Correct, you can get a bitwarden item in json format from an export or from bitwarden cli (what I posted is exactly the output of the following cli command:
bw get item 2c961731-c731-4bea-9968-b20f0145a20f | jq
jq only makes the output a little prettier.
Discoverable and non-discoverable credentials inside the vault look exactly the same with just that diference (the value of that discoverable attribute).
This is a discoverable one:
{
"passwordHistory": null,
"revisionDate": "2024-10-21T12:29:28.300Z",
"creationDate": "2024-10-21T12:29:27.973Z",
"deletedDate": null,
"object": "item",
"id": "15468098-4f8a-4ebf-b299-b21000cdd8ec",
"organizationId": null,
"folderId": null,
"type": 1,
"reprompt": 0,
"name": "webauthn.io (discoverable)",
"notes": null,
"favorite": false,
"login": {
"fido2Credentials": [
{
"credentialId": "bb7844f6-15b4-4c6e-a391-e4c09c277513",
"keyType": "public-key",
"keyAlgorithm": "ECDSA",
"keyCurve": "P-256",
"keyValue": "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQggIKdTKRh3rBjNAOCnFzYylw3vVb0qBn7eua7Kg0WTEyhRANCAAQHiYYej53bpuA6svRfoLY343rd357SvWq1hC5QZcrxTquUb3bs5aBY9arlNoSi2zBKaOiF3HEQgXSFnFJFhJkw",
"rpId": "webauthn.io",
"userHandle": "eXgxSlkwQXNUaEhxc3poa3dHell2TExKdng0RFgtUUVnRGd1LWtBSGpOaw",
"userName": "example_username",
"counter": "0",
"rpName": "webauthn.io",
"userDisplayName": "example_username",
"discoverable": "true",
"creationDate": "2024-10-21T12:29:28.250Z"
}
],
"uris": [
{
"match": null,
"uri": "https://webauthn.io/"
}
],
"username": "example_username",
"password": null,
"totp": null,
"passwordRevisionDate": null
},
"collectionIds": []
}
Non-discoverable credentials, I guess, make more sense on hardware keys (where the storage available for the cryptographic keys and the data associated with them is very limited).
With a password vault that limitation does not exist.
But, as they are in the FIDO specifications, password managers have to support them.