98 lines
3.0 KiB
Markdown
98 lines
3.0 KiB
Markdown
# Vaultwarden SSH Agent Script
|
|
|
|
A PowerShell script that automatically loads SSH keys from your Vaultwarden vault into your SSH agent. This script provides a secure way to manage and load your SSH keys by storing them in your Vaultwarden vault and loading them into your SSH agent when needed.
|
|
|
|
## Prerequisites
|
|
|
|
- PowerShell 5.1 or later
|
|
- [Bitwarden CLI](https://bitwarden.com/help/cli/) installed and available in PATH
|
|
- SSH agent running on your system
|
|
- A Vaultwarden (self-hosted Bitwarden) instance
|
|
|
|
## Installation
|
|
|
|
1. Download the script file (`vaultwarden-ssh-agent.ps1`) to your preferred location
|
|
2. Ensure you have the Bitwarden CLI installed:
|
|
|
|
```powershell
|
|
winget install Bitwarden.CLI
|
|
# or
|
|
choco install bitwarden-cli
|
|
```
|
|
|
|
## Configuration
|
|
|
|
### Initial Setup
|
|
|
|
Create a folder named 'ssh-agent' in your Vaultwarden vault
|
|
|
|
For each SSH key you want to manage:
|
|
- Create a new item in the 'ssh-agent' folder
|
|
- Paste the public key in the notes field
|
|
- Attach the private key as a file attachment
|
|
|
|
Note: If you haven't configured the Bitwarden CLI for your Vaultwarden instance yet, don't worry! The script will automatically prompt you for your server URL during the first run.
|
|
|
|
### Key Item Structure
|
|
|
|
Each SSH key in Vaultwarden should be structured as follows:
|
|
- Folder: Must be in the 'ssh-agent' folder
|
|
- Name: A descriptive name for your SSH key
|
|
- Notes: Contains the public key (required)
|
|
- Attachment: The private key file (required)
|
|
|
|
### Usage
|
|
- Basic Usage: `.\vaultwarden-ssh-agent.ps1`
|
|
- To run with detailed debugging information use `-Debug` switch.
|
|
|
|
### Session Management:
|
|
|
|
- Reuses existing sessions when available
|
|
- Automatically handles login/unlock operations
|
|
- Stores session token as environment variable
|
|
|
|
### Key Validation:
|
|
- Validates both public and private key formats
|
|
- Secure Memory Handling: Implements secure handling for sensitive data
|
|
- Detailed Reporting: Provides summary of successful and failed key additions
|
|
|
|
### Security Features
|
|
- Secure handling of private keys using `SecureString`
|
|
- Proper cleanup of sensitive data from memory
|
|
- Session token management
|
|
- Key format validation before loading
|
|
|
|
### Error Handling
|
|
The script includes comprehensive error handling:
|
|
- Validates Vaultwarden configuration
|
|
- Verifies key formats
|
|
- Reports failed operations
|
|
- Provides detailed debug output when needed
|
|
- Troubleshooting
|
|
|
|
## Common Issues
|
|
|
|
"ssh-agent folder not found"
|
|
|
|
- Create a folder named ssh-agent in your Vaultwarden vault
|
|
|
|
"Failed to add key"
|
|
|
|
- Verify the SSH agent is running
|
|
- Check key format
|
|
- Run with -Debug flag for more information
|
|
|
|
## Note on Security
|
|
Never share your private keys
|
|
Keep your Vaultwarden master password secure
|
|
Regularly rotate your SSH keys
|
|
Monitor SSH agent contents with `ssh-add -l`
|
|
|
|
## Contributing
|
|
Contributions are welcome! Please feel free to submit a Pull Request.
|
|
|
|
## Support
|
|
If you encounter any issues or have questions, please open an issue in the repository.
|
|
|
|
## License
|
|
This script is available under the MIT License. See the LICENSE file for more details. |