Biometric unlock for Bitwarden CLI

larstobi · November 25, 2021, 10:34am

Feature name

Biometric unlock for Bitwarden CLI

Feature function

Add biometric unlock feature to the command line interface in the same way that we have it for the web browser extensions for MacOS, where the browser extensions contact the desktop app for the biometric authentication.
This will provider quicker unlock of the command line interface.

mietzen · April 7, 2023, 11:13am

I would love to see this properly implemented, meanwhile this is my workaround for macOS:

gist.github.com

https://gist.github.com/mietzen/f383d87c0973c1af877b39e09b50021e

macos-bitwarden-cli-with-touch-id.md

# How to use use Bitwarden CLI with macOS TouchID

## Wirtten for macOS Ventura

## Configure TouchID for the `sudo` command

To allow TouchID on your Mac to authenticate you for sudo access instead of a password you need to do the following.

- Open Terminal
- Switch to the root user with: `sudo -i`

This file has been truncated. show original

dronenb · December 27, 2023, 8:48pm

I use a similar workaround, although I store the BW_SESSION in the macOS keychain instead (which doesn’t use TouchID, unfortunately). This is the bash function I use:

function bwu() {
    BW_SESSION=$(security find-generic-password -a ${USER} -s BW_SESSION -w)
    export BW_SESSION
    BW_STATUS=$(bw status | jq -r .status)
    case "$BW_STATUS" in
    "unauthenticated")
        echo "Logging into BitWarden"
        unset BW_SESSION
        export BW_SESSION=$(bw login --raw)
        security add-generic-password -U -a ${USER} -s BW_SESSION -w "${BW_SESSION}"
        ;;
    "locked")
        echo "Unlocking Vault"
        unset BW_SESSION
        export BW_SESSION=$(bw unlock --raw)
        security add-generic-password -U -a ${USER} -s BW_SESSION -w "${BW_SESSION}"
        ;;
    "unlocked")
        echo "Vault is unlocked"
        ;;
    *)
        echo "Unknown Login Status: $BW_STATUS"
        return 1
        ;;
    esac
    bw sync
}