Feature request: lock vault after a (configurable) timeout

[wollew]

Hi, would it be possible to lock the bitwarden vault after a configurable timeout. I do not really like the token being in memory basically forever, at least if I don't lock on demand.

[wollew]

So, I solved this by using Hammerspoon to trigger this workflow's lock code as soon as the screen is locked, works perfectly well for me, even better than a fixed timeout.
BTW, in order to do this I dug into the code a little bit further and realized the token is actually stored in the Keychain, nice!

[blacs30]

Thanks a lot for your feedback @wollew
Would you mind sharing the lua script you wrote so we all could benefit from this?
I could use it as a current workaround. Currently I wouldn't know exactly how to achieve the lock - possibly via LaunchAgent to trigger the workflow binary to lock Bitwarden.

[wollew]

Sure. I created a new Spoon, until I manage to clean it up and create a merge request, you'll find it here:
https://github.com/wollew/Spoons/blob/master/Source/OnLockUnlock.spoon

My hammerspoon init.lua contains this code:

hs.loadSpoon("OnLockUnlock")
spoon.OnLockUnlock.OnLockAppleScript = 'tell application id "com.runningwithcrayons.Alfred" to run trigger "auth" in workflow "com.lisowski-development.alfred.bitwarden" with argument "-lock"'
spoon.OnLockUnlock:start()

EDIT: I also had to add the "Inbound Configuration" named "auth" to the bash script running ./bitwarden-alfred-workflow in this workflow for this to work. Now that I know the token's stored in the keychain, I could probably just delete it directly via Applescript instead of going through the workflow.

[steveoh]

last pass had this setting in the fork, can we crib the code from there? At a minimum the log out when the machine restarts.

[blacs30]

Yes I have it definitely planned. It's a very valid point.
I think I might first look at a way to use the local LaunchAgent for this.

[blacs30]

This features got implemented by version 2.3.0 please feel free to reopen this issue in case of problems with it

[wollew]

Thank you for implementing this feature, I just tried it but it did not work for me OOTB. After doing some debugging I think the problem is in bw_auto_lock.sh which assumes there is a binary named bitwarden-alfred-workflow although my workflow directory only has bitwarden-alfred-workflow-arm64 and bitwarden-alfred-workflow-amd64. I created a symlink to (in my case) the amd64 version, after that everything works fine.

(I cannot reopen this issue because github doesn't allow this if a repo owner closes an issue).

[blacs30]

Thank you @wollew I noticed the same but didn't have time to debug (I tested before with the old version I guess which didn't have separate binaries). This explains the error 127 which launchctl did report.
It is also affecting the auto update.
I will soon fix that.