Home

Awesome

bw

Bitwarden Zsh plugin - provides formatting options and easy acces to credentails stored in Bitwarden via the Bitwarden CLI. The plugin tries to retrieve a valid session before each action, therefore an explicit login is not nescessary beforehand.

Requirements

The following addtional tools are required to use the Bitwarden Zsh plugin:

Bitwarden cli - https://bitwarden.com/download/

jq - https://github.com/stedolan/jq/releases/latest/download - tested version 1.6

fzf - https://github.com/junegunn/fzf/releases/latest/download - tested version 0.29.0

gocred - https://github.com/begris/gocred/releases/latest/download - tested version 1.0.0

The Bitwarden Zsh plugin provides install functions for each tool, but you should consider using the package manager of your operating system if possible. On Cygwin installations there might be an issue with the provided fzf version. If it is to old you can use the bw-install-fzf function, which will download and install the latest version from the Github repository.

As gocred is currently not provided by any package manager, you can install it using bw-install-gocred.

Commands

commanddescriptionparameters
bw-searchsearch credential and copy to secure store (BW_CLIP), if gocred is available. Displays the list of credentails found for further selection or copies if only one exact match was found.argument as searchterm (bw list --search searchterm)<br/>opt. -j | --json for json output of selected entry
bw-search-organizationsee bw-search, but only searches for organizational credentialsargument as searchterm (bw list --organizationid notnull --search <searchterm>)
bw-search-personalsee bw-search, but only searches for personal credentialsargument as searchterm (bw list --organizationid null --search <searchterm>)
bwsalias for bw-search
bwoalias for bw-search-organization
bwpalias for bw-search-personal
bw-loginperforms a Bitwarden login. Checks the bitwarden status beforehand and performs an unlock or login accordingly, but only if necessary. Bitwarden username can be provided as argument. If not given tries to retrieve username from bw-user hook, which may be implemented in any way. The session is exported as BW_SESSION environment variable, so it is available to other CLI calls. If gocred is available the session key is also stored in the credential store and can be used by serveral sessions (multiple terminal windows) on one system.optional login name
bwlalias for bw-login
bw-userhook for Bitwarden username. Simplest possible implementation function bw-user { echo "email@domain.tld" } added to .zshrc. But anything should be possible, see examples for inspiration.
bw-copycopies [opt. username] and password to BW_CLIP using gocred
bw-pastepaste username and password from BW_CLIP
bw-paste-userpaste username from BW_CLIP
bw-paste-passwordpaste password from BW_CLIP
bw-clip-resetnot yet implemented will delete BW_CLIP
bw-clipboard-usernot yet implemented copies the username to the standard clipbord and removes it after the specified timeout BW_CLIPBOARD_TIMEOUT. Default timeout is 15 seconds.
bw-clipboard-pwnot yet implemented copies the password to the standard clipbord and removes it after the specified timeout BW_CLIPBOARD_TIMEOUT. Default timeout is 15 seconds.
bw-clipboard-clearnot yet implemented clears the clipboard
bw-clipboard-timeoutnot yet implemented copies the input stream to the clipboard and clears the clipboard after the specified timeout BW_CLIPBOARD_TIMEOUT. Default timeout is 15 seconds.
bw-orgIdreturns the id of the first orgaization
bw-orgMemberreturns a list of the members of bw-orgId
bw-orgCollectionsreturns a list of the collections of bw-orgId
bw-getFieldreturns a standard field from the selected entry (jsonpath without leading .)argument for jsonpath
bw-getCustomFieldreturns a custom field value from the selected entryfield name as argument
bw-install-cliinstalls Bitwarden CLIoptional installdir
bw-install-fzfinstalls fzfoptional installdir
bw-install-gocredinstalls gocredoptional installdir
bw-install-jqinstalls jqoptional installdir

Formatting options

:warning: These formatting options are build to be used with the "plain" Bitwarden cli - these do not work in conjunction with the aliases provided by the Bitwarden Zsh plugin.

commanddescriptionexample
bw-asListformat json result as table, json keys are used as table header
bw-asCredentialListextracts only the fields .name, .login.username, .id, .folder, .organizationId and display as table (see bw-asList) from all entries.
bw-asPasswordextracts the password of a json entry and outputs as argument for usage in shell
bw-asTsvListlike bw-asList but outputs a tab separated list for futher formatting
bw-asCredentialslike bw-asCredentialList but with the fields .name, .login.username, .login.uris[0].uri, .id
bw-asUsernamePasswordlike bw-asPassword but returns two arguments username password
bw-unescaperemoves the quotes of an entrybw-paste-user | bw-unescape
bw-clean-string-valuereplaces json strings with empty strings. In some cases strings are not correctly encoded by the Bitwarden CLI and prevent parsing by jq or other tools.bws hostname | bw-clean-string-value uri password

examples

formatting examples

bw-asCredentialList

❯ bw list items --search test --organizationid null | bw-asCredentialList
NAME   USERNAME       ID                                    FOLDER  ORG
test   user           a0789a74-b8f1-445c-9ea7-ae5b00d7cce0
test2  user2          901b6362-25d5-45d7-9acf-ae5b00d85e83
test3  user@site.com  31f117da-ac04-4c99-812e-ae5b00d87393

bw-asCredentials && bw-asList

❯ bw list items --search test --organizationid null | bw-asCredentials | bw-asList
NAME   USERNAME       URL  ID
test   user                a0789a74-b8f1-445c-9ea7-ae5b00d7cce0
test2  user2               901b6362-25d5-45d7-9acf-ae5b00d85e83
test3  user@site.com       31f117da-ac04-4c99-812e-ae5b00d87393
test4  user                229bc07d-835e-4e42-a59b-ae5b00df50f2

bw-asCredentials && bw-asTsvList

❯ bw list items --search test --organizationid null | bw-asCredentials | bw-asTsvList
NAME    USERNAME        URL     ID
test    user            a0789a74-b8f1-445c-9ea7-ae5b00d7cce0
test2   user2           901b6362-25d5-45d7-9acf-ae5b00d85e83
test3   user@site.com           31f117da-ac04-4c99-812e-ae5b00d87393
test4   user            229bc07d-835e-4e42-a59b-ae5b00df50f2

bw-asPassword && bw-unescape

❯ bw get item 'test4' | bw-asPassword
'secret'
❯ bw get item 'test4' | bw-asPassword | bw-unescape
secret

selection of a custom field

  1. Search for items matching host1 - open entry selection if more than result
  2. get the value of the custom field Hostname - returns nothing if field does not exist
  3. pastes to user name of the selected item
echo "Do magic on host $(bws --json host1 | bw-getCustomField Hostname) with user $(bw-paste-user)"

check if an item was actually selected

  1. Search for items matching host1 - open entry selection if more than result
  2. check if an item was selected (return code 0) or if the selection was aborted (return code 1)
  3. get the value of the custom field Hostname - returns nothing if field does not exist
  4. perform action with Hostname field, e.g. connecting via ssh
json=$(bws --json host1); if [[ $? == 0 ]]; then h=`echo $json | bw-getCustomField Hostname`; echo echo "connect to $h"; else echo "ohh no - more lemmings"; fi

bw-user hook

The hook should be implemented in your .zshrc or any other resource file loaded before using the plugin commands itself.

use shell variable

export USER_EMAIL="email@domain.tld"

function bw-user() {
	echo $USER_EMAIL
}

use email address from git configuration

function bw-user() {
	git config --global user.email
}

get user from AD session

# get user principal from current windows session
upn() {
    if [[ -z "$UPN" ]]; then
        cUPN=$(powershell 'Get-ADUser -Identity $env:USERNAME -Properties *| select-object -first 1 | foreach { $_.UserPrincipalName } | Write-Host -NoNewline');
        export UPN=$cUPN;
    fi
    echo $UPN
}

function bw-user() {
    upn
}