I recently fell in love with the built-in SSH agent.
This feature is a great way to handle SSH private keys, and the control gained by being asked before the key is used is just awesome.
So I thought it would be great to add a similar feature to handle VPN certificates/private keys in the same way.
This would be useful for anyone with their own VPN setup, e.g. with WireGuard.
However, I have only just had this idea and have not yet considered its technical feasibility.
Im not sure about that.
I now thought about it and for WireGuard specifically there is the Option to replace the PrivateKey with an command in the config. This can usually be used to store the Key encrypted and then get at promt from the decryption tool used in the command (works for example with age). I set this up once and used it with wg-quick. I will post the link to the Wiki section if i find it later.
This is not really a pretty solution but would work as of today. But thats my only idea right now besides integrating WG into BW, but that would be way slower than using the kernel Version and an unneccessary overhead.
Your comment could be true for other VPNs.
Okay this seems to be a wq-quick thing and not a General WireGuard Thing. And its in the manual with an example: wireguard-tools - Required tools for WireGuard, such as wg(8) and wg-quick(8)
So i guess currently WireGuard Supports RAM only Keys but does bot support external Key manager in a way so that WireGuard just forwards all Key operations like with the SSH agent.
So it would be great to have a Wireguard Entry Type in Bitwarden and then have a cli-command that triggers the fetching which resultes in Bering asked by bitwarden if the key is allowed to be shared with WireGuard.
Then this command could be entered in the config and it should work.