Bitwarden Password Manager and Secrets Manager

scelles · February 23, 2025, 8:56am

Hello,

I’m using Bitwarden Password Manager as password manager.
I’m looking for a Julia client to retrieve API keys stored in Bitwarden Secret Manager.
(Instead of string into flat .env file or any other solution like that)
Is there any Julia package similar to

Cross posted at

Best regards

abraemer · February 23, 2025, 10:22am

Julia’s FFI is pretty good. So creating a binding should hopefully be not too hard.

scelles · February 23, 2025, 10:35am

I looked at Python code and they are using Maturin.
But I also noticed some references to OpenAPI (ex Swagger).
I think using a code generator from API is required.

cjdoris · February 23, 2025, 5:29pm

The CLI is available from bitwarden_cli_jll.jl, which you could wrap with a higher level interface.

scelles · February 23, 2025, 5:52pm

Thanks @cjdoris but it looks quite old (I hope it’s still maintained)

Moreover there is 2 CLI

bw to deal with Bitwarden Password Manager
bws to deal with Bitwarden Secrets Manager

Currently I only see support for bw (not bws)

I prefer not to give access to my entire own vault to a script… abd so bws is more appropriated.

That’s why bws is better for my use case.

Palli · February 23, 2025, 6:20pm

I could install with:

julia> using CondaPkg

(@v1.10) pkg> conda add maturin

also with (but likely above is preferred):
(@v1.10) pkg> conda pip_add maturin

It is quite old yes, and probably without “bws to deal with Bitwarden Secrets Manager” as you say. It does support the main platforms, for 64-bit, including macOS, though not for Arm. If Maturin works for you you can use it (it additionally supports FreeBSD) with PythonCall.jl, though I see:

github.com/bitwarden/sdk-sm

Unable to `pip3 install bitwarden-sdk` on MacOS

opened 01:52PM - 20 Oct 24 UTC

otterbotter

bug

### Steps To Reproduce 1. Open a terminal on MacOS 2. Run `pip3 install bitw…arden-sdk` ### Expected Result I expect `ansible-sdk` to be installed successfully ### Actual Result ``` Collecting bitwarden-sdk Using cached bitwarden_sdk-1.0.0.tar.gz (374 kB) Installing build dependencies ... done Getting requirements to build wheel ... done Preparing metadata (pyproject.toml) ... error error: subprocess-exited-with-error × Preparing metadata (pyproject.toml) did not run successfully. │ exit code: 1 ╰─> [10 lines of output] 🔗 Found pyo3 bindings 🐍 Found CPython 3.8 at /Users/otterbotter/../bin/python3 📡 Using build options bindings, compatibility from pyproject.toml 💥 maturin failed Caused by: Failed to read /private/var/folders/2c/qzmlgh8j28941tt2hlckkczh0000gn/T/pip-install-_hengb50/bitwarden-sdk_c0ca9cf5d58944eb84e6e0313546647a/crates/bitwarden-py/../../LICENSE Caused by: failed to open file `/private/var/folders/2c/qzmlgh8j28941tt2hlckkczh0000gn/T/pip-install-_hengb50/bitwarden-sdk_c0ca9cf5d58944eb84e6e0313546647a/crates/bitwarden-py/../../LICENSE` Caused by: No such file or directory (os error 2) Error running maturin: Command '['maturin', 'pep517', 'write-dist-info', '--metadata-directory', '/private/var/folders/2c/qzmlgh8j28941tt2hlckkczh0000gn/T/pip-modern-metadata-u58guaip', '--interpreter', '/Users/otterbotter/../bin/python3']' returned non-zero exit status 1. Checking for Rust toolchain.... Running `maturin pep517 write-dist-info --metadata-directory /private/var/folders/2c/qzmlgh8j28941tt2hlckkczh0000gn/T/pip-modern-metadata-u58guaip --interpreter /Users/otterbotter/../bin/python3` [end of output] note: This error originates from a subprocess, and is likely not a problem with pip. error: metadata-generation-failed × Encountered error while generating package metadata. ╰─> See above for output. note: This is an issue with the package mentioned above, not pip. ``` ### Screenshots or Videos _No response_ ### Additional Context Python version 3.8.20 installed via pyenv Pip version 24.2 ### Operating System macOS ### Operating System Version Sonoma Version 14.4 (23E214) ### Build Version 1.0.0 ### Issue Tracking Info - [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Since you’re after CLI access, you can shell to it(?), i.e. you do NOT need any Julia support, meaning you do not need FFI (if so wrap bitwarden-c likely or Rust even or Python) or a wrapper. You just need to install the CLI code, and maybe a trivial way to do that from Julia.

I just took a quick look, maybe you only need CondaPkg.jl, a dependency of PythonCall, to install the CLI, and you wouldn’t need any Python code at all (even though you would install that full Python package; or install Rust CLI somehow with it)?

You might be able to use this (if not for wrapping, then only 323 lines of code, not too hard to translate, probably ChatGPT can even do it):

github.com/jdhalbert/bitwarden_secrets_manager_python

bitwarden_secrets_manager_python/bws.py

main

# pylint: disable=logging-format-interpolation, logging-fstring-interpolation, line-too-long, invalid-name

""" Module contains the BWS (Bitwarden Secrets Manager) class, a Python wrapper for the `bws` CLI application. """

import os
import json
import logging
import subprocess
from pathlib import Path
from copy import deepcopy

logger = logging.getLogger(__name__)


class BWS:
    """Bitwarden Secrets Manager Python wrapper."""

    _BWS_APPLICATION_PATH: Path
    _BWS_ACCESS_TOKEN: str
    _PROJECT_NAME: str

This file has been truncated. show original

Kind of off-topic: Julia seemingly needs support for (and might help for this, for JSON API):

scelles · February 23, 2025, 7:11pm

I’m trying first to compare bw cli usage with bitwarden_cli_jll.jl

PS C:\Users\scelles> bw -v
2025.1.3
PS C:\Users\scelles> bw login
? Email address: me@domain.com
? Master password: [hidden]
? Two-step login method: Authenticator App
? Two-step login code: 835314
You are logged in!

To unlock your vault, set your session key to the `BW_SESSION` environment variable. ex:
$ export BW_SESSION="......"
> $env:BW_SESSION="....."

You can also pass the session key to any command with the `--session` option. ex:
$ bw list items --session ...+...+...==
PS C:\Users\scelles> $env:BW_SESSION="....."
PS C:\Users\scelles> bw list items
[{"passwordHistory":null,"revisionDate":"2024-08-19T18:01:04.740Z" ...

and

julia> using bitwarden_cli_jll

julia> bw() do exe
           run(`$exe -v`)
           run(`$exe config server https://vault.bitwarden.eu`)
           run(`$exe login`)
       end
1.17.1
? Email address: s.celles@gmail.com
? Master password: [hidden]
{"response":{"error":"invalid_grant","error_description":"Auth-Email header invalid."},"statusCode":400}ERROR: failed process: Process(`'C:\Users\scelles\.julia\artifacts\a9b5ea49d42cbd291b866e295baa7ad47a7c8e8d\bin\bw.exe' login`, ProcessExited(1)) [1]

Stacktrace:
  [1] pipeline_error
    @ .\process.jl:598 [inlined]
  [2] run(::Cmd; wait::Bool)
    @ Base .\process.jl:513
  [3] run
    @ .\process.jl:510 [inlined]
  [4] (::var"#11#12")(exe::String)
    @ Main .\REPL[11]:3
  [5] (::JLLWrappers.var"#2#3"{var"#11#12", String})()
    @ JLLWrappers C:\Users\scelles\.julia\packages\JLLWrappers\GfYNv\src\runtime.jl:49
  [6] withenv(f::JLLWrappers.var"#2#3"{var"#11#12", String}, keyvals::Pair{String, String})
    @ Base .\env.jl:265
  [7]
    @ JLLWrappers C:\Users\scelles\.julia\packages\JLLWrappers\GfYNv\src\runtime.jl:48
  [8] invokelatest(::Any, ::Any, ::Vararg{Any}; kwargs::@Kwargs{})
    @ Base .\essentials.jl:1055
  [9] invokelatest(::Any, ::Any, ::Vararg{Any})
    @ Base .\essentials.jl:1052
 [10] bw(f::Function; adjust_PATH::Bool, adjust_LIBPATH::Bool)
    @ bitwarden_cli_jll C:\Users\scelles\.julia\packages\JLLWrappers\GfYNv\src\products\executable_generators.jl:28
 [11] bw(f::Function)
    @ bitwarden_cli_jll C:\Users\scelles\.julia\packages\JLLWrappers\GfYNv\src\products\executable_generators.jl:25
 [12] top-level scope
    @ REPL[11]:1
Some type information was truncated. Use `show(err)` to see complete types.

but I can’t login.

Any idea?

I opened an issue at

github.com/JuliaPackaging/Yggdrasil

bitwarden_cli needs updating

opened 08:20PM - 23 Feb 25 UTC

s-celles

Hello, current version of `bw` should be 2025.1.3 but it's 1.17.1 here https:/…/github.com/JuliaBinaryWrappers/bitwarden_cli_jll.jl Unfortunately https://github.com/bitwarden/cli repository has been archived by the owner on May 25, 2022. It is now read-only. The way `bw` binary is distributed is now different. See https://github.com/bitwarden/clients/releases/tag/cli-v2025.1.3 Pinging @rikhuijzer and @giordano Maybe an other binary `bws` (Bitwarden Secret Manager) could also be added. https://github.com/bitwarden/sdk-sm/releases https://github.com/bitwarden/sdk-sm/releases/tag/bws-v1.0.0 Kind regard Possible fix: ```julia using BinaryBuilder # Collection of pre-build Bitwarden CLI binaries name = "bitwarden_cli" version = v"2025.1.3" url_prefix = "https://github.com/bitwarden/clients/releases/download/cli-v$(version)" sources = [ ArchiveSource("$(url_prefix)/bw-linux-$(version).zip", "f1d66b1a3971cc906ea3e44f0647899c1ca0c95ca83714fcf3039c0643dcd97a"; unpack_target = "x86_64-linux-gnu"), ArchiveSource("$(url_prefix)/bw-macos-$(version).zip", "103ee62a30284390559b5ff5ca21b77c235a43cb4e08e3c410726f873104cf42"; unpack_target = "x86_64-apple-darwin14"), ArchiveSource("$(url_prefix)/bw-windows-$(version).zip", "7ba89071061d30f94cea048289cd252cdb14b2635e9a57c0b020bf80121b16f5"; unpack_target = "x86_64-w64-mingw32"), FileSource("https://raw.githubusercontent.com/bitwarden/clients/refs/heads/main/LICENSE.txt", "b98fbb37db5b23bc5cfdcd16793206a5a7120a7b01f75374e5e0888376e4691c") ] # Bash recipe for building across all platforms script = raw""" cd ${WORKSPACE}/srcdir/ mkdir -p "${bindir}" cp ${target}/bw${exeext} ${bindir} chmod +x ${bindir}/* install_license LICENSE.txt """ # These are the platforms we will build for by default, unless further # platforms are passed in on the command line platforms = [ Platform("x86_64", "linux"; cxxstring_abi="cxx11"), Platform("x86_64", "macos"), Platform("x86_64", "windows") ] # The products that we will ensure are always built products = [ ExecutableProduct("bw", :bw) ] # Dependencies that must be installed before this package can be built dependencies = Dependency[ ] # Build the tarballs, and possibly a `build.jl` as well. build_tarballs(ARGS, name, version, sources, script, platforms, products, dependencies) ```

for updating build_tarballs.jl script

cjdoris · February 23, 2025, 9:28pm

Looks like that CLI is no longer supported. But you can wrap the C bindings, which would be a fun little project, here’s how:

Add a recipe to Yggdrasil to build the Bitwarden C bindings.
This will automatically create a JLL package containing the shared library of C bindings.
Create a package to wrap the C bindings. The C part should be quite simple, it’s just 3 functions with a generic JSON interface. Use JSON3.jl to serialise/deserialise messages to/from the C bindings.
Add higher level functions to this package for specific commands. You could be fancy and auto-generate these from the JSON spec, but I don’t think the API is so big that you couldn’t do it by hand.

scelles · February 28, 2025, 4:34pm

I wrapped bws CLI See GitHub - s-celles/BitwardenSecretsManagerUnofficialClient.jl

See announcement at [ANN] B7nSecretsManagerUnoffClient.jl - An unofficial Julia client for Bitwarden Secrets Manager

[bws] add 1.0.0 by s-celles · Pull Request #10610 · JuliaPackaging/Yggdrasil · GitHub was an attempt to create a JLL package for bws … but for license reason that doesn’t seems to be possible.
bws need to be dowloaded from official BW Github repository.

JLL package for bw should be possible

because that’s not the same licence than the SDK

there is probably cleaner to do than my current implementation. I will be pleased to see your contributions.

Topic		Replies	Views
[ANN] B7nSecretsManagerUnoffClient.jl - An unofficial Julia client for Bitwarden Secrets Manager Package Announcements package , security , api , password , secrets	0	78	February 28, 2025
Modul with hash functions, like the Python Bcript modul New to Julia question , package	2	392	November 20, 2021
Cryptography and Julia Data cryptography	4	2314	January 19, 2024
Will the new github security policy affect the way we use/develop Julia packages? General Usage question , github	3	635	March 8, 2021
The state of cryptographic libraries Community cryptography	19	2648	April 26, 2020

Related topics