bitwarden

package

v0.7.0 Latest Latest Go to latest Published: Apr 29, 2026 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opalbolt/envoke

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ClearStoredLocalPassword(uid string) error
func ClearStoredSession(uid string) error
type BWClient
type BWRef
- func ParseBWRef(uri string) (BWRef, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrInvalidPassword = errors.New("invalid Bitwarden master password")

ErrInvalidPassword is returned when the Bitwarden master password is rejected.

Functions ¶

func ClearStoredLocalPassword ¶

func ClearStoredLocalPassword(uid string) error

ClearStoredLocalPassword removes any local password files left by previous versions of renv. The password is no longer written to disk, but legacy files may still exist on systems that ran an older version.

func ClearStoredSession ¶

func ClearStoredSession(uid string) error

ClearStoredSession removes any legacy plaintext BW session file left by older versions.

Types ¶

type BWClient ¶

type BWClient struct {
	BWPassword string // cleared after bw unlock; used only for `bw unlock --raw`
	// Timeout caps each bw subprocess call. Zero uses the 30 s default.
	Timeout time.Duration
	// contains filtered or unexported fields
}

BWClient wraps the bw CLI for secret fetching. It does NOT use the Bitwarden SDK — subprocess only.

The BWPassword is used only for `bw unlock`. It is never persisted to disk and held in process memory only.

Access flow:

On Bitwarden access: prompt BWPassword (or use BW_SESSION env var) → fetch from BW.

func (*BWClient) Close ¶

func (c *BWClient) Close()

Close zeros the session token. Call this once when done with all BW operations. It only unsets BW_SESSION if we did not read it from the environment.

func (*BWClient) CollectionItems ¶

func (c *BWClient) CollectionItems(collectionName string) ([]map[string]interface{}, error)

CollectionItems fetches all items in the given BW collection. URI format: bw://collection:<name>/item[/field] Requires BWPassword (or BW_SESSION) to be available.

func (*BWClient) FolderItems ¶

func (c *BWClient) FolderItems(folder string) ([]map[string]interface{}, error)

FolderItems fetches all items in the given BW folder. Requires BWPassword (or BW_SESSION) to be available.

func (*BWClient) Resolve ¶

func (c *BWClient) Resolve(ref BWRef) (string, error)

Resolve resolves a BWRef to a secret value.

func (*BWClient) Session ¶

func (c *BWClient) Session() (string, error)

Session returns an active BW session token. Precedence: BW_SESSION env var → ENVOKE_BW_PASSWORD env var → BWPassword field → prompt on /dev/tty

The session token is held in process memory only and is never written to disk. Each invocation that requires Bitwarden access will prompt for BWPassword unless BW_SESSION or ENVOKE_BW_PASSWORD is set.

type BWRef ¶

type BWRef struct {
	Folder       string
	Item         string
	FieldSpec    string // "password" (default), "username", "note", "totp", "field:<name>"
	IsCollection bool   // true if bw://collection:<name>/item
}

BWRef holds the parsed components of a bw:// URI.

func ParseBWRef ¶

func ParseBWRef(uri string) (BWRef, error)

ParseBWRef parses a bw://folder/item-name[/field-spec] URI. Returns an error if folder or item is empty, or format is invalid.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL