oli/vaultwarden-ssh-agent
1
0
Fork 0
Code Actions Packages Releases Activity
4 Commits 1 Branch 0 Tags
c8f75649afe91ea533a7d4bab48159485ca11899
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Oli c8f75649af update to use Bitwarden native SSH key type 
Support Bitwarden's new native SSH key type (type 5) introduced in CLI version 2024.12.0.
Previously, SSH keys were stored as notes with attachments. This update removes the
legacy handling and uses the structured sshKey property instead.

- Add version check for Bitwarden CLI (>= 2024.12.0)
- Filter items by type 5 (SSH key) in Get-FolderItems
- Update Get-PrivatePublicKey to use sshKey.privateKey and sshKey.publicKey
- Remove legacy handling of notes and attachments
- Update prerequisites check to ensure minimum CLI version

Breaking Changes:
- Requires Bitwarden CLI version 2024.12.0 or higher
- Only works with SSH keys stored as native SSH key items (type 5)
- Existing SSH keys stored as notes with attachments must be migrated
  to the new SSH key item type manually
2024-12-13 21:08:45 +01:00
LICENSE
Initial commit
2024-10-23 22:46:20 +00:00
README.md
improved error handling and better session management
2024-10-25 22:51:13 +02:00
vaultwarden_ssh-agent.ps1
update to use Bitwarden native SSH key type
2024-12-13 21:08:45 +01:00

README.md

Vaultwarden SSH Agent Script

A PowerShell script that automatically loads SSH keys from your Vaultwarden vault into your SSH agent. This script provides a secure way to manage and load your SSH keys by storing them in your Vaultwarden vault and loading them into your SSH agent when needed.

Prerequisites

  • PowerShell 5.1 or later
  • Bitwarden CLI installed and available in PATH
  • OpenSSH installed on your system
  • SSH agent running on your system
  • A Vaultwarden (self-hosted Bitwarden) instance

Installation

Download the script file (vaultwarden-ssh-agent.ps1) to your preferred location

Configuration

Initial Setup

  • Create a folder (default name: 'ssh-agent') in your Vaultwarden vault
  • Create a new item in the 'ssh-agent' folder
  • Paste the public key in the notes field
  • Attach the private key as a file attachment

Note: If you haven't configured the Bitwarden CLI for your Vaultwarden instance yet, don't worry! The script will automatically prompt you for your server URL during the first run.

Key Item Structure

Each SSH key in Vaultwarden should be structured as follows:

  • Folder: Must be in the 'ssh-agent' folder (or your custom folder name)
  • Name: A descriptive name for your SSH key
  • Notes: Contains the public key (required)
  • Attachment: The private key file (required)

Usage

Basic usage

.\vaultwarden-ssh-agent.ps1

Run with debug information

.\vaultwarden-ssh-agent.ps1 -Debug

Use a custom folder name

.\vaultwarden-ssh-agent.ps1 -FolderName "my-ssh-keys"

Security Features

  • Secure session key storage using Windows Credential Manager
  • Secure handling of private keys using SecureString
  • Proper cleanup of sensitive data from memory
  • Key format validation before loading

Clearing Stored Session Token

The script stores the Bitwarden session token in the Windows Credential Manager. This allows the script to reuse the session, avoiding the need to unlock the vault on every run.

If you need to clear the stored session for any reason, you can run the following command: .\Vaultwarden_ssh-agent.ps1 -ClearSession

This will remove the stored session token from the Windows Credential Manager. The next time you run the script, it will need to unlock the vault with your master password before proceeding.

Clearing the stored session may be necessary to ensure a fresh session is obtained.

Error Handling

The script includes comprehensive error handling:

  • Prerequisites validation
  • Vaultwarden configuration verification
  • Key format validation
  • Detailed debug output when needed
  • Operation results reporting
  • Troubleshooting

Common Issues

"SSH agent is not running"

Start the SSH agent service:

Set-Service ssh-agent -StartupType Automatic
Start-Service ssh-agent

"Folder not found"

  • Create the folder in your Vaultwarden vault
  • Verify the folder name matches the script parameter (default: "ssh-agent")

"Failed to add key"

  • Verify the SSH agent is running
  • Check key format in Vaultwarden
  • Run with -Debug flag for more information
  • Verify private key file attachment

"Bitwarden CLI not found"

  • Ensure Bitwarden CLI is installed
  • Verify bw is in your system PATH
  • Debug ModeRun the script with the -Debug switch for detailed operation information:.\vaultwarden-ssh-agent.ps1 -Debug

Security Notes

  • Never share your private keys
  • Regularly rotate your SSH keys
  • Session key are stored securely in Windows Credential Manager
  • Private keys are handled as SecureString during processing
  • All sensitive data is cleared from memory after use
  • Monitor SSH agent contents with ssh-add -l

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Support

If you encounter any issues or have questions, please open an issue in the repository.

License

This script is available under the MIT License. See the LICENSE file for more details.

View Git Blame Copy Permalink
Description
No description provided
Readme 57 KiB
Languages
PowerShell 100%