How to change URI match detection in bulk using the CLI

Is there a way to change url match detection to “Host” for a number of items in one go.

The full story:
I have recently switched from lastpass family to bitwarden family (the lastpass breach was the final straw that made a convincing argument for the rest of the family too). I have imported my passwords to bitwarden. For the imported passwords Match detection is set to " Base domain" which makes sense for must of them. It is however not a good choice for serrver in my own domain (.net and .lan) where different host indeed mean: entirely different systems. In lastpass I could make a generic rule to make this happen and I now know I can change this per item in lastpass, but is there a way to do this in bulk?

1 Like

Hey @ddt3 feel free to drop a vote and comment on this community request: Change URI Match Rule setting to Multiple/Selected Items

1 Like

Are you meaning to say that you don’t want Bitwarden to detect and fill with the Base match detection for these internal resources or that you do?
As I understand base domain matching would NOT match on different TLDs such as would not match to

Or are you wishing for these to match for your two internal domains, i.e and domain2.lan should be treated as the same for matching?

What I mean is this:

  • Default Match Detection is set to Base domain
  • I have 1 password for a Because of default Match Detection
    I am happy that this password is used for and
  • I have seperate passwords for server1.home.lan server2.home.lan server3.home.lan
    Because of default match detection all 3 passwords show up for all three servers.
    So for these servers I want to set the Match Detection to “Host”.

As it is actually more than 3 items I would to do this for all items at once.

I imported these items from lastpass. In lastpass matching rules are set on “vault level” eg.:
if domain matches “home.lan” then exact match on host: yes, exact match on port:yes

Had a look at the CLI interface and solved it in zsh:

foreach i in $(bw list items --search "home.lan" | jq -r '.[] | .id')                                                                                                                                                     
bw get item $i | jq '.login.uris[].match=1' | bw encode | bw edit item $i

That did the trick :slight_smile:

Based on the base domain match detection rules this should not be the case, as two differing base domains (in your case & home.lan) should not be being detected on match; as even if the domain matches but the TLD does not i.e vs
Otherwise this would defeat much of a password manager’s usability, as it would be matching other non-equivalent domains such as being matched to

What I believe is happening is since your home.lan is not a proper gTLD or available on the Mozilla public suffix list (which Bitwarden uses to parse for matching) Bitwarden is ignoring the home.lan and simply matching on the hostname.
Since there is a matching URI in your vault from server1.home.lan the hostname server1 is being matched to

Another community member was recently experiencing trouble with their internal domain as well, as pointed out by one member here.

Unfortunately being that the two base domains are being incorrectly matched due to the internal setup there really isn’t a way around this that I can think of other than to change each URI matching for your internal domain to the Host option.
There is also no way currently to bulk update URI items for match detection as you are requesting or a way to enter a global matching rule such as LastPass

You may be able to complete these changes in batch though using the CLI if you are comfortable with that.

Edit: I see you were able to get this resolved with the CLI tool after-all. Glad to hear it all worked out for you :slight_smile:

1 Like