Closed jeankhawand closed 1 year ago
The current one-liner tip is slightly confusing as it means that you either want to use export BW_SESSION=$(bw login --raw)
or export BW_SESSION=$(bw unlock --raw)
depending on whether you have previously logged into BitWarden. A change to say something like that below would likely be less confusing.
!!! tip "Bitwarden Session One-liner"
Set `BW_SESSION` automatically with:
```console
$ export BW_SESSION=$(bw login --raw) # OR
$ export BW_SESSION=$(bw unlock --raw)
When you run `bw {login,unlock}` it’s trying to login with the email `unlock`, which isn’t valid.
Regardless, the approach of using `run_onchange_before_install-bw-cli.sh` cannot work as shell scripts are always run as subprocesses and they cannot affect the chezmoi operating environment. That is, the `export BW_SESSION` line in your script *will not carry* back into chezmoi or any other scripts. `export BW_SESSION` must be called *prior* to running `chezmoi`.
Alternatively, you could consider using [rbw](https://github.com/doy/rbw) which doesn’t have the same restrictions on session management. It would require changing from `bitwarden*` functions to `rbw*` functions for data retrieval (and there are differences between the functions).
Further thinking:
In *theory*, `pkg/cmd/bitwardentemplatefuncs.go` could be updated to have a `bitwardenGetOrRefreshSessionToken` approach similar to that found for 1Password in `pkg/cmd/onepasswordtemplatefuncs.go` (`onepasswordGetOrRefreshSessionToken`), but there would probably be other changes required to fully support those features. Base *solely* on reading the [Bitwarden documentation](https://bitwarden.com/help/cli/#log-in-to-multiple-accounts), chezmoi would need to:
1. Know the default value for `$BITWARDENCLI_APPDATA_DIR` and check for the existence of `data.json`. More likely, we would need to read it and know the presence of certain keys to know that the account is logged in.
2. If the account is known to be logged in, then execute `bw unlock --raw` like `onepasswordGetOrRefreshSessionToken`.
3. If we wanted to support multiple accounts, the various Bitwarden functions would need to be extended to support a parameter that *translates* back into and appropriate `$BITWARDEN_CLI_APPDATA_DIR` value. This would either be further configuration in `chezmoi.toml` so that you can use shorthand values or would need to be actual directories.
This would be something that someone who uses Bitwarden would need to develop (that is, not me), and preferably someone who has access to multiple Bitwarden accounts.
**Similar** approaches would need to be taken for `rbw*` support of multiple accounts, but since earlier this year it supports running multiple instances of the rbw daemon for different profiles (see doy/rbw#93 for the feature PR) with `RBW_PROFILE`. Again, someone who uses Bitwarden and rbw would need to develop this feature further.
Describe the bug
use Bitwarden Session One-liner to automate login and unlock and then rely on chezmoi runtime to handle filling secrets via
.tmpl
filesTo reproduce
run_onchange_before_install-bw-cli.sh
which install bw cli and then executeexport BW_SESSION=$(bw {login,unlock} --raw)
Email address is invalid
error calling bitwarden: /path/to/bitwarden/bin/bw get item cf_api_key: exit status 1
Expected behavior
should proceed with filling templates file
Output of command with the
--verbose
flagOutput of
chezmoi doctor
Additional context
Update doc
⚠️ since this approach is no longer valid – it will break chezmoi from completing init. Instead, user should have bitwarden installed and logged in and unlocked to proceed with chezmoi init https://github.com/twpayne/chezmoi/blob/899338d4069cc4102cf7d18f658db222d8b64508/assets/chezmoi.io/docs/user-guide/password-managers/bitwarden.md?plain=1#L21-L27