doy / rbw Goto Github PK
View Code? Open in Web Editor NEWunofficial bitwarden cli
Home Page: https://git.tozt.net/rbw
License: Other
unofficial bitwarden cli
Home Page: https://git.tozt.net/rbw
License: Other
If the user does not respond to the PIN entry prompt within the timeout (default 60 seconds), rbw
prints the following:
failed to parse pinentry output ("S ERROR gtk2.? 83886142 \nERR 83886142 Timeout <Pinentry>\n\u{0}…
The \u{0}
sequence then repeats 4038 more times.
This happens for both pinentry-gtk
and pinentry-curses
.
I was having issues accessing my passwords with rbw, I decided to rbw purge
and resync, but I'm still having a problem synchronizing the database:
$ rbw sync
rbw sync: failed to sync database from server: failed to parse JSON: Ciphers[16].PasswordHistory[0].Password: invalid type: null, expected a string at line 1 column 40928: invalid type: null, expected a string at line 1 column 40928
Seems like a trivial enough fix, but I have no idea how to dump said JSON to figure out why it's not correctly formed.
Since it seems to be the PasswordHistory
that's having issues I tried purging the history and even regenerating new entries but it still fails.
I'm running v1.1.2
It's fairly simple to reproduce:
Using the desktop app create a new entry without password.
Sync rbw and attempt to edit the password using rbw edit
on the entry.
You can now see that in the desktop app you have an history entry without password:
To make matters worse, rbw now errors out when attempting to access the vault because it can't deal with empty passwords (see #50).
There is a cross-platform rust crate called keyring
that uses the running platforms secure password storage mechanism to store and access passwords. I'd love to add support for this in rbw. We can make it an optional feature, that you can opt in to with rbw config
.
I have an initial pass at cutting it in in a branch.
It seems that rbw doesn't include a trailing zero in its code
subcommand output.rbw code <name>
returns, for example 17368
, if the expected code is 017368
, and presumably would even return a two digit code if there were four trailing zeros. This is a problem because most applications won't accept an auth code with less than 6 digits, leaving the user to type the trailing zeros manually.
Is this as expected?
time rbw get --full "<password name>" 0.26s user 1.84s system 94% cpu 2.224 total
This is on a core i7 2020 Macbook Pro
Hello,
I use EDITOR
as well as VISUAL
environment variables:
EDITOR=ed
VISUAL=vi
Both have their uses and mean different things. Most command line tools use VISUAL
and only fall back to EDITOR
if the former is either empty or not set, in the following order: VISUAL
-> EDITOR
-> vi
, i.e.: ${VISUAL:-${EDITOR:-vi}}
.
It would be great if a visual editor, i.e vi(1)
, could be used while editing entries using rbw edit ...
lastpass-cli
had the same issue a while back ;^)
e.g.
rbw get entry -c
Copies the password of 'entry' to the clipboard.
Greetings!
Hello!
I'm having trouble logging using private server (bitwarden_rs) and Yubikey. After entering password I'm getting:
$ rbw unlock
rbw unlock: TODO
The same for sync or ls.
Version (AUR rbw-git):
$ rbw --version
rbw 0.4.2
I had trouble login in with my password, I kept getting "Invalid password" from pinentry
.
I noticed a GETPIN
in pinentry returns %25
for the %
character, I believe this may not be taken into account in rbw
and that's probably why I couldn't log in. After using a password without the %
character, I logged in successfully.
Hello,
After configuring my account email:
$ rbw config set email [email protected]
and running:
$ rbw login
I get the below error message:
rbw login: failed to log in to bitwarden instance: unimplemented cipherstring type: 0
This is using Bitwarden official cloud server. Web logon obviously works just fine.
What's odd is that, despite logon failing, I get confirmation emails to the contrary:
Subject: New Device Logged In From [...]
I get exactly the same error on OpenBSD with the official port/package (version 0.5.2) as well as on macOS Catalina (10.15.7) after running cargo install rbw
(version 1.0.0).
I'm getting the following error when executing rbw unlock
:
rbw unlock: failed to unlock database: unimplemented cipherstring type: 6
Looks like maybe it's some functionality that's not yet implemented? I'm willing to help debug if needed but I'm not familiar with rust so I will need some assistance.
As far as I can tell, the only way to change a password for an existing item in the vault is to launch a text editor. It would be useful if there were a way to, e.g. read a new password from standard input.
I created a script that uses rbw
as a git-credential helper.
I thought others may find this useful and suggest adding it to README.md
https://gist.github.com/mikeboiko/58ab730afd65bca0a125bc12b6f4670d
For automation purposes, it would be nice if there were a way to check if the vault needs to be unlocked. Calling rbw unlock
unconditionally is an option in some cases, it might not be in others. If the vault is locked, the pinentry dialog will appear, blocking the script from continuing until the user either cancels it or enters the master password.
Besides being able to get passwords based on entry name and username, I think that it would be very useful to enable finding passwords based on the URI-fields. This could be used for integration with userscripts in browsers such as qutebrowser.
Possibly this could be implemented with a --uri
flag to the get
command, or simply by searching by URI in case of no match by name.
I prefer using VISUAL='vim --remote-wait-silent'
, so that editing files with $VISUAL happen in my existing session. However, rbw does not split environment variables to run commands, resulting in:
$ rbw edit DEMO
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/edit.rs:44:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
On Arch Linux, /usr/bin/pinentry
looks like so:
#!/bin/sh
test -e /usr/lib/libgtk-x11-2.0.so.0 && exec /usr/bin/pinentry-gtk-2 "$@"
exec /usr/bin/pinentry-curses "$@"
If this runs on a system with a desktop environment installed, it will always try to run the graphical pinentry program. This will happen even if I'm SSH'd into the system.
GnuPG has a roundabout way of forcing use of the CLI for pinentry, by setting GPG_TTY=$(tty)
. I'm not sure of exactly how this logic works, but it does seem to work reliably. It would be ideal if rbw
had a similar mechanism.
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', /home/kkga/.cargo/registry/src/github.com-1ecc6299db9ec823/rbw-1.2.0/src/edit.rs:44:10
I've tried setting different values for the EDITOR
variable, but it seems to have no effect.
When I run rbw sync
I get the following error:
rbw sync: failed to sync database from server: failed to parse JSON: .: missing field `access_token` at line 1 column 25: missing field `access_token` at line 1 column 25
I have some Entries which have Spaces in their name, e.g. "Atlassian (Privat)". When I try to get that Entry by executing rbw get "Atlassian (Privat)"
, rbw seems to ignore the Quotes and use the String as two arguments (Item Name and Folder) and yields the following result:
rbw get: couldn't find entry for '(Privat)@Atlassian': no entry found
My current workaround for those entries is to use the UUID but at the moment this does not work with the Rofi script I am using for accessing Bitwarden.
On Termux /tmp
is not writable - which leads to the following error:
$ rbw login
failed to daemonize: failed to create directory at /tmp/rbw-10147: Read-only file system (os error 30)
rbw login: failed to run rbw-agent: exit code: 1
Instead of assuming that /tmp
is accessible it'd make sense to read the value of TMPDIR
.
That being said, thanks for creating this!
I'd like to help add automated build and "deployment" support to rbw if there is interest in getting that contribution.
I'd like to suggest the following process:
cargo release
I have an example of this in place already for my otpcli tool that we could use as a starting point if that makes sense @doy?
Hi, I've a problem during login.
Version:
rbw --version rbw 0.5.0
Config file:
{ "email":"[email protected]", "base_url":null, "identity_url":null, "lock_timeout":3600 }
Command:
rbw login
Error:
rbw login: failed to log in to bitwarden instance: failed to parse JSON: TwoFactorProviders[0]: invalid type: string "0", expected u32 at line 1 column 93: invalid type: string "0", expected u32 at line 1 column 93
I use Authy as 2FA provider
I would like to use jq
to manipulate my vault in the same way I did with the official bw client. So, I would like to see a -j
--json
option to list
and get
, to output in the same format bw
does.
Hello,
After installing the latest version with cargo install rbw
on macOS 10.14, I get this:
$ rbw --version
rbw 1.1.0
$ rbw login
rbw-agent: Unable to disable PTRACE_ATTACH on this platform: not implemented. Agent memory may be dumpable by other processes.
rbw login: failed to run rbw-agent: exit code: 1
Looks like a possible fall-out from #42.
My config looks this way
{
"email": "@.com",
"base_url": null,
"identity_url": null,
"lock_timeout": 3600,
"pinentry": "pinentry"
}
When I try login with "rbw login" it returns:
rbw login: failed to log in to bitwarden instance: failed to parse JSON: .: expected value at line 1 column 1: expected value at line 1 column 1
I checked agent out/err files, both are empty.
rbw version is 1.2.0 installed on Ubuntu 20.04 from deb package. I googled a bit about Bitwarden Public API and failed to find any mention about email/password authentication, but rather client_id/key. I wonder if they changed the authentication recently?
When I run get --full
I would expect to see everything stored against that item, at the moment several pieces of info are missing:
Many sites provide TOTP secrets chunked by spaces. One example is Google. When I try to use rbw code
on entries in my vault for those sites, I get the following error:
rbw code: totp secret was not valid base32
I believe this could be solved by just stripping all spaces from the TOTP secret strings.
Hello,
I just noticed that the length of a generated password is not respected and is limited depending on what option has been used, i.e.:
--no-symbols
--nonconfusables
--only-numbers
Attached is an output of:
for i in $(jot 100)
do
echo $i characters
rbw gen $i | wc -m
rbw gen $i --no-symbols | wc -m
rbw gen $i --nonconfusables | wc -m
rbw gen $i --only-numbers | wc -m
done > rbw-pass
GNU coreutils users will need to replace jot(1)
with seq(1)
. The results are off by one due to newline character being present and counted.
Also, while we're at it, options are doubled on error, i.e.:
$ rbw gen --only-numbers
error: The following required arguments were not provided:
<len>
USAGE:
rbw generate <len> <--no-symbols|--only-numbers|--nonconfusables|--diceware|--no-symbols|--only-numbers|--nonconfusables|--diceware>
For more information try --help
If the XDG_RUNTIME_DIRECTORY
environment variable is not set (many non-systemd Linux distributions do not use this), rbw
panics:
% RUST_BACKTRACE=1 rbw config set base_url 'redacted'
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', /home/dustin/.cargo/registry/src/github.com-1ecc6299db9ec823/rbw-0.4.0/src/dirs.rs:65:5
stack backtrace:
0: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
1: core::fmt::write
2: std::io::Write::write_fmt
3: std::panicking::default_hook::{{closure}}
4: std::panicking::default_hook
5: std::panicking::rust_panic_with_hook
6: rust_begin_unwind
7: core::panicking::panic_fmt
8: core::panicking::panic
9: rbw::dirs::runtime_dir
10: rbw::dirs::socket_file
11: rbw::actions::quit
12: rbw::commands::config_set
13: rbw::main
14: std::rt::lang_start::{{closure}}
15: std::panicking::try::do_call
16: __rust_maybe_catch_panic
17: std::rt::lang_start_internal
18: main
19: __libc_start_main
20: _start
When I use rbw edit
to change the password for an item in my vault, all of URLs associated with that item get their match detection setting reset to default.
I'd like to request a GTK UI integration with rbw-agent. It seems like a great addition to this tool.
Anyway, would this be a consideration? Seems like you've done a majority of code, so writing a GTK based client that uses the same mechanism you setup for with the agent and all, might be good in.
I'd love to help as well, though I've never written Rust code, or GTK code, so may need some guidance. I tried to write something initially, so I could just raise PR, but I got dizzy trying to understand Rust.
It's indirectly related to rbw
, but it would be really good to have autocompletion in the most used shells, at least bash
and zsh
.
If someone is motivated/interested in doing this, please do so.
It really is a must have in my opinion, and I unfortunately don't have (yet) the skills needed to implement this in these respective programs.
Either enabling the wiki or adding a contrib/
directory where people could share their rbw integrations would be nice.
As an example, here is a little wrapper script I modified to work with rbw and such.
#!/bin/bash
# Wayland copy bitwarden passwords to paste once
set -eu
rbw unlocked || rbw unlock
set -o pipefail
wl-copy --paste-once "$(rbw-fzf)"
rbw get: couldn't find entry for 'Google': multiple entries found
I don't mind making the names unique, just asking.
It would be nice to have a type field in rbw list, which should be one of:
Adding TOTP support could be nice in two cases:
rbw code <name> [<user>]
I have a rust crate that could be used as a starting point for both — otpcli
— but there are many others as well.
I am using successfully gpg on a server without any X server, so I know that pinentry-tty can work.
However, using rbw 0.3.4, I have the following output:
> rbw sync
rbw sync: failed to read password from pinentry: failed to parse pinentry output ("Log in to vault.example.com\nMaster Password: \u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}
[Many more zeroes]
I strace'd the agent, and it seems that pinentry is fed with the correct input. However, I don't know if pinentry-tty can find my current tty from rbw-agent from an ssh session.
Did I missed something?
I'm not totally sure how rust even compiles/links binaries, but I just noticed that on a fresh install of the *.deb
release, I get the following:
rbw: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by rbw)
I'm assuming this means rbw
was built against glibc 2.33, and since I only have 2.31, it's failing at runtime?
❯ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
❯ dpkg -l | grep libc6
ii libc6:amd64 2.31-0ubuntu9.2 amd64 GNU C Library: Shared libraries
ii libc6:i386 2.31-0ubuntu9.2 i386 GNU C Library: Shared libraries
ii libc6-dbg:amd64 2.31-0ubuntu9.2 amd64 GNU C Library: detached debugging symbols
ii libc6-dev:amd64 2.31-0ubuntu9.2 amd64 GNU C Library: Development Libraries and Header Files
With any rbw
command that seems to interact with the backend, I get the above error, for example rbw login
:
rbw login: failed to parse message from agent: EOF while parsing a value at line 1 column 0
Is there a way to get more verbose output?
My rbw config show
:
{
"email": "[email protected]",
"base_url": null,
"identity_url": null,
"lock_timeout": 3600
}
I'm running on 0.5.2
Currently, three SUBCOMMANDS
have aliases and all the aliases are doubled when help information is printed:
$ rbw -h | grep aliases
generate Generate a new password [aliases: gen, gen]
list List all entries in the local Bitwarden database [aliases: ls, ls]
remove Remove a given entry [aliases: rm, rm]
Also, if there's only one, it should obviously read alias.
Would you consider adding a command line flag that allows users to select an alternative config.json instead of the default one?
As it takes some time to save an entry, it would be nice if rbw edit
detected when the contents of the file haven't changed and doesn't need to save.
Hello there,
I just configured the client using the configure command.
When attempting to login (prompted for my master password), I receive:
❯ rbw login
rbw login: failed to log in to bitwarden instance: failed to parse JSON: .: missing field `ErrorModel` at line 1 column 126: missing field `ErrorModel` at line 1 column 126
So I had a look around my system for this son file and found it at ~/.config/rbw/config.json
When looking in there, I had found:
{
"email": "[email protected]",
"base_url": null,
"identity_url": null,
"lock_timeout": 3600
}
From the docs, I can gather that the URLs are ok to be null and will default to the BW servers.
❯ rbw --version
rbw 0.3.5
❯ cat /etc/lsb-release
───────┬──────────────────────────────────────────────────────────────────────────────────────────
│ File: /etc/lsb-release
───────┼──────────────────────────────────────────────────────────────────────────────────────────
1 │ DISTRIB_ID=Ubuntu
2 │ DISTRIB_RELEASE=20.04
3 │ DISTRIB_CODENAME=focal
4 │ DISTRIB_DESCRIPTION="Ubuntu 20.04 LTS"
───────┴──────────────────────────────────────────────────────────────────────────────────────────
Any suggestions?
My TOTP Secret
field contains otpauth://totp/Aarhus%20Universitet%3Aau522953%40uni.au.dk?secret=xxxxxxxxxxxxxxxx&issuer=Microsoft
and the bitwarden browser extension can correctly parse this and extract the secret.
It would be nice if rbw could do the same.
Hello,
The behaviour of gen
, login
, and sync
seems counter-intuitive
to what's described in the README
:
Usage
Commands can generally be used directly, and will handle logging in or
unlocking as necessary. For instance, runningrbw ls
will unlock the password
database before generating the list of entries (but will not attempt to log in
to the server),rbw sync
will log in to the server before downloading the
password database (but will not unlock the database), andrbw generate
will
do both.
However, neither gen
, login
, nor sync
prompt for the password -
only ls
does:
$ rbw gen 64 # generates 64-character password
[...]
$ rbw login # seemingly, nothing happens - returns to prompt
$ rbw sync # seemingly, nothing happens - returns to prompt
$ rbw ls # as expected, prompts for password and lists all entries
[...]
This is most likely me not fully understanding what happens behind
the scenes but, at least to a layman, this seems counter-intuitive.
According to the descritpion, one would expect both login
and
sync
to prompt for a password, no? Also, why would gen
do both?
Why would it do either? Isn't it supposed to just generate a
password?
Also, ls
does display an entry newly added via the web browser
add-on shortly before running the above test so it seems like it
is doing a sync, no?
I'd appreciate if you could explain in a bit more detail what
individual commands actually do behind the scenes :^)
Ta!
Hi,
thanks for this tool. I have two instances of bitwarden (through bitwarden-rs) that I use frequently (personal and work). Is there a way to switch between accounts in rbw? Maybe like running two agents and passing an environment variable or option to rbw to chose the right one?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.