bw-ssh-add

Add SSH keys to your agent using passphrases stored in Bitwarden.

A script to add a passphrase-protected SSH key to your local ssh-agent by leveraging credentials stored in Bitwarden. It securely retrieves the passphrase via the Bitwarden CLI, then uses expect to automate the authentication process with ssh-add.

Usage

bw-ssh-add <BITWARDEN-ITEM-ID> [SSH-ADD-ARGUMENTS...]

• The first argument serves as input for bw get password, either as a search
  term or as an item's globally unique identifier, to retrieve the key's
  passphrase.
• Any additional arguments are passed through to ssh-add unchanged. Refer to
  the ssh-add man page for details on available options.

The script sets an expiration time for the added key:

• Default: 17:00:00 (5:00 PM local time)
• If it's already past 5:00 PM: 3 hours
• Customize the end-of-day time using the BW_SSH_ADD_EOD environment variable
  (format: HH:MM:SS)
• To remove the maximum lifetime, set BW_SSH_ADD_EOD to an empty string

Examples

bw-ssh-add "My SSH Key"
bw-ssh-add 99ee88d2-6046-4ea7-92c2-acac464b1412
bw-ssh-add "Work Laptop Key" -t 3600
BW_SSH_ADD_EOD="18:30:00" bw-ssh-add "Custom EOD Key"
BW_SSH_ADD_EOD="" bw-ssh-add "No Expiry Key"

Installation

1. Ensure you have the required dependencies installed and configured:

   • Bitwarden CLI (bw)
   • expect command
   • SSH agent

2. Add the bw-ssh-add script to your $PATH:

   git clone https://github.com/elasticdog/bw-ssh-add.git
   cd bw-ssh-add/
   sudo ln -s ${PWD}/bw-ssh-add /usr/local/bin/bw-ssh-add
   

License

bw-add-ssh is released under the Zero Clause BSD License (SPDX: 0BSD).

Copyright © 2024 Aaron Bull Schaefer and contributors