A Bitwarden command wrapper for Emacs.
To use this package you will need the Bitwarden CLI.
Bitwarden has a concept of locking which is different from logging in. For two-factor authentication, this means that only logging in will require your 2fa token.
As a convenience, you can store your master password in your OS keychain and use
the bitwarden-automatic-unlock variable. For example, to temporarily set the
auth-source to the macos keychain and then query that,
(setq bitwarden-automatic-unlock
(let* ((auth-sources '(macos-keychain-internet))
(matches (auth-source-search :user "sean@farley.io"
:host "bitwarden.farley.in"
:require '(:secret)
:max 1))
(entry (nth 0 matches)))
(plist-get entry :secret)))If your bitwarden store is kept on bitwarden servers (as opposed to hosting your
own server), you may find that the above approach does not work and gives a
Symbol’s value as variable is void: print-message error. This may be due to a
recent change in bitwarden login procedures which require the use of an API
application key. To check if this is indeed the problem try logging in from the
command line with bw login [username] 'password' if you are prompted for an API
key then the following instructions may resolve your problem.
Login to the bitwarden web interface, login to your vault, go to the settings
tab and scroll down to the API Key section. Follow the instructions to setup
your API key. You will need both your client_id and your client_secret. Then add
to your init.el configuration two functions bitwarden-api-client-id and
bitwarden-api-client-secret which have the same specification format as
bitwarden-automatic-unlock. Here is an example emacs configuration,
(setq bitwarden-api-secret-key
(plist-get (car (auth-source-search :host "bitwarden.key"))
:secret))
(setq bitwarden-api-client-id
(plist-get (car (auth-source-search :host "bitwarden.id"))
:secret))For those using authinfo.gpg, these two lines have the form,
machine bitwarden.key login YYY password XXX machine bitwarden.id login YYY password XXX
There is read-only support for auth-source as well. You can run
bitwarden-auth-source-enable to enable it. For example,
(auth-source-search :host "github.com")will return all logins that match github.com.
For certain emacs tasks (e.g. github modeline), emacs will run the process asynchronously which means a new emacs process. For this reason, this bitwarden wrapper will need to be a macro so that the session is preserved. Here is an one such way to do that:
(defmacro smf/bitwarden-init ()
"Needs to be a macro due to async.
Async doesn't load your entire config (for performance reasons)
so this needs to be a macro and added to async hooks."
`(progn
(require 'bitwarden nil t)
(setq bitwarden-user "sean@farley.io"
bitwarden-automatic-unlock (let* ((auth-sources
'(macos-keychain-internet))
(matches (auth-source-search
:user "sean@farley.io"
:host "bitwarden.farley.io"
:require '(:secret)
:max 1))
(entry (nth 0 matches)))
(plist-get entry :secret)))
(bitwarden-auth-source-enable)))And then add it to async hooks as such,
(add-hook 'doom-modeline-before-github-fetch-notification-hook
(lambda () (smf/bitwarden-init)))"