Skip to content

Latest commit

 

History

History
108 lines (84 loc) · 4.23 KB

README.org

File metadata and controls

108 lines (84 loc) · 4.23 KB

README

Emacs Bitwarden

A Bitwarden command wrapper for Emacs.

Installation

To use this package you will need the Bitwarden CLI.

Automatic unlock

Bitwarden has a concept of locking which is different from logging in. For two-factor authentication, this means that only logging in will require your 2fa token.

As a convenience, you can store your master password in your OS keychain and use the bitwarden-automatic-unlock variable. For example, to temporarily set the auth-source to the macos keychain and then query that,

(setq bitwarden-automatic-unlock
      (let* ((auth-sources '(macos-keychain-internet))
             (matches (auth-source-search :user "sean@farley.io"
                                          :host "bitwarden.farley.in"
                                          :require '(:secret)
                                          :max 1))
             (entry (nth 0 matches)))
        (plist-get entry :secret)))

If your bitwarden store is kept on bitwarden servers (as opposed to hosting your own server), you may find that the above approach does not work and gives a Symbol’s value as variable is void: print-message error. This may be due to a recent change in bitwarden login procedures which require the use of an API application key. To check if this is indeed the problem try logging in from the command line with bw login [username] 'password' if you are prompted for an API key then the following instructions may resolve your problem.

Login to the bitwarden web interface, login to your vault, go to the settings tab and scroll down to the API Key section. Follow the instructions to setup your API key. You will need both your client_id and your client_secret. Then add to your init.el configuration two functions bitwarden-api-client-id and bitwarden-api-client-secret which have the same specification format as bitwarden-automatic-unlock. Here is an example emacs configuration,

(setq bitwarden-api-secret-key
      (plist-get (car (auth-source-search :host "bitwarden.key"))
                 :secret))
(setq bitwarden-api-client-id
      (plist-get (car (auth-source-search :host "bitwarden.id"))
                 :secret))

For those using authinfo.gpg, these two lines have the form,

machine bitwarden.key login YYY password XXX machine bitwarden.id login YYY password XXX

auth-source

There is read-only support for auth-source as well. You can run bitwarden-auth-source-enable to enable it. For example,

(auth-source-search :host "github.com")

will return all logins that match github.com.

async support

For certain emacs tasks (e.g. github modeline), emacs will run the process asynchronously which means a new emacs process. For this reason, this bitwarden wrapper will need to be a macro so that the session is preserved. Here is an one such way to do that:

(defmacro smf/bitwarden-init ()
  "Needs to be a macro due to async.

Async doesn't load your entire config (for performance reasons)
so this needs to be a macro and added to async hooks."
  `(progn
     (require 'bitwarden nil t)
     (setq bitwarden-user "sean@farley.io"

           bitwarden-automatic-unlock (let* ((auth-sources
                                              '(macos-keychain-internet))
                                             (matches (auth-source-search
                                                       :user "sean@farley.io"
                                                       :host "bitwarden.farley.io"
                                                       :require '(:secret)
                                                       :max 1))
                                             (entry (nth 0 matches)))
                                        (plist-get entry :secret)))
     (bitwarden-auth-source-enable)))

And then add it to async hooks as such,

(add-hook 'doom-modeline-before-github-fetch-notification-hook
          (lambda () (smf/bitwarden-init)))"