Originally posted on: https://github.com/bitwarden/cli/issues/123
I’d like to have an additional parameter for bw cli commands that return items which removes or overrides sensitive fields, e.g. bw get item, bw list items.
I don’t like that all credentials are being output on screen in plaintext when I don’t actually need them. I find myself grep-ing and filtering the bw cli output to find certain records more often than I need to query a specific item. By default all current and past credentials will be returned without obfuscation which is somewhat bothersome.
The following example shows my idea of what this additional parameter (e.g. --hide-plaintext, --no-plaintext) for the commands above could do:
bw list items | jq '(.[].login.password, .[].passwordHistory[]?.password, (.[].fields[]? | select(.type == 1) | .value)) |= "hidden"'
Which then returns a redacted list of items when used with bw list items or a single item when used with bw get item:
{
"object": "item",
"id": "89d15257-2367-4e2c-be7b-d15fc0e82710",
"organizationId": "432a599a-30c7-49e7-a9f2-54dfbe6470de",
"folderId": null,
"type": 1,
"name": "MyProject - Docker Registry - Deploy",
"notes": "Application Token is stored in the Password field (for password history)",
"favorite": false,
"fields": [
{
"name": "Account Password",
+ "value": "hidden",
"type": 1
},
{
"name": "Provider",
"value": "AWS",
"type": 0
}
],
"login": {
"uris": [
{
"match": 5,
"uri": "registry.mydomain.net/myproject/"
}
],
"username": "svc-deploy-myproject",
+ "password": "hidden",
"totp": null,
"passwordRevisionDate": "2020-03-02T15:46:07.545Z"
},
"collectionIds": [
"6ef0c82b-961f-3587-8de1-2b52df0e172f"
],
"revisionDate": "2020-03-02T15:49:32.000Z",
"passwordHistory": [
{
"lastUsedDate": "2020-03-01T12:46:07.546Z",
+ "password": "hidden"
},
{
"lastUsedDate": "2020-03-02T15:46:07.545Z",
+ "password": "hidden"
}
]
},
It would be great if this could be part of bitwarden CLI itself.