I have a feature request, but I wanted to first inquire about this topic on this thread, to make sure I’m not requesting something out of scope.
@Quexten
I wanted to login to bitwarden using the desktop app on Linux without the master password. (I can’t be bothered to remember an actually secure password and type it.)
Currently, the Bitwarden desktop app does not have any method to do that or allows me in any way to pass the password to the program in a script friendly way.
I think the way to go about this, is indeed to use the TPM and the methods on Windows and MacOS also use the TPM underneath (call it secure enclave or what not.)
I would be willing to contribute this, but not if it has no chance of getting accepted.
You mentioned that there is no way to make that work on snap and flatpack. I don’t know about snap but flatpack does allow access to the TPM via –device=all though that may be too permissive for bitwardens security standarts.
In my opinion, it would be fine to simply not ship this feature on snap and flatpak and enable them when they keep up with current standards in sandboxing features.
I also saw you talk about, how you don’t want to ship eventually insecure and dangerous features to users. In that case, I don’t think there is anything to fear with regards to accountability because users need to manually add themselves to the tss group first and probably also enable it in app.
What is the consensus on this?