Jump to content

Bitwarden CLI - Get passwords, username, TOTP and more from Bitwarden


Recommended Posts

15 hours ago, deanishe said:

 

This. If you care who your apps are talking to, I can't recommend Little Snitch enough. I'm really annoyed Apple have changed Big Sur so that Apple's own programs can bypass 3rd-party firewalls.

 

 

@deanishe – According to Patrick Wardle, the macOS 11.2 beta 2 suggests that Apple is removing this policy going forward! 

 

And kudos to @blacs30 for an awesome workflow!

Link to post
  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I guess they were referrring to   So storing both the encrypted data and the en-/decryption key in the same unprotected storage ("plainly on disk") is indeed a horrible idea. Storing it in

Bitwarden Alfred Workflow https://github.com/blacs30/bitwarden-alfred-workflow     Features * Completely rewritten in go * fast secret / item search thanks to caching (no

@deanishe – According to Patrick Wardle, the macOS 11.2 beta 2 suggests that Apple is removing this policy going forward!    And kudos to @blacs30 for an awesome workflow!

Posted Images

8 hours ago, blacs30 said:

Secure note content is hidden in the workflow and is treated like a password.

 

Ah, ok, thanks for explaining that. I suppose viewing the secure note content in the workflow would compromise security you've built into the app? What about an option to "View in Bitwarden"—whether the Desktop app or online?

Link to post
  • 4 weeks later...
On 1/13/2021 at 1:56 PM, deanishe said:

All in all, very well done. @blacs30 is very security aware. I would trust this workflow much more than the browser extension, which was written—at least in part—by idiots.

@deanishe Could you explain the "idiots" comment re the Bitwarden browser extension? I looked through the linked discussion, but I'm not savvy enough to understand what the problem is.

Link to post

I guess they were referrring to

Quote

For the browser extension, all vault data is stored using the chrome.storage API. [...] chrome.storage is considered an unprotected data storage medium since it's just plainly on the client disk. [...] Currently the browser extension also stores the encryption key in chrome.storage.

 

So storing both the encrypted data and the en-/decryption key in the same unprotected storage ("plainly on disk") is indeed a horrible idea. Storing it in a place that is potentially vulnerable to direct access via malicious websites in case the browser itself is attackable via a browser vulnerability is another issue. The latter is the reason why it is generally not the best idea to use a browser's own password management feature.

Link to post

Got it, thanks for explaining. Good to know also about why not to use a browser's password management as well.

 

The convenience of the Bitwarden browser extension is nice. Do you think the developers' blunder is enough not to trust using it now?

Link to post
15 hours ago, paulw said:

Good to know also about why not to use a browser's password management as well.

It is (in my opinion) still way better than not using a password management at all. 

 

15 hours ago, paulw said:

 

The convenience of the Bitwarden browser extension is nice. Do you think the developers' blunder is enough not to trust using it now?

I am not really in a position to judge that. The github issue is more than 4 years old, so I hope they learned something since then. Personally, I am using the Firefox extension without having investigated any closer, I'm trusting (perhaps wrongly so) that a security company does at least a few things right.  

Link to post
16 hours ago, paulw said:

Do you think the developers' blunder is enough not to trust using it now?

 

I think so. Most of the code is re-purposed from the web frontend. I use it, in any case.

 

16 hours ago, paulw said:

Good to know also about why not to use a browser's password management as well.

 

They're at least as safe as a browser extension, and arguably better than copy-pasting passwords from another app.

 

The main advantage of a standalone password manager is that you can put more than just website passwords in there.

Link to post
  • 4 weeks later...

@blacs30 Hi there, thanks for the script. It was working great until the other day, when i tried to update the secrets. I don't seem to be able to log back in again properly. I get the follow ing error message:

 

Error: dyld: Library not loaded: /usr/local/opt/icu4c/lib/libicui18n.67.dylib
  Referenced from: /usr/local/bin/node
  Reason: image not found

 

Can anyone tell me what I have done wrong and, more importantly, how to fix it 🙂

 

Link to post
25 minutes ago, jim465 said:

@blacs30 Hi there, thanks for the script. It was working great until the other day, when i tried to update the secrets. I don't seem to be able to log back in again properly. I get the follow ing error message:

 

Error: dyld: Library not loaded: /usr/local/opt/icu4c/lib/libicui18n.67.dylib
  Referenced from: /usr/local/bin/node
  Reason: image not found

 

Can anyone tell me what I have done wrong and, more importantly, how to fix it 🙂

 

@jim465

This issue looks unrelated to the workflow itself but related to either the node or bitwarden-cli installation itself.

How did you install bitwarden-cli, via brew or npm?  I assume that a simple bw command like `bw -v` will fail as well? Try reinstalling it.

Link to post
29 minutes ago, jim465 said:

Can anyone tell me what I have done wrong and, more importantly, how to fix it

 

Your Homebrew Node is out of whack with its dependencies. Reinstall it by running this command in a shell:

 

brew reinstall node

 

Might be a good idea to run brew update first, or even brew upgrade to install the latest versions of everything (which should also fix the issue).

Edited by deanishe
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...