Jump to content

Bitwarden CLI - Get passwords, username, TOTP and more from Bitwarden


Recommended Posts

Bitwarden Alfred Workflow

https://github.com/blacs30/bitwarden-alfred-workflow

 

Quote

Access your Bitwarden passwords, secrets, attachments and more via this powerful Alfred Workflow

 

Features

* Completely rewritten in go
* fast secret / item search thanks to caching (no secrets are cached only the keys/names)
  * cache is encrypted
* access to (almost) all object information via this workflow
* download attachments via this workflow
* show favicons of the websites
* auto update
* uses the [awgo](https://pkg.go.dev/github.com/deanishe/awgo?tab=doc) framework/library
* many customizations possible

Quote

Requires Alfred 4.1 or newer; NOT tested with Alfred 3

 

bitwarden-v2.gif

 

Installation
- Download the latest release https://github.com/blacs30/bitwarden-alfred-workflow/releases
- Open the downloaded file in Finder
- Make sure that the Bitwarden CLI https://github.com/bitwarden/cli#downloadinstall is installed
- If running on macOS Catalina or later, you _**MUST**_ add Alfred to the list of security exceptions for running unsigned software. See  this guide https://github.com/deanishe/awgo/wiki/Catalina for instructions on how to do this.
  - Yes, this sucks and is annoying, but there is unfortunately is no easy way around this. macOS requires a paying Developer account for proper app notarization. I'm afraid I'm not willing to pay a yearly subscription fee to Apple just so that this (free and open source) project doesn't pester macOS Gatekeeper

 

Usage
To use, activate Alfred and type `.bw` to trigger this workflow. From there:

- type `.bwauth` for login/logout/unlock/lock
- type `.bwconfig` for settings/sync/workflow update/help/issue reports
- type any search term to search for secrets/notes/identities/cards
- modifier keys and actions are presented in the subtitle, different actions are available depending on the object type

 

Advanced Features / Configuration

Please see the README in the git repository, the table is better formatted over there https://github.com/blacs30/bitwarden-alfred-workflow/blob/master/README.md


Develop locally

1. Install alfred cli <br>
`go get -u github.com/jason0x43/go-alfred/alfred`

2. Clone [this repo](https://github.com/blacs30/bitwarden-alfred-workflow).

3. Link the workflow directory with Alfred <br>
`cd workflow; alfred link`

4. Install dependency and run the first build<br>
`make build`

 

Colors and Icons

*Light blue*

Hex: #175DDC <br>
RGB: 23,93,220

*Darker blue*

Hex: #134db7 <br>
RGB: 20,81,192

Get icons as pngs here https://fa2png.app/ and this is the browser https://fontawesome.com/cheatsheet


Licensing and Thanks

The icons are based on [Bitwarden Brand](https://github.com/bitwarden/brand) , (https://fontawesome.com/) and [Material Design](https://materialdesignicons.com/) Icons.

Parts of the README are taken over from [alfred-aws-console-services-workflow](https://github.com/rkoval/alfred-aws-console-services-workflow)

Source that helped me to get started

- [Writing Alfred workflows in Go](https://medium.com/@nikitavoloboev/writing-alfred-workflows-in-go-2a44f62dc432)
- [Example of the awgo package] (https://github.com/deanishe/awgo/blob/master/_examples/update/main.go)
- [awgo package](https://pkg.go.dev/github.com/deanishe/awgo?tab=doc)


Troubleshooting

- "I'm seeing the following dialog when running the workflow" catalina-warning.png

  Per the installation steps https://github.com/blacs30/bitwarden-alfred-workfloww#installation, you **_MUST_** add Alfred to the list of Developer Tool exceptions for Alfred to run any workflow that contains an executable (like this one)

Edited by blacs30
Version 2.0.3 released
Link to comment

Hi Andrey,

 

could you send me a screenshot of the error please?

Do you get a pop-up which asks you for the password?

 

If not then it might be that Alfred 3 or Script Editor have to be allowed in the Accessibility settings.

 

Regards

Claas

Screen Shot 2018-08-09 at 23.30.17.png

Screen Shot 2018-08-09 at 23.29.14.png

Link to comment

Hey Claas,

 

I've checked the Accessibility settings and both Alfred and Script editor wasn't there so I've added them manually.

But the problem still persists.

 

Here's the screenshot with the error.

 

My guess is there's something with the path escaping, because the whole path to the workflow is "/Volumes/320GB/Cloud/Resilio Sync/Application Support/Alfred 2/Alfred.alfredpreferences/workflows/user.workflow.1FD14E1C-2721-438B-9A2E-9E449F4D8E88"

 

I'm on Mac OS X 10.11.6 just in case.

 

Cheers,

Andrey

Screen Capture 2018-08-12 at 13.43.14.jpg

Edited by Andrey Ivanov
Link to comment

Hi Andrey,

 

oh, I am sorry. It could be now some issue with keychain.

Can you please do the following:

Check in the keychain if a session-key entry exist.

 

And could you please also enable debug (the bug in the top right corner) in Alfred and post the result, shouldn't contain complete secrets.

 

Thanks a lot.

 

 

Edit:

Please see version 1.2.1. I hope this fixes your issue.

Thanks for your patience.

 

 

 

 

Screen Shot 2018-08-21 at 17.26.24.png

Screen Shot 2018-08-21 at 17.26.39.png

Edited by blacs30
add edit section with a link to a new version.
Link to comment

Doesn't work for me, keeps saying my master password is incorrect :(. Might have something to do with my master password -- it contains spaces. Looking at the login python code, it seems to call bw --raw unlock {password}, and so I added quotes to my password like 

"password with spaces"

but it still does not work. Calling the command directly in the cli does work, so I'm not sure how it's being processed by the script.

 

EDIT: Tracing the code, it seems like calling split is causing the issue, will try to change the delimiter and test

 

EDIT2: Fixed by changing the delimiter to something else, make sure you call rstrip() on cmd to remove the newline too.

def login(login_mail, mfa_enabled=None, mfa_method=None):
    ........

    if not mfa_enabled:
        # NOTE: DELIMITER CHANGED TO [[[, replace all spaces in cmd with [[[
        cmd = "/usr/local/bin/bw[[[--raw[[[login[[[{login_mail}[[[{password}".format(login_mail=login_mail, password=password)
    elif mfa_enabled and not mfa_method:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw[[[--raw[[[login[[[{login_mail}[[[{password}[[[--code[[[{mfa_code}".format(login_mail=login_mail, password=password, mfa_code=mfa_code)
    else:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw[[[--raw[[[login[[[{login_mail}[[[{password}[[[--method[[[{mfa_method}[[[--code[[[{mfa_code}".format(login_mail=login_mail, password=password, mfa_method=mfa_method, mfa_code=mfa_code)
    # NOTE: Since delimiter is not default, need to strip new line
    cmd = cmd.rstrip()
    proc = Popen(cmd.split("[[["), env=my_env, stdout=PIPE, stderr=PIPE)
    out, err = proc.communicate()
    ........

 

Edited by springles
Link to comment

Hi @springles,

 

thanks for reporting this issue and fixing it. 

Version 1.2.2 supports spaces in passwords now.

 

I've used shlex.split() and double quotes around the password.

https://github.com/blacs30/bitwarden-alfred-workflow/releases/tag/1.2.2

 


def login(login_mail, mfa_enabled=None, mfa_method=None):
[...]

    if not mfa_enabled:
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\"".format(login_mail=login_mail.strip(), password=password.strip())
    elif mfa_enabled and not mfa_method:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\" --code {mfa_code}".format(login_mail=login_mail.strip(), password=password.strip(), mfa_code=mfa_code.strip())
    else:
        mfa_code, err, status, message = build_osascript(login_mail, 'Enter Bitwarden second factor code', True)
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\" --method {mfa_method} --code {mfa_code}".format(login_mail=login_mail.strip(), password=password.strip(), mfa_method=mfa_method.strip(), mfa_code=mfa_code.strip())

    split_cmd = shlex.split(cmd)
    proc = Popen(split_cmd, env=my_env, stdout=PIPE, stderr=PIPE)

 

Link to comment
On 8/26/2018 at 5:47 PM, blacs30 said:

 


def login(login_mail, mfa_enabled=None, mfa_method=None):
[...]
        cmd = "/usr/local/bin/bw --raw login \"{login_mail}\" \"{password}\" --method {mfa_method} --code {mfa_code}".format(login_mail=login_mail.strip(), password=password.strip(), mfa_method=mfa_method.strip(), mfa_code=mfa_code.strip())

[...]
    split_cmd = shlex.split(cmd)
    proc = Popen(split_cmd, env=my_env, stdout=PIPE, stderr=PIPE)

 

 

If you don't mind my saying, that's a bit of an odd way to go about it. Precisely because Popen takes a list of arguments, not a string, you don't have to bugger about with all the formatting and  escaping. It should look more like this:

from pipes import quote
cmd = ['/usr/local/bin/bw',
       '--raw', 'login %s %s' % (quote(login_mail.strip()), quote(password.strip())),
       '--method', mfa_method.strip(),
       '--code', mfa_code.strip()]

proc = Popen(cmd, env=my_env, stdout=PIPE, stderr=PIPE)

 

Link to comment
  • 5 months later...
3 hours ago, blacs30 said:

Hi @andresm1126

for 2fa please enable 2fa in the Alfred workflow with `bwset2fa on`

In case you were already logged in in Alfred (which I think is not the case for you) logout first `bwlogout` and then login again with `bwlogin`

Hi @blacs30 The issue in my case is that I already had 2fa enabled form the website, so when I try bwlogin I get an error message since there's no option to enter the 2fa code

 

Link to comment

@andresm1126

I understand, I have it the same way. The bitwarden alfred workflow will ask you for the 2fa code (6 digits) - but for this you need to use the command `bwset2fa on` in Alfred. That will tell the workflow when you login via alfred to ask 1. for the password and then 2. for the 6 digit 2fa code.

 

Screenshot attached, hope that helps.

Screenshot 2019-03-07 at 15.56.15.png

Link to comment
5 minutes ago, blacs30 said:

@andresm1126

I understand, I have it the same way. The bitwarden alfred workflow will ask you for the 2fa code (6 digits) - but for this you need to use the command `bwset2fa on` in Alfred. That will tell the workflow when you login via alfred to ask 1. for the password and then 2. for the 6 digit 2fa code.

 

Screenshot attached, hope that helps.

Screenshot 2019-03-07 at 15.56.15.png

 

@blacs30 Gotcha, thank you so much!!!

Link to comment
  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...