Keyring backend reading password data from Bitwarden
Project description
Bitwarden Keyring
Implementation of the Keyring backend code reading secrets from Bitwarden using Bitwarden-cli
Overview
The Keyring python package provides a handy single point of entry for any secret holding system, allowing for seemless integration of those systems into applications needing secrets, like twine.
This projects implement Keyring to be able to read secrets from Bitwarden, an open source multiplatform cloud/self-hostable password manager.
This backend assumes that it will be used in the context of a CLI application, and that it can communicate with the user using sdtin, stdout and stderr. We could implement an additional backend for use in a library assuming that everything is already unlocked, or another one using pinentry to ask the user.
Disclamer
There's currently a solved bug in Twine that's keeping keyring and thus this lib from being used. If you plan to use this for Twine, either wait for a twine release or install from master:
pip install git+https://github.com/pypa/twine
Requirements
This project uses the official bitwarden CLI under the hood, because there's no simple official Python bitwarden lib. Here are the installation instructions as of October 2018 and the link to the up to date instructions
You can install the Bitwarden CLI multiple different ways:
NPM
If you already have the Node.js runtime installed on your system, you can install the CLI using NPM. NPM makes it easy to keep your installation updated and should be the preferred installation method if you are already using Node.js.
npm install -g @bitwarden/cli
Native Executable
Natively packaged versions of the CLI are provided for each platform which have no requirements on installing the Node.js runtime. You can obtain these from the downloads section in the Bitwarden documentation.
Other Package Managers
- Chocolatey
choco install bitwarden-cli
- Homebrew
brew install bitwarden-cli
- Snap
sudo snap install bw
Installation and configuration
pip install bitwarden-keyring
The Python packaging ecosystem can be quite a mess.
Because of this, it's likely that your setup and my setup are nothing alike. Keyring supports a configuration file with an option allowing to explicitely define the path to a backend. You may need that for your installation, or maybe not.
Usage
Use as a normal keyring backend. It is installed with priority 10 so it's likely going to be selected first.
If you want to use it with twine, good news, you're already set. Just make sure that this package is installed in the same location as twine.
bitwarden-keyring will automatically ask for credentials when needed. If you don't want to unlock your vault every time, export the vault session to your environment (use bw unlock and follow the instructions, or launch export BW_SESSION=$(bw unlock --raw)).
Caveats
bitwarden-keyring will try to select an appropriate credential based on the given service name, but as of now, it can't use the normal bitwarden url match mechanism. This is likely to change when bitwarden releases a new version of the CLI thanks to this issue.
In order to know if one needs to login or just unlock the vault, bitwarden-keyring reads the internal datastore of bitwarden-cli, so as any private API, it may change without notice.
bitwarden-keyring was only tested with:
- macOS, using the
bitwarden-clifrombrew - ubuntu, using the
bwfromsnap
As mentionned, bitwarden-keyring only works in the context of a CLI application with access to standard inputs and output. If you need something that either reads silently or using another method of communication, the best is probably to make another backend and most of the functions ca be reused.
Licensing
bitwarden-keyring is published under the terms of the MIT License.
The name Bitwarden is most probably the property of 8bit Solutions LLC.
Contributions and Code of Conduct
Contributions are welcome, please refer to the Contributing guide. Please keep in mind that all interactions with the project are required to follow the Code of Conduct.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file bitwarden-keyring-0.2.1.tar.gz.
File metadata
- Download URL: bitwarden-keyring-0.2.1.tar.gz
- Upload date:
- Size: 6.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.2 pkginfo/1.4.2 requests/2.20.0 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f85d2f950989cb2f0ce41b04c84d14c38aaac6331a153bb6b55da39212a8e7b5 |
|
| MD5 | 88d93b5f4fedd64a7d27d53388f3ca3c |
|
| BLAKE2b-256 | 188dc223f43df1b25f8588a242b7f3ecd90ad632b35bcf1554a9b74b0153d7f5 |
File details
Details for the file bitwarden_keyring-0.2.1-py2.py3-none-any.whl.
File metadata
- Download URL: bitwarden_keyring-0.2.1-py2.py3-none-any.whl
- Upload date:
- Size: 7.4 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.2 pkginfo/1.4.2 requests/2.20.0 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/3.6.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 002ce48da21fc0305348e553f3a50c48bb078c812b6be38190b303a1aaf59e4b |
|
| MD5 | d460698a637b0e518855605a22b6f287 |
|
| BLAKE2b-256 | 4ce42e4128f58f2a7a25847b42994a2df7e9658d57aa5466f1974a9ef0c58fea |
