oli/vaultwarden-ssh-agent
1
0
Fork 0
Code Actions Packages Releases Activity

update to use Bitwarden native SSH key type

Browse Source 
Support Bitwarden's new native SSH key type (type 5) introduced in CLI version 2024.12.0.
Previously, SSH keys were stored as notes with attachments. This update removes the
legacy handling and uses the structured sshKey property instead.

- Add version check for Bitwarden CLI (>= 2024.12.0)
- Filter items by type 5 (SSH key) in Get-FolderItems
- Update Get-PrivatePublicKey to use sshKey.privateKey and sshKey.publicKey
- Remove legacy handling of notes and attachments
- Update prerequisites check to ensure minimum CLI version

Breaking Changes:
- Requires Bitwarden CLI version 2024.12.0 or higher
- Only works with SSH keys stored as native SSH key items (type 5)
- Existing SSH keys stored as notes with attachments must be migrated
  to the new SSH key item type manually
This commit is contained in:
Oli
2024-12-13 21:08:45 +01:00
parent 7744667c3d
commit c8f75649af
1 changed files with 21 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
vaultwarden_ssh-agent.ps1
View File

@@ -84,13 +84,18 @@ function Test-Prerequisites {
throw "SSH agent is not running. Please start the SSH agent service." throw "SSH agent is not running. Please start the SSH agent service."
} }
# Check if bw CLI is available # Check if bw CLI is available and version
if (-not (Get-Command "bw" -ErrorAction SilentlyContinue)) { try {
throw "Bitwarden CLI not found. Please install the Bitwarden CLI." $bwVersion = & bw --version
if ($bwVersion -match '(\d{4})\.(\d{1,2})' -and
("$($matches[1])$($matches[2].PadLeft(2,'0'))" -lt "202412")) {
throw "Bitwarden CLI version $bwVersion is not supported. Please upgrade to version 2024.12.0 or above to use SSH key features."
}
} catch {
throw "Bitwarden CLI not found or version check failed. Please install Bitwarden CLI 2024.12.0 or above."
} }
} }
function Test-VaultwardenConfig { function Test-VaultwardenConfig {
[CmdletBinding()] [CmdletBinding()]
param() param()
@@ -258,9 +263,11 @@ function Get-FolderItems {
) )
Write-Debug "Getting items from folder: $FolderId" Write-Debug "Getting items from folder: $FolderId"
# Add filter for SSH key type (type=5)
$Items = & bw list items --session $Session --folderid $FolderId | ConvertFrom-Json $Items = & bw list items --session $Session --folderid $FolderId | ConvertFrom-Json
Write-Debug "Found $($Items.Count) items" $SshKeyItems = $Items | Where-Object { $_.type -eq 5 }
return $Items Write-Debug "Found $($SshKeyItems.Count) SSH key items"
return $SshKeyItems
} }
function Get-PrivatePublicKey { function Get-PrivatePublicKey {
@@ -273,27 +280,21 @@ function Get-PrivatePublicKey {
) )
try { try {
# Get and validate public key if ($Item.type -ne 5) {
$PublicKey = if ($Item.notes -is [array]) { throw "Item is not an SSH key type"
$Item.notes -join "`n"
} else {
$Item.notes
} }
# Get public key from the sshKey property
$PublicKey = $Item.sshKey.publicKey
if (-not (Test-SSHKey -KeyContent $PublicKey -KeyType 'Public')) { if (-not (Test-SSHKey -KeyContent $PublicKey -KeyType 'Public')) {
throw "Invalid public key format in notes" throw "Invalid public key format"
} }
Write-Debug "Valid public key found for: $($Item.name)" Write-Debug "Valid public key found for: $($Item.name)"
# Get and validate private key # Get private key from the sshKey property
$Attachment = $Item.attachments | Select-Object -First 1 $PrivateKey = $Item.sshKey.privateKey
if (-not $Attachment) {
throw "No attachment found"
}
$PrivateKey = & bw get attachment $Attachment.id --session $Session --itemid $Item.id --raw
$PrivateKey = $PrivateKey -join "`n"
if (-not (Test-SSHKey -KeyContent $PrivateKey -KeyType 'Private')) { if (-not (Test-SSHKey -KeyContent $PrivateKey -KeyType 'Private')) {
throw "Invalid private key format" throw "Invalid private key format"