improved error handling and better session management
Added - New ClearSession parameter to remove the stored Vaultwarden session from the Windows Credential Manager. - New Test-Prerequisites function to check if the required tools (ssh-add, Bitwarden CLI) are installed and available. - New Get-BWSession function to retrieve the Vaultwarden session from the Windows Credential Manager, and fallback to getting a new session if the stored one is invalid. - New Clear-SensitiveData function to clear sensitive data (SecureString, string) from memory. - New Clear-BWSession function to remove the stored session from the Windows Credential Manager. Changed - The Test-VaultwardenConfig function now prompts the user to enter the Vaultwarden server URL if it's not configured, rather than throwing an error. - The Get-FolderId and Get-FolderItems functions now take the session as a parameter, rather than relying on a global session variable. - The Get-PrivatePublicKey function now uses the --raw flag to retrieve the private key attachment, instead of joining the attachment content. The main script execution has been reorganized to handle the session retrieval and management more explicitly. - The script now includes a detailed help section at the top, providing information about the script's usage and parameters. Removed
This commit is contained in:
90
README.md
90
README.md
@@ -6,27 +6,19 @@ A PowerShell script that automatically loads SSH keys from your Vaultwarden vaul
|
||||
|
||||
- PowerShell 5.1 or later
|
||||
- [Bitwarden CLI](https://bitwarden.com/help/cli/) installed and available in PATH
|
||||
- OpenSSH installed on your system
|
||||
- SSH agent running on your system
|
||||
- A Vaultwarden (self-hosted Bitwarden) instance
|
||||
|
||||
## Installation
|
||||
|
||||
1. Download the script file (`vaultwarden-ssh-agent.ps1`) to your preferred location
|
||||
2. Ensure you have the Bitwarden CLI installed:
|
||||
|
||||
```powershell
|
||||
winget install Bitwarden.CLI
|
||||
# or
|
||||
choco install bitwarden-cli
|
||||
```
|
||||
Download the script file (`vaultwarden-ssh-agent.ps1`) to your preferred location
|
||||
|
||||
## Configuration
|
||||
|
||||
### Initial Setup
|
||||
|
||||
Create a folder named 'ssh-agent' in your Vaultwarden vault
|
||||
|
||||
For each SSH key you want to manage:
|
||||
- Create a folder (default name: 'ssh-agent') in your Vaultwarden vault
|
||||
- Create a new item in the 'ssh-agent' folder
|
||||
- Paste the public key in the notes field
|
||||
- Attach the private key as a file attachment
|
||||
@@ -36,57 +28,77 @@ Note: If you haven't configured the Bitwarden CLI for your Vaultwarden instance
|
||||
### Key Item Structure
|
||||
|
||||
Each SSH key in Vaultwarden should be structured as follows:
|
||||
- Folder: Must be in the 'ssh-agent' folder
|
||||
- Folder: Must be in the 'ssh-agent' folder (or your custom folder name)
|
||||
- Name: A descriptive name for your SSH key
|
||||
- Notes: Contains the public key (required)
|
||||
- Attachment: The private key file (required)
|
||||
|
||||
### Usage
|
||||
- Basic Usage: `.\vaultwarden-ssh-agent.ps1`
|
||||
- To run with detailed debugging information use `-Debug` switch.
|
||||
## Usage
|
||||
### Basic usage
|
||||
.\vaultwarden-ssh-agent.ps1
|
||||
|
||||
### Session Management:
|
||||
### Run with debug information
|
||||
.\vaultwarden-ssh-agent.ps1 -Debug
|
||||
|
||||
- Reuses existing sessions when available
|
||||
- Automatically handles login/unlock operations
|
||||
- Stores session token as environment variable
|
||||
|
||||
### Key Validation:
|
||||
- Validates both public and private key formats
|
||||
- Secure Memory Handling: Implements secure handling for sensitive data
|
||||
- Detailed Reporting: Provides summary of successful and failed key additions
|
||||
### Use a custom folder name
|
||||
.\vaultwarden-ssh-agent.ps1 -FolderName "my-ssh-keys"
|
||||
|
||||
### Security Features
|
||||
- Secure session key storage using Windows Credential Manager
|
||||
- Secure handling of private keys using `SecureString`
|
||||
- Proper cleanup of sensitive data from memory
|
||||
- Session token management
|
||||
- Key format validation before loading
|
||||
|
||||
### Clearing Stored Session Token
|
||||
The script stores the Bitwarden session token in the Windows Credential Manager. This allows the script to reuse the session, avoiding the need to unlock the vault on every run.
|
||||
|
||||
If you need to clear the stored session for any reason, you can run the following command: `.\Vaultwarden_ssh-agent.ps1 -ClearSession`
|
||||
|
||||
This will remove the stored session token from the Windows Credential Manager. The next time you run the script, it will need to unlock the vault with your master password before proceeding.
|
||||
|
||||
Clearing the stored session may be necessary to ensure a fresh session is obtained.
|
||||
|
||||
### Error Handling
|
||||
The script includes comprehensive error handling:
|
||||
- Validates Vaultwarden configuration
|
||||
- Verifies key formats
|
||||
- Reports failed operations
|
||||
- Provides detailed debug output when needed
|
||||
- Prerequisites validation
|
||||
- Vaultwarden configuration verification
|
||||
- Key format validation
|
||||
- Detailed debug output when needed
|
||||
- Operation results reporting
|
||||
- Troubleshooting
|
||||
|
||||
## Common Issues
|
||||
### Common Issues
|
||||
**"SSH agent is not running"**
|
||||
|
||||
"ssh-agent folder not found"
|
||||
Start the SSH agent service:
|
||||
```
|
||||
Set-Service ssh-agent -StartupType Automatic
|
||||
Start-Service ssh-agent
|
||||
```
|
||||
|
||||
- Create a folder named ssh-agent in your Vaultwarden vault
|
||||
**"Folder not found"**
|
||||
|
||||
"Failed to add key"
|
||||
- Create the folder in your Vaultwarden vault
|
||||
- Verify the folder name matches the script parameter (default: "ssh-agent")
|
||||
|
||||
**"Failed to add key"**
|
||||
- Verify the SSH agent is running
|
||||
- Check key format
|
||||
- Check key format in Vaultwarden
|
||||
- Run with -Debug flag for more information
|
||||
- Verify private key file attachment
|
||||
|
||||
## Note on Security
|
||||
Never share your private keys
|
||||
Keep your Vaultwarden master password secure
|
||||
Regularly rotate your SSH keys
|
||||
Monitor SSH agent contents with `ssh-add -l`
|
||||
**"Bitwarden CLI not found"**
|
||||
- Ensure Bitwarden CLI is installed
|
||||
- Verify bw is in your system PATH
|
||||
- Debug ModeRun the script with the -Debug switch for detailed operation information:.\vaultwarden-ssh-agent.ps1 -Debug
|
||||
|
||||
## Security Notes
|
||||
- Never share your private keys
|
||||
- Regularly rotate your SSH keys
|
||||
- Session key are stored securely in Windows Credential Manager
|
||||
- Private keys are handled as `SecureString` during processing
|
||||
- All sensitive data is cleared from memory after use
|
||||
- Monitor SSH agent contents with `ssh-add -l`
|
||||
|
||||
## Contributing
|
||||
Contributions are welcome! Please feel free to submit a Pull Request.
|
||||
|
||||
Reference in New Issue
Block a user