Jump to content

Bitwarden CLI - Get passwords, username, TOTP and more from Bitwarden


Recommended Posts

@blacs30 Could you add notifications for login? Like "Login successful"  / "Cannot login - Incorrect password" ?
Also: Is there any clipboard wiping done after a few seconds? Other security measures in place?

Edited by Petru
Link to post
  • 4 weeks later...
  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Bitwarden Alfred Workflow https://github.com/blacs30/bitwarden-alfred-workflow     Features * Completely rewritten in go * fast secret / item search thanks to caching (no

@deanishe – According to Patrick Wardle, the macOS 11.2 beta 2 suggests that Apple is removing this policy going forward!    And kudos to @blacs30 for an awesome workflow!

With version 2.0.0 I have rewritten the complete workflow and added many new features.   I've released version 2.0.3 now and updated the first post in this thread You can find the late

Posted Images

I installed this workflow and installed the Node version of the CLI, but the workflow doesn't work for me. I set the email, I set the server, and when i try to login and type bwlogin and hit enter, nothing happens. The Alfred search bar disappears, and that is it. Am I doing something wrong?

Link to post

@alexbet Thanks for reporting this issue. So the workflow doesn't ask you for the password for your bitwarden account, correct?

Which macOS version do you run? Are you running Alfred 4 and have you upgraded it from version 3 or is it der first time you are using Alfred?

Did you allow Alfred in the Accessibility settings (System Preferences > Security & Privacy > Privacy > Accessibility > add Alfred here)

 

Currently there is a known issue for a clean Alfred 4 installation on macOS without having Alfred 3 installed before that. I didn't find time to fix it yet.

Link to post

Hi @blacs30 you are correct, the workflow doesn't ask for a password when I try to login with my BitWarden account. I am using the latest Mac OS X 10.14.6. Yes, I upgraded Alfred from v3 to v4, and I am running the latest Alfred 4.0.4 version. Also, Alfred is already enabled in the Privacy/Accessibility settings in System Preferences.

 

Edited by alexbet
Link to post

@blacs30, here is what appears in the debugging console when I try to login (see the error):

 

[12:14:41.910] Logging Started...
[12:14:51.982] Bitwarden CLI[Keyword] Processing complete
[12:14:51.983] Bitwarden CLI[Keyword] Passing output '' to Run Script
[12:14:52.520] ERROR: Bitwarden CLI[Run Script] 2910:2911: syntax error: Expected end of line but found “"”. (-2741)
[12:14:52.523] Bitwarden CLI[Run Script] Processing complete
[12:14:52.523] Bitwarden CLI[Run Script] Passing output '' to Post Notification

Link to post

Hi blacs30,

 

This is an amazing Workflow but im running into some issues getting it up and running and it would be great if you could help me out and if you can explain whats going wrong in the code as well that would be amazing (ive had a bit of a poke around but dont have much experience with Python).

 

Im running version 1.2.4 and Alfred 4 with Script Editor and Alfred both added to the Accessibly permissions of Privacy and Security.

 

When trying to Login the enter password popup shows but when I enter my password nothing happens, here is the log from the debug console (ive managed to login via the bitwarden-cli in the terminal btws)

 

Cheers

[22:32:04.480] Bitwarden CLI[Keyword] Processing complete
[22:32:04.481] Bitwarden CLI[Keyword] Passing output '' to Run Script
[22:32:09.923] STDERR: Bitwarden CLI[Run Script] .
22:32:04 workflow.py:2055 DEBUG    ---------- Bitwarden CLI (1.2.4) ----------
22:32:04 <string>:120 DEBUG    MAIN: Started
22:32:04 <string>:132 DEBUG    MAIN: 2fa method not set
22:32:04 <string>:142 DEBUG    MAIN: 2fa not used
22:32:04 <string>:97 DEBUG    START get_bw_exec
22:32:04 <string>:106 DEBUG    END found get_bw_exec
22:32:04 <string>:149 DEBUG    MAIN: Start login without 2fa
22:32:04 <string>:54 DEBUG    login: - bw Start running bw login
22:32:04 <string>:17 DEBUG    login: START for ********@mail.com and title: Enter Bitwarden password
22:32:04 <string>:37 DEBUG    login: START osascript to ask for the password.
22:32:09 <string>:40 DEBUG    login: Evaluate returned result status from the password entry.
22:32:09 <string>:45 DEBUG    login: osascript - An error occured: 2019-09-28 22:32:04.818 osascript[96370:371271] isPrefsCreateCacheFromEnabledAndDefaultInputSources - can't find anything from GetInputSourceEnabledPrefs, use defaultASCIIKeyLayoutDict = <CFBasicHash 0x7fb48d532f10 [0x7fff9600f8e0]>{type = mutable dict, count = 3,
entries =>
	0 : <CFString 0x7fff9607a818 [0x7fff9600f8e0]>{contents = "InputSourceKind"} = <CFString 0x7fff960bfd58 [0x7fff9600f8e0]>{contents = "Keyboard Layout"}
	1 : <CFString 0x7fff960abe98 [0x7fff9600f8e0]>{contents = "KeyboardLayout ID"} = <CFNumber 0x7c28f854af23cc1f [0x7fff9600f8e0]>{value = +2, type = kCFNumberSInt64Type}
	9 : <CFString 0x7fff96075518 [0x7fff9600f8e0]>{contents = "KeyboardLayout Name"} = British
}

22:32:09 workflow.py:2074 ERROR    local variable 'out' referenced before assignment
Traceback (most recent call last):
  File "workflow/workflow.py", line 2067, in run
    func(self)
  File "<string>", line 150, in main
  File "<string>", line 57, in login
UnboundLocalError: local variable 'out' referenced before assignment
22:32:09 workflow.py:2097 DEBUG    ---------- finished in 5.290s ----------
[22:32:09.928] Bitwarden CLI[Run Script] Processing complete
[22:32:09.929] Bitwarden CLI[Run Script] Passing output '<?xml version="1.0" encoding="utf-8"?>
<items><item valid="no"><title>Error in workflow 'Bitwarden CLI'</title><subtitle>local variable 'out' referenced before assignment</subtitle><icon>/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns</icon></item></items>' to Post Notification

 

Link to post
  • 3 months later...

Hi @blacs30,

 

I'm so excited to get this one working! Kudos for the work. It seems that I'm having some issues and wanted to put them out there in case someone is having a similar issue and for your information so that it can be resolved:

 

Environment:

MacOs Catalina v10.15.2

Homebrew: v2.2.2

bitwarden cli: v1.8.0

Alfred: v3.8.6

Alfred Bitwarden Workflow: v1.2.4 (Only because the latest version v1.3.0 -I think- is "incompatible" with Alfred version 3.8.6)

 

Actions:

  • bwsetemail - Set the Bitwarden user account email
  • bwsetserver - Set the Bitwarden server to connect to
  • bwset2fa - Enable 2FA for Bitwarden login
  • bwset2famethod - Set the method for the Bitwarden 2FA login (1)
  • bwlogin - Log in to Bitwarden
  • Verified that the accessibility is correctly set up as recommended earlier in the thread.

Issue:

[2020-01-10 11:32:44][input.keyword] Processing output of 'action.script' with arg ''
[2020-01-10 11:33:09][ERROR: action.script] .
11:32:44 workflow.py:2055 DEBUG    ---------- Bitwarden CLI (1.2.4) ----------
11:32:44 <string>:120 DEBUG    MAIN: Started
11:32:44 <string>:97 DEBUG    START get_bw_exec
11:32:44 <string>:106 DEBUG    END found get_bw_exec
11:32:44 <string>:157 DEBUG    MAIN: Start login with 2fa and method set to: 1
11:32:44 <string>:54 DEBUG    login: - bw Start running bw login
11:32:44 <string>:17 DEBUG    login: START for ***********@gmail.com and title: Enter Bitwarden password
11:32:44 <string>:37 DEBUG    login: START osascript to ask for the password.
11:32:51 <string>:40 DEBUG    login: Evaluate returned result status from the password entry.
11:32:51 <string>:17 DEBUG    login: START for alvarobolanos@gmail.com and title: Enter Bitwarden second factor code
11:32:51 <string>:37 DEBUG    login: START osascript to ask for the password.
11:33:05 <string>:40 DEBUG    login: Evaluate returned result status from the password entry.
11:33:08 <string>:73 DEBUG    login: bw Evaluating bw login result
11:33:08 <string>:78 DEBUG    login: bw An error occured: [object Object]
11:33:08 <string>:159 DEBUG    MAIN: 2fa with method set login result:  (trimmed)
11:33:08 <string>:162 DEBUG    MAIN: Error occured: [object Object]
11:33:09 workflow.py:2097 DEBUG    ---------- finished in 24.185s ----------
[2020-01-10 11:33:09][action.script] Processing output of 'output.notification' with arg 'error output: [object Object]
'

 

Here's the notification related to it.

 

KeuYPME.png

 

Let me know if you need more information and I'll be happy to share what I can.

 

Regards.

 

Edited by Al30
Added @ and 2fa option I've selected.
Link to post
  • 4 months later...
On 1/10/2020 at 5:55 PM, Al30 said:

Hi @blacs30,

 

I'm so excited to get this one working! Kudos for the work. It seems that I'm having some issues and wanted to put them out there in case someone is having a similar issue and for your information so that it can be resolved:

 

 

I'm sorry not to have answered before @Al30 . I think I messed up my notifications here from the forum.

Do you still need help? For the logs it looked like that the setting for 2fa mode might have been wrong. I would ask you to try to login via cli in the terminal. If the cli asks you to choose an 2fa auth method (which only happens if multiple 2fa ways are setup) then you need to configure the method otherwise it's 0.

Edited by blacs30
Link to post
On 9/28/2019 at 11:51 PM, thomasSDK said:

Hi blacs30,

 

This is an amazing Workflow but im running into some issues getting it up and running and it would be great if you could help me out and if you can explain whats going wrong in the code as well that would be amazing (ive had a bit of a poke around but dont have much experience with Python).

 

Im running version 1.2.4 and Alfred 4 with Script Editor and Alfred both added to the Accessibly permissions of Privacy and Security.

 

When trying to Login the enter password popup shows but when I enter my password nothing happens, here is the log from the debug console (ive managed to login via the bitwarden-cli in the terminal btws)

 

 

 

 

Also sorry to you @thomasSDK for my very very last reply. I will configure my notifications here on the forum.

 

This error you showed looks heavily like this one https://stackoverflow.com/questions/53603246/strange-error-running-osascript-e-command-on-macos-mojave

Edited by blacs30
Link to post
  • 2 weeks later...

Hello I am using High Sierra and Alfred v4 and v1.30 extension and I have the same problem. I use bwsetemail me@mail.com & hit ENTER and nothing happens... I tried to add another keyboard input (as you suggested a bug in MOVAJE) but it doesn't work...

 

However if I use bwlogin I can see a popup.

 

I have tried bitwarden cli and it works perfectly in terminal.

 

Could you please help me? I really NEED this workflow.

 

Thanks in advance

Link to post
2 hours ago, raultaboraz said:

and nothing happens...

 

That isn’t a useful description of the problem. Something is happening, and we need to know what it is in order to help you. What does Alfred's debugger say?

Link to post
2 hours ago, raultaboraz said:

I use bwsetemail me@mail.com & hit ENTER and nothing happens...

 

If Alfred is allowed to send notifications you should set a confirmation notification like this (screenshot 1)

 

You can also double check the keychain if items have been created there. 

Open the app "Keychain Access", search for "bitwarden", you should be able to see couple of entries, but at least the one for the email-address.

 

Can you try to search for an item like "bw google", it could be that you also need to run "bwunlock", that is needed in case bitwarden cli unlock is run in the meantime. It is so that bitwarden then invalidates the previous generated session key.

 

Thanks @deanishe taking part here as well, it's an honour ;) I hope to soon fully rewrite this workflow in go with help of your library.

 

Screenshot 2020-05-29 at 13.03.31.png

Screenshot 2020-05-29 at 13.03.59.png

Link to post

I updated from version 1.4.0 to version 2.0.3.
I was looking forward to the new Workflow, but it doesn't seem to work as well as it should.

 

In the new Workflow, the command was changed to ".bw", so I typed it in.
Alfred thinks for a moment and then only shows the ".bwauth unlock" option.

Looking at GitHub, I can see that I can change the settings with the command ".bwconfig", but when I type that command, it says ".bwauth unlock".

 

I thought the Bitwarden CLI was not unlocked and ran ".bwauth unlock".

Then I was prompted to enter my password.
I joyfully entered my password.

But next, I was asked to enter "2FA".
Since I don't have 2FA enabled, I get an error no matter what I enter.

 

You won't find these steps in Git's ReadMe either.
It looks like I can change the enable/disable of 2FA, but I can't get to ".bwconfig" and change it.

Obviously, the new Workflow has a problem.
I immediately reverted to version 1.4.0.

 

Link to post
  • 4 months later...
On 8/11/2020 at 10:56 PM, new member said:

But next, I was asked to enter "2FA".

Since I don't have 2FA enabled, I get an error no matter what I enter.

Go to the workflow environment variables, and change "2FA_ENABLED" from to "true" to "false", and then you can log in.

Edited by paulw
Link to post
  • 2 weeks later...

Hi,

I would love to start using this workflow. I'm not a expert in reading code so I don't really understand what's happening under the hood. I just wanted to ask if it is secure to use this workflow and if there is any of my data (email, masterpassword) beeing send to the workflow developer or to any servers.

 

Best regards

Noah

Link to post
1 hour ago, Hoogo said:

if there is any of my data (email, masterpassword) beeing send to the workflow developer or to any servers.

 

So, I've just gone through the source code.

 

All the workflow does with your email & master password is pass them to the Bitwarden CLI client (it does save the email, but not the password). The only network connections the workflow itself makes are to fetch favicons and to check for updates.

 

The workflow caches your Bitwarden data (for speed), but the data are encrypted on disk, the encryption key is stored in your Keychain, and the cached data are deleted when you lock Bitwarden.

 

All in all, very well done. @blacs30 is very security aware. I would trust this workflow much more than the browser extension, which was written—at least in part—by idiots.

 

Also, thanks for getting me to look at the source code. I am totally going to steal the trick of fetching favicons from DDG. Thanks @blacs30!

Edited by deanishe
Link to post
42 minutes ago, deanishe said:

 

So, I've just gone through the source code.

 

All the workflow does with your email & master password is pass them to the Bitwarden CLI client (it does save the email, but not the password). The only network connections the workflow itself makes are to fetch favicons and to check for updates.

 

The workflow caches your Bitwarden data (for speed), but the data are encrypted on disk, the encryption key is stored in your Keychain, and the cached data are deleted when you lock Bitwarden.

 

All in all, very well done. @blacs30 is very security aware. I would trust this workflow much more than the browser extension, which was written—at least in part—by idiots.

 

Also, thanks for getting me to look at the source code. I am totally going to steal the trick of fetching favicons from DDG. Thanks @blacs30!

 

Thank you @deanishe, was only my second golang project but with the Alfred go package provided by you it was fun, and the github interactions since then grew. 

Currently there is one open improvement on github which makes sense to me: optional time based lock of the Bitwarden workflow.
As said already, the encryption key is stored in Keychain and it stays there until manually "lock" or "logout" is called from the workflow (or manually deleted via Keychain) or it get's invalidated by another Bitwarden cli client login in the meantime.

The locally cached data also doesn't contain any secrets (unless secrets are put into non secret fields like username or name of the secret).

Link to post
2 hours ago, Hoogo said:

Hi,

I would love to start using this workflow. I'm not a expert in reading code so I don't really understand what's happening under the hood. I just wanted to ask if it is secure to use this workflow and if there is any of my data (email, masterpassword) beeing send to the workflow developer or to any servers.

 

Best regards

Noah

 

Good that you ask and not just "trust" or "hope". Little snitch is a great firewall which can show up all the hidden traffic going out from applications.

Link to post
21 minutes ago, blacs30 said:

Currently there is one open improvement on github which makes sense to me: optional time based lock of the Bitwarden workflow

 

Definitely a good feature to have. How would you do that? Have a background job running that deletes the cache and exits after it's been running for X minutes, and then kill the job every time the user uses the workflow?

 

24 minutes ago, blacs30 said:

with the Alfred go package provided by you it was fun

 

Thanks! Please let me know if you have any feedback. I've got very little feedback on the library one way or the other, and I'm not sure if that means I nailed it or people really hate it…

 

23 minutes ago, blacs30 said:

Little snitch is a great firewall which can show up all the hidden traffic going out from applications.

 

This. If you care who your apps are talking to, I can't recommend Little Snitch enough. I'm really annoyed Apple have changed Big Sur so that Apple's own programs can bypass 3rd-party firewalls.

 

Link to post

I just started using this extension, thanks so much @blacs30 for developing it!

 

Suggestion for the future—could you add an option to display details of an item in the vault? For example, I might want to view the contents of a note, or even copy and paste a portion of an item.

 

Link to post
7 hours ago, paulw said:

Suggestion for the future—could you add an option to display details of an item in the vault? For example, I might want to view the contents of a note, or even copy and paste a portion of an item.

 

 

Partly I would say it is implemented. Per default it shows "show more" with the modifier keys command + option (or alt). It shows every possible, used field for each item. any of this can be copied. just it's not currently possible to copy only a part of a field, e.g. a part of a note.
Secure note content is hidden in the workflow and is treated like a password.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...