Andy Rosen Posted February 18 Share Posted February 18 Download: https://github.com/ajrosen/Alfred/blob/master/Exported Workflows/Bitwarden Accelerator.alfredworkflow Source: https://github.com/ajrosen/Alfred/tree/master/Bitwarden Accelerator I would include a link to Packal, but all I get is "The website encountered an unexpected error. Please try again later." Bitwarden Accelerator Interact with [Bitwarden CLI](https://bitwarden.com/help/cli/). Key features Login with username and password or API Key Two-step logins with Authenticator app, YubiKey OTP, or Email Copy username, password, or TOTP code to the clipboard Search different fields of an item Any item by its name or folder Logins by username or URL Cards by brand (eg., search for "Visa") Identities by any field in the item Favorite items are listed first Download item attachments Limit searches to a single vault and/or collection to prevent shoulder-surfing View an item in a separate window to copy/paste multiple fields easily Link to comment
dood Posted February 20 Share Posted February 20 (edited) Looks solid! Are there any significant differences with this other Bitwarden workflow? Edited February 20 by dood Link to comment
Andy Rosen Posted February 20 Author Share Posted February 20 Thanks! I think the biggest difference is how they're designed. The other workflow is essentially a single binary, while this is one is a collection of shell scripts and JQ libraries. There are some differences in the interface that I think matter. Theirs does a great job with favicons, but I think it looks better without them. I find it distracting. I really like having "show item" in a dialog window. It stays visible while working in another app, and it's easy to copy/paste multiple fields. I have some integration with web browsers, automatically searching for the current tab's hostname. That was one reason I wrote LastPass Accelerator. Bitwarden's browser extension is a lot better though, so I don't use the workflow while browsing as much. You can set a default vault and/or collection, which is nice for work vs. personal environments. Link to comment
dood Posted February 20 Share Posted February 20 Very cool, thanks for those details! Look forward to giving it a try! Link to comment
dood Posted February 21 Share Posted February 21 After entering my e-mail and password, the verification email doesn't appear to get sent out. Based on my experience with the other workflow, I think this may be related to the server URL. Would it be possible to allow the user to specify a server URL? (e.g. https://vault.bitwarden.eu) Link to comment
Andy Rosen Posted February 21 Author Share Posted February 21 I'll certainly look into it. I'm assuming you already set the Two-step login method to email . It did work for me, but I'm in the US. Thanks! Link to comment
Andy Rosen Posted February 22 Author Share Posted February 22 (edited) On 2/21/2024 at 6:39 AM, dood said: After entering my e-mail and password, the verification email doesn't appear to get sent out. Based on my experience with the other workflow, I think this may be related to the server URL. Would it be possible to allow the user to specify a server URL? (e.g. https://vault.bitwarden.eu) I've implemented the changes in version 1.2.0. Sadly it seems that logging into bitwarden.eu with the CLI is completely broken. You might still want to try it. Maybe it fails if you're not in the EU? I created a separate Bitwarden account in EU. I can login using the desktop app and the web vault. I cannot login using the CLI, no matter what two-step method I use. I tested email and authenticator app. Even with no two-step method the login fails. The other workflow has the same problem. It gets the same response from Bitwarden (with a bonus error message that the `punycode` module is deprecated). Edited February 22 by Andy Rosen Download link points to new release Link to comment
Andy Rosen Posted March 4 Author Share Posted March 4 I've just released version 2.0.0. This introduces an Auto Sync option, which installs a Launch Agent that automatically syncs your vault every Sync Interval minutes. It also fixes a bug where you're already logged into Bitwarden when the workflow tries to login to Bitwarden. Link to comment
dood Posted March 7 Share Posted March 7 Hi @Andy Rosen, happy to report that I was able to use the workflow with the Bitwarden Client ID and Secret (and without needing to set a different Server URL). On my machine at least, this workflow retrieves passwords much faster than the other one – great work! The only thing I'm not sure about is the browser integration – that section of the workflow doesn't seem to have any impact on the order of results that appear, etc. Link to comment
Andy Rosen Posted March 7 Author Share Posted March 7 Glad to hear it's working for you! Is your browser the front-most app? Browser matches use the browser's icon instead of Bitwarden's. And it does not check the browser if you start entering a search term. Link to comment
dood Posted March 8 Share Posted March 8 Ooh, I figured it out – I set up a hotkey that executed self.list rather than self.search. Very cool! Link to comment
dood Posted March 8 Share Posted March 8 @Andy Rosen Would it be possible to add different behavior/options for credit cards? For instance, to be able to copy the credit card number upon hitting Return, or being able to view fields such as expiration month and year and CVV in the workflow itself? Link to comment
Andy Rosen Posted March 8 Author Share Posted March 8 @dood Yes! I'm actually working on changes to automatically Show all fields for credit cards and identities. I'd love to automatically copy different fields into the clipboard once others have been pasted. Eg., username, password, then TOTP code, or card number, expiration, then cvv. But I'm not aware of any way to know when the clipboard is is pasted. Once I'm done with this change, I'm thinking of defaulting to the "next" field if the workflow is called very shortly after the previous call. Link to comment
dood Posted March 8 Share Posted March 8 Interesting idea! The Show all fields option sounds great, especially for when I know certain fields by heart and as a result won't need to rely on the automatic copying function. Link to comment
Andy Rosen Posted March 9 Author Share Posted March 9 Version 2.1.0 Download link Secure notes always copy the note to the clipboard. Cards and Identities will always Show all fields The auto-sync Launch Agent has been renamed to bwa-sync to make it easier to identify in System Settings. There is now a "hidden" debug option. Setting the workflow's DEBUG environment variable to 1 will write basic log information in the cache directory. Link to comment
Andy Rosen Posted March 15 Author Share Posted March 15 Version 3.0.0 Download link Add "automatic field rotation". If an item is selected twice within 15 seconds, copy the TOTP code to the clipboard instead of the password. Important bug fix in the path to bwa-sync as defined in the Launch Agent Link to comment
Andy Rosen Posted March 19 Author Share Posted March 19 Version 3.0.1 Download link Just a simple bug fix, create ~/Library/LaunchAgents/ if it doesn't exist I did move the workflow to its own repository, and planning to separate other workflows as well. Link to comment
Andy Rosen Posted March 23 Author Share Posted March 23 Version 3.1.0 Download link Recently selected item is listed first This makes copying multiple fields from the same item even easier. Link to comment
Andy Rosen Posted March 30 Author Share Posted March 30 Version 3.1.1 Download link Bug fix in "last item" processing. I hate bugs. I just really hate them. Link to comment
Andy Rosen Posted April 6 Author Share Posted April 6 Version 3.2.0 Download link Add support for Ghost Browser Link to comment
lmrdaddy Posted April 21 Share Posted April 21 (edited) I hope it's okay to barge in, I just found out about this workflow: Everyone using this WF should be aware that it's based on "bw serve" which is not suited for a multi user machine. This is not a problem of the workflow itself but rather a problem of the used BW cli which allows full access to a BW account via its HTTP API without asking for any authorization whatsoever, once the server is started. Yes, it's only accessible from the local machine so it might be ok if you're willing to accept the risk (I don't because you're still exposing your secrets to everything that somehow manages to talk to localhost) if you're the only user using that machine, but if not, you should be aware of that. Again, this is not a problem of the workflow, but still, I can't believe this API even exists. Edited April 21 by lmrdaddy formatting Link to comment
Andy Rosen Posted April 21 Author Share Posted April 21 You are correct, this workflow is based on bw serve, and I agree that its security model is...interesting. But I feel it's the best option for an Alfred workflow. The CLI itself is unacceptably slow without caching the results. On my MacBook Air (M1 2020) it takes at least 3 seconds to execute bw list items. $ time bw list items > /dev/null 1.063u 0.181s 0:03.16t 39.2% Even bw get item <id> takes 3 seconds. So there has to be something that keeps it all in RAM. Doing that myself might have better security than bw serve if properly implemented. I prefer not to take on that responsibility. And I'm not even sure security could be improved that much. I'm not aware of any macOS primitives that could address the biggest weakness (the TCP socket open to any user/process). I do wish bw serve could at least implement Master password re-prompt. Link to comment
Andy Rosen Posted Thursday at 07:18 PM Author Share Posted Thursday at 07:18 PM Version 4.0.0 Download link View an item's fields directly within the workflow. Use either command+option or as a Universal Action. Select the field to copy its value to the clipboard. Thanks to @blacs30 for describing this use case Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now