surgiie / bitvault-cli
Installs: 8
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:project
Requires
- php: ^8.0
- guzzlehttp/guzzle: ^7.4
- illuminate/encryption: ^9.42
- illuminate/http: ^9.0
- laravel-zero/framework: ^9.2
- surgiie/console: ^0.16.0
Requires (Dev)
- laravel/pint: ^1.2
- mockery/mockery: ^1.4.4
README
A small wrapper proxy cli around the @bitwarden/cli
for adding encrypted password/note content to a BitWarden vault using a separate password from your vault password.
Introduction
Bitwarden already encrypts your vault, and this is simply an extra intermediate encryption layer for reading/writing encrypted content from/to your vault using a separate password from your vault password.
Install
composer global require surgiie/bitvault-cli
Ensure composer global vendor path is available on $PATH
:
export PATH=~/.config/composer/vendor/bin:$PATH
Encryption Used
This cli uses the AES-256-CBC
cipher for encryption and a encryption key generated from a given password using php's PBKDF2.
Read password from file:
If you prefer not passing your cli password via the terminal, you can load your phrase from file:
bitvault new:login ... --password-file=<path>
This will read, trim all leading/trailing whitespace and read secret from the given file path.
Creating New Login:
bitvault new:login GITHUB_LOGIN --username=<login-username> --login-password=<secret> --password=<encryption-our-password> --url=github.com
You can also specify which folder to put login in with: --folder
and passing in the exact folder name as its named in your vault.
Note When omitted, password
and password
will prompt you for input, you may also read from files as documented in this readme.
Read password from file:
If you prefer not passing your password when creating new login, you can load your password from file:
bitvault new:login ... --password-file=<path>
This will read, trim all leading/trailing whitespace and read password from the given file path.
Create New Secure Note:
bitvault new:note EXAMPLE --content=foo --password="<encryption-password>"
Or read from file:
bitvault new:note EXAMPLE --content-file=/some/file --password="<encryption-password>"
You can also specify which folder to put login in with: --folder
and passing in the exact folder name as its named in your vault.
Get Item
To get a login or secure note item decrypted:
bitvault get:<note|login> EXAMPLE --password="<encryption-password>"
This will print out the full json object of the item to terminal.
Reencrypt All Items
bitvault reencrypt --old-password="<old-encryption-password>" --new-password="<encryption-password>"
Note This only works if the same password is used for all items in your vault.
Copy To Clipboard
On windows wsl2/ubuntu for windows, copy.exe
will be used, while on linux, xclip
should be installed.
To copy a note:
bitvault get:note EXAMPLE --password="<encryption-password>" --copy --silent
To copy a login:
bitvault get:note EXAMPLE --password="<encryption-password>" --copy-field=<username|password> --silent
Note The --silent
option prevents the item json from being written out to the terminal.
Export Items to .env files
You can export your vault items to .env
files easily:
bitvault export:env-file --name=some-vault-item-name --name=some-other-item-name --password="<your-password>"
This will add the vault items with names some-vault-item-name
and some-other-item-name
to an .env
file in the current directory as SOME_VAULT_ITEM_NAME
and SOME_OTHER_ITEM_NAME
with their respected decrypted password/notes.
Note: Name options will be converted to snake case as its standard convention for env variables.
To customize file path use the --path=/some/custom/env/file
option.
Remember To Logout
This cli doesnt manage your session or authenticate, remember to always lock and logout when done bw lock
and bw logout
and unset the BW_SESSION
env variable.