New Features #32
New Features #32
Conversation
[feature] Session Token cli parameter
feature: remove bitwarden ssh keys from ssh-agent
feature: use password field as ssh key password
help for debugging in vs code
…y etc) will ge ignored
[Feature] specify keyentry
|
Hi @hasechris, Thanks for the contribution. I'll take a look at your changes and I'll get back to you. |
| import subprocess | ||
| from typing import Any, Callable, Dict, List, Optional | ||
| from cryptography.hazmat.primitives.serialization import load_ssh_private_key |
There was a problem hiding this comment.
Currently, we don't have any external dependencies (besides bitwarden-cli and ssh-agent, of course). Adding an external library as dependency would make this tool harder to install.
We might need to rethink if that's the direction we'd like to go, but for now I'd say we better avoid requiring extra libs.
There was a problem hiding this comment.
Hi @joaojacome,
Basically I agree with you, a new library is of course always a problem.
But I still decided to go this way, because at the moment the user has to manually remove the just added keys from the ssh-agent. From the user's point of view, I find this very inconvenient, so I decided to add the "Key Removal" function. Therefore the library is "required".
Additionally, due to your concerns, I tried to read up a bit about this library. Basically this library seems to be relatively well known, has thousands of downloads on pypi.org and a clean release management. I also checked the default package lists of Debian and Manjaro (desktop OS of my choice). In both operating systems this package (python-cryptography) is included in the default lists. So the coverage should be relatively wide.
Maybe you could also start a poll among users of the tool?
But it's your choice, of course. Feel free to reject the PR as is.
Greetings
hasechris :-)
There was a problem hiding this comment.
Might be a compromise to leverage the ssh-agent timeout, to have simple way to restrict the maximum time a key is active?
We could simply pass a -t argument to the subprocess call. That's straight forward, needs no additional libraries, but would prevent keys from staying in memory indefinitely.
Hi @joaojacome,
up to now i used KeepassXC, which got synced via nextcloud to all my devices. Now i moved to a "real" selfhosted passwordsafe solution (vaultwarden) and wanted to have the same flexibility as with my KeepassXC setup regarding the ssh key management.
Searching the internet i found your github repo in the bitwarden forum. I tested it and was initially happy, but i missed a bit of the convenience of the KeepassXC sshkey handling. So i added the features i was missing.
New features from me:
Also i merged the solution from #29 from @Weidows before all my development into my new fork, because i needed to specify the session token as the env variable was not always working in my case. Hope this is not a problem regarding merge conflicts.
Additionally i want to extend usage documentation regarding how i use shell aliases so the user is only specifying the parameters he absolutly has to. I could not find the right spot for that part, so it isn't part of this PR yet.
IMPORTANT: I would be relieved if someone could check my python programming. Im literally new to python in general (this is my second python script on which im working in my entire life).
Best regards
hasechris