I would like to have the possibility to set an expiration on session keys generated by the CLI.
An example UI would be bw login --ttl=1h or bw unlock --ttl=1h. The session key would be made invalid after the specified TTL.
Having an expiration would be a significant security advantage, mitigating the risk in case a user forgets to bw lock or bw logout. I would go as far as saying there should be a default expiration, but I understand that would not be backwards-compatible.
Thanks for the feature request and welcome to the forums! Here is a previous response to this request on Github:
Currently, the CLI doesn’t support this. It is not a continuous running program like other Bitwarden client apps. You are responsible for maintaining your session key. We cover this in the docs here: Bitwarden CLI | Bitwarden Help & Support
Having said that, we’re always looking at future improvements, so thanks for the feedback and opening the discussion!