surgiie/bitvault-cli

This package is abandoned and no longer maintained. No replacement package was suggested.

v0.5.0 2022-12-14 06:33 UTC

This package is auto-updated.

Last update: 2022-12-17 19:45:21 UTC


README

A small wrapper proxy cli around the @bitwarden/cli for adding encrypted password/note content to a BitWarden vault using a separate password from your vault password.

Introduction

Bitwarden already encrypts your vault, and this is simply an extra intermediate encryption layer for reading/writing encrypted content from/to your vault using a separate password from your vault password.

Install

composer global require surgiie/bitvault-cli

Ensure composer global vendor path is available on $PATH:

export PATH=~/.config/composer/vendor/bin:$PATH

Encryption Used

This cli uses the AES-256-CBC cipher for encryption and a encryption key generated from a given password using php's PBKDF2.

Read password from file:

If you prefer not passing your cli password via the terminal, you can load your phrase from file:

bitvault new:login ... --password-file=<path>

This will read, trim all leading/trailing whitespace and read secret from the given file path.

Creating New Login:

bitvault new:login GITHUB_LOGIN --username=<login-username> --login-password=<secret> --password=<encryption-our-password> --url=github.com

You can also specify which folder to put login in with: --folder and passing in the exact folder name as its named in your vault.

Note When omitted, password and password will prompt you for input, you may also read from files as documented in this readme.

Read password from file:

If you prefer not passing your password when creating new login, you can load your password from file:

bitvault new:login ... --password-file=<path>

This will read, trim all leading/trailing whitespace and read password from the given file path.

Create New Secure Note:

bitvault new:note EXAMPLE --content=foo --password="<encryption-password>"

Or read from file:

bitvault new:note EXAMPLE --content-file=/some/file --password="<encryption-password>"

You can also specify which folder to put login in with: --folder and passing in the exact folder name as its named in your vault.

Get Item

To get a login or secure note item decrypted:

bitvault get:<note|login> EXAMPLE --password="<encryption-password>"

This will print out the full json object of the item to terminal.

Reencrypt All Items

bitvault reencrypt --old-password="<old-encryption-password>" --new-password="<encryption-password>"

Note This only works if the same password is used for all items in your vault.

Copy To Clipboard

On windows wsl2/ubuntu for windows, copy.exe will be used, while on linux, xclip should be installed.

To copy a note: bitvault get:note EXAMPLE --password="<encryption-password>" --copy --silent

To copy a login: bitvault get:note EXAMPLE --password="<encryption-password>" --copy-field=<username|password> --silent

Note The --silent option prevents the item json from being written out to the terminal.

Export Items to .env files

You can export your vault items to .env files easily:

bitvault export:env-file --name=some-vault-item-name --name=some-other-item-name --password="<your-password>"

This will add the vault items with names some-vault-item-name and some-other-item-name to an .env file in the current directory as SOME_VAULT_ITEM_NAME and SOME_OTHER_ITEM_NAME with their respected decrypted password/notes.

Note: Name options will be converted to snake case as its standard convention for env variables.

To customize file path use the --path=/some/custom/env/file option.

Remember To Logout

This cli doesnt manage your session or authenticate, remember to always lock and logout when done bw lock and bw logout and unset the BW_SESSION env variable.