Script to set the BW_SESSION
token environment variable and persist with optional encryption to enable re-usability in other terminal sessions.
- Depends on: bw (Bitwarden CLI) and jq (parsing
JSON
) - Download bwl
- Make it executable and reachable. E.g.
chmod +x bwl && sudo cp bwl /usr/local/bin
- To export the
BW_SESSION
environment variable:eval $(bwl)
- Quick demo:
# Show that the BW_SESSION environment variable is not loaded. $ echo "${BW_SESSION:-nope}" nope # Show that bw is unauthenticated $ bw status | jq '.status' "unauthenticated" # Execute and evaluate bwl $ eval $(bwl) ? Master password: [hidden] # Show that the BW_SESSION environment variable is loaded. $ echo "${BW_SESSION:-nope}" [hidden] # Show that bw is unlocked $ bw status | jq '.status' "unlocked"
- Create a BitWarden API Key to simplify login - see Personal API Key for CLI Authentication. Note: This approach still requires the vault to be
unlocked
, which prompts for theMaster password
if there is no existing session file. - Use
BWL_ENCRYPT_METHOD
to encrypt the persisted session token using eitherkeybase
orgpg
. - Use
~/.bwl/config
to persist the configuration:BW_CLIENTID=<client_id> BW_CLIENTSECRET=<secret> BWL_ENCRYPT_METHOD=<gpg|keybase|none> GPG_RECIPIENT=<gpg-email>