Bitwarden scripts to keep a session open without the need to export env variables.

bw-agent

#!/bin/bash

set -Eeuo pipefail

export NODE_EXTRA_CA_CERTS="${NODE_EXTRA_CA_CERTS:-/etc/pki/tls/certs/ca-bundle.crt}"
readonly BW_SOCKET="${BW_SOCKET:-$HOME/.bw-agent.sock}"

unlock() {
    if [[ $(bw status | jq -r .status) == "unauthenticated" ]]; then
        bw login
    else
        bw unlock
    fi | sed -nE 's/\$ export BW_SESSION="(.*)"/\1/p'
}

if (( $# == 1 )); then
    if [[ "$1" == "display-session" ]]; then
        unlock
        exit
    fi

    if [[ "$1" == "-" ]]; then
        read bw_session
        export BW_SESSION="$bw_session"
    fi

    if [[ "$1" == "quit" ]]; then
        pkill -f bw-agent
        exit
    fi
else
    export BW_SESSION="$(unlock)"
fi

should_quit=0
quit() {
    should_quit=1
}

trap "bw lock" exit
trap "quit" sigint sigterm

bw sync

while (( should_quit == 0 )); do
    socat -t 10 unix-listen:"$BW_SOCKET" 'exec:/bin/bash,stderr' || {
        echo '> errored, retrying'
    }
done

bw-client

#!/bin/bash

set -Eeuo pipefail

DIR="$(dirname "$(realpath "$0")")"
BW_SOCKET="${BW_SOCKET:-$HOME/.bw-agent.sock}"

ret=0
socat UNIX-CONNECT:"$BW_SOCKET" - <<< ':' &> /dev/null || {
    ret=$?
}
if (( ret != 0 )); then
    if (( ret == 1)); then
        rm -f "$BW_SOCKET"
    fi
    x=$("$DIR/bw-agent" display-session)
    setsid "$DIR/bw-agent" - <<< "$x" &
    unset x

    # wait for the socket to appear
    while ! [ -S "$BW_SOCKET" ]; do
        echo -n .
        sleep 0.2
    done
    echo
fi

if (( $# == 0 )); then
    exit
fi

# setup
# curl -Lo bitwarden-cli.zip https://vault.bitwarden.com/download/\?app\=cli\&platform\=linux
# unzip -d "$HOME/.local/bin/" bitwarden-cli.zip bw
# chmod +x "$HOME/.local/bin/bw"

command=(bw)
case "$1" in
    --vault-id)
        command+=(get password "ansible://$2")
        ;;
    *)
        command+=("$@")
esac

sleep 0.$RANDOM
socat -t 10 "UNIX-CONNECT:$BW_SOCKET" - <<< "${command[@]@Q}"