Am I missing something, or do the Bitwarden SSH agent configuration instructions for macOS use methods that don’t persist after a reboot?
I followed the guide and ran:
export SSH_AUTH_SOCK=/Users/<user>/.bitwarden-ssh-agent.sock
as shown in the documentation, but the variable didn’t survive a reboot.
According to this article, the same issue occurs when using:
launchctl setenv "SSH_AUTH_SOCKET" "/Users/<user>/.bitwarden-ssh-agent.sock"
Am I missing something?
The line with the export command applies only to your current shell instance. As soon as you open another shell, it will not have this variable set. Even if you add it to your .bashrc or .zshrc, this will only be valid for commands executed in a shell.
You linked an article that explains how to make the setting persistent with LaunchAgents. Did you try this?
No, I didn’t try yet. I was wondering if this is what everybody is doing, especially given that it is not what the Bitwarden website suggests. Is that the best way to set the environment variable permanently?
Sorry, I do not know this because I do not use macOS.
In the end I was able to fix the problem by mostly following the article I posted above:
mkdir -p ~/Library/LaunchAgents
environment.plist in the same directory:nano ~/Library/LaunchAgents/environment.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.d$
<plist version="1.0">
<dict>
<key>Label</key>
<string>setenv.SSH_AUTH_SOCK</string>
<key>ProgramArguments</key>
<array>
<string>/bin/launchctl</string>
<string>setenv</string>
<string>SSH_AUTH_SOCK</string>
<string>/Users/<user>/.bitwarden-ssh-agent.sock</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Remember to replace <user> with your MacOS account username!
~/.zshrc:export SSH_AUTH_SOCK=$(launchctl getenv SSH_AUTH_SOCK)
Hopefully this will be useful to other MacOS users!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
I previously created a post describing a configuration that I believed was working, but it turned out not to be correct. Since then, I have made additional changes to my setup, and everything now appears to be working as expected. I would therefore like to share my current configuration, both in case it is useful to others and as a reference for myself should I need to set this up again in the future.
To begin with, I am not entirely sure how well SSH was working before, since most, if not all, of my repositories were configured to use HTTPS with Personal Access Tokens.
While investigating the issue, I realized that for Bitwarden to act as the default SSH agent, it should be configured in the same way as other third party SSH agents. After some searching, I came across a support page from Strongbox that explains how to configure a custom SSH agent using the IdentityAgent option in the SSH configuration file. Following that guidance, I created the file ~/.ssh/config with the following content:
Host *
IdentityAgent ~/.bitwarden-ssh-agent.sock
After applying this configuration, SSH started working correctly with the Bitwarden SSH agent. I hope this information is helpful to others who are trying to achieve the same setup.
Are you saying that the following solution that you posted in November 2025 is actually not correct?
Yes, that’s not working for me. Have you tried it on your machine?
Thanks for clarifying. To prevent confusion, I have now removed the “Solution” marking from your 10 Nov 2025 comment, re-opened your original thread, and moved your most recent update comments here.
Thanks! That’s actually what I wanted to do 