OmiVault Desktop

Aggregates desktop/personal vault providers for omnivault.

Overview

This module bundles vault providers for personal password managers, enabling applications using omnivault.VaultFromURI() to access credentials stored in desktop vaults with a single import.

┌────────────────────────────────────────────────────────────────┐
│                        Applications                            │
│  ┌─────────────┐  ┌─────────────┐  ┌──────────────────┐        │
│  │ mcp-google  │  │  mcp-aha    │  │  mcp-confluence  │        │
│  └──────┬──────┘  └──────┬──────┘  └─────────┬────────┘        │
│         └────────────────┼───────────────────┘                 │
│                          │                                     │
│              ┌───────────▼───────────┐                         │
│              │  omnivault-desktop    │ ← Single import for     │
│              │  (this module)        │   all desktop vaults    │
│              └───────────┬───────────┘                         │
└──────────────────────────┼─────────────────────────────────────┘
                           │
          ┌────────────────┴────────────────┐
          │                                 │
   ┌──────▼───────┐                  ┌──────▼──────┐
   │    omni-     │                  │    omni-    │
   │ onepassword  │                  │  bitwarden  │
   └──────┬───────┘                  └──────┬──────┘
          │                                 │
          └────────────────┬────────────────┘
                           │
              ┌────────────▼────────────┐
              │      omnivault          │ ← Core interfaces
              └─────────────────────────┘

Installation

go get github.com/plexusone/omnivault-desktop

Usage

Import this package for side effects to register all desktop vault providers:

import (
    "github.com/plexusone/omnivault"
    _ "github.com/plexusone/omnivault-desktop"
)

func main() {
    // 1Password: op:// URIs work automatically
    v, err := omnivault.VaultFromURI("op://MyVault")
    if err != nil {
        log.Fatal(err)
    }
    secret, err := v.Get(ctx, "credentials/my-api-key")

    // Bitwarden: bw:// URIs work automatically
    v2, err := omnivault.VaultFromURI("bw://org-id/my-secret")
    if err != nil {
        log.Fatal(err)
    }
    secret2, err := v2.Get(ctx, "my-secret")
    // ...
}

Supported Vault Providers

Provider	URI Scheme	Module	SDK
1Password	op://	omni-onepassword	1password-sdk-go
Bitwarden	bw://	omni-bitwarden	bitwarden/sdk-go

Environment Variables

1Password

Variable	Required	Description
OP_SERVICE_ACCOUNT_TOKEN	Yes	Service account token (starts with ops_)

Create a service account at: https://my.1password.com/developer-tools/infrastructure-secrets/serviceaccount/

Bitwarden

Variable	Required	Description
BW_ACCESS_TOKEN	Yes	Access token for authentication
BW_ORGANIZATION_ID	Yes*	Default organization ID (*can be in URI path)
BW_API_URL	No	Custom API URL (for self-hosted)
BW_IDENTITY_URL	No	Custom Identity URL (for self-hosted)

Create an access token at: https://bitwarden.com/help/access-tokens/

URI Formats

1Password

URI Format	Example	Description
op://vault	op://Private	Access vault by name
op://vault/item	op://Private/API Keys	Access item in vault
op://vault/item/field	op://Private/API Keys/password	Access specific field

Bitwarden

URI Format	Example	Description
bw://org-id	bw://abc123-def456	Organization vault
bw://org-id/secret	bw://abc123/my-api-key	Secret in organization

Path Formats

After obtaining a vault with VaultFromURI(), use these path formats with vault.Get():

1Password Paths

Format	Example	Description
vault/item	Private/API Keys	Item in vault
vault/item/field	Private/DB Creds/password	Specific field

Bitwarden Paths

Format	Example	Description
secret-key	my-api-key	Secret by key (uses default org)
secret-key/field	my-api-key/note	Specific field (value, key, note)
org-id/secret-key	abc123/my-api-key	Secret in specific org

Provider Capabilities

Capability	1Password	Bitwarden
Read	Yes	Yes
Write	Yes	Yes
Delete	Yes	Yes
List	Yes	Yes
Multi-Field	Yes	Yes
Batch	Yes	Yes
Binary/Attachments	Yes	No

Example: MCP Server Configuration

When using with MCP servers like mcp-confluence, mcp-aha, or mcp-google:

With 1Password

export OP_SERVICE_ACCOUNT_TOKEN="ops_..."
export OMNITOKEN_VAULT_URI="op://MyVault"
export OMNITOKEN_CREDENTIALS_NAME="confluence"
mcp-confluence --base-url https://example.atlassian.net/wiki

With Bitwarden

export BW_ACCESS_TOKEN="..."
export BW_ORGANIZATION_ID="..."
export OMNITOKEN_VAULT_URI="bw://org-id"
export OMNITOKEN_CREDENTIALS_NAME="confluence"
mcp-confluence --base-url https://example.atlassian.net/wiki

Why This Module?

This module exists to:

1. Minimize code duplication - Applications import one package instead of individual provider register packages
2. Keep dependencies explicit - Desktop vault SDKs are heavy; this module isolates them from lightweight packages like omnitoken
3. Separate desktop from server vaults - Server-side vaults (HashiCorp Vault, AWS Secrets Manager) can be imported individually for applications that need them

Architecture

• omnivault - Lightweight core with interfaces, registry, and built-in providers (memory, file, env)
• omnivault-desktop - Aggregates desktop vault providers (this module)
• omnitoken - Generic credential manager, depends only on omnivault interfaces
• omni-onepassword - Standalone 1Password provider
• omni-bitwarden - Standalone Bitwarden provider

Applications that need desktop vault support import omnivault-desktop. Applications that need server-side vaults import those providers individually.

Related Packages

Package	Description
omnivault	Core vault interfaces and registry
omnitoken	Credential management with vault storage
omni-onepassword	1Password provider
omni-bitwarden	Bitwarden provider

License

MIT