand @jacobdotcosta

geoand commented 2 years ago

I don't have much experience with either, but that does look like the case