From c8f75649afe91ea533a7d4bab48159485ca11899 Mon Sep 17 00:00:00 2001 From: Oli Date: Fri, 13 Dec 2024 21:08:45 +0100 Subject: [PATCH] update to use Bitwarden native SSH key type Support Bitwarden's new native SSH key type (type 5) introduced in CLI version 2024.12.0. Previously, SSH keys were stored as notes with attachments. This update removes the legacy handling and uses the structured sshKey property instead. - Add version check for Bitwarden CLI (>= 2024.12.0) - Filter items by type 5 (SSH key) in Get-FolderItems - Update Get-PrivatePublicKey to use sshKey.privateKey and sshKey.publicKey - Remove legacy handling of notes and attachments - Update prerequisites check to ensure minimum CLI version Breaking Changes: - Requires Bitwarden CLI version 2024.12.0 or higher - Only works with SSH keys stored as native SSH key items (type 5) - Existing SSH keys stored as notes with attachments must be migrated to the new SSH key item type manually --- vaultwarden_ssh-agent.ps1 | 41 ++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/vaultwarden_ssh-agent.ps1 b/vaultwarden_ssh-agent.ps1 index 4b23005..7c45ac8 100644 --- a/vaultwarden_ssh-agent.ps1 +++ b/vaultwarden_ssh-agent.ps1 @@ -84,13 +84,18 @@ function Test-Prerequisites { throw "SSH agent is not running. Please start the SSH agent service." } - # Check if bw CLI is available - if (-not (Get-Command "bw" -ErrorAction SilentlyContinue)) { - throw "Bitwarden CLI not found. Please install the Bitwarden CLI." + # Check if bw CLI is available and version + try { + $bwVersion = & bw --version + if ($bwVersion -match '(\d{4})\.(\d{1,2})' -and + ("$($matches[1])$($matches[2].PadLeft(2,'0'))" -lt "202412")) { + throw "Bitwarden CLI version $bwVersion is not supported. Please upgrade to version 2024.12.0 or above to use SSH key features." + } + } catch { + throw "Bitwarden CLI not found or version check failed. Please install Bitwarden CLI 2024.12.0 or above." } } - function Test-VaultwardenConfig { [CmdletBinding()] param() @@ -258,9 +263,11 @@ function Get-FolderItems { ) Write-Debug "Getting items from folder: $FolderId" + # Add filter for SSH key type (type=5) $Items = & bw list items --session $Session --folderid $FolderId | ConvertFrom-Json - Write-Debug "Found $($Items.Count) items" - return $Items + $SshKeyItems = $Items | Where-Object { $_.type -eq 5 } + Write-Debug "Found $($SshKeyItems.Count) SSH key items" + return $SshKeyItems } function Get-PrivatePublicKey { @@ -273,27 +280,21 @@ function Get-PrivatePublicKey { ) try { - # Get and validate public key - $PublicKey = if ($Item.notes -is [array]) { - $Item.notes -join "`n" - } else { - $Item.notes + if ($Item.type -ne 5) { + throw "Item is not an SSH key type" } + + # Get public key from the sshKey property + $PublicKey = $Item.sshKey.publicKey if (-not (Test-SSHKey -KeyContent $PublicKey -KeyType 'Public')) { - throw "Invalid public key format in notes" + throw "Invalid public key format" } Write-Debug "Valid public key found for: $($Item.name)" - # Get and validate private key - $Attachment = $Item.attachments | Select-Object -First 1 - if (-not $Attachment) { - throw "No attachment found" - } - - $PrivateKey = & bw get attachment $Attachment.id --session $Session --itemid $Item.id --raw - $PrivateKey = $PrivateKey -join "`n" + # Get private key from the sshKey property + $PrivateKey = $Item.sshKey.privateKey if (-not (Test-SSHKey -KeyContent $PrivateKey -KeyType 'Private')) { throw "Invalid private key format"