Add SSH keys to your agent using passphrases stored in Bitwarden.
A script to add a passphrase-protected SSH key to your local ssh-agent by
leveraging credentials stored in Bitwarden. It securely retrieves the
passphrase via the Bitwarden CLI, then uses expect to automate the
authentication process with ssh-add.
bw-ssh-add <BITWARDEN-ITEM-ID> [SSH-ADD-ARGUMENTS...]- The first argument serves as input for
bw get password, either as a search term or as an item's globally unique identifier, to retrieve the key's passphrase. - Any additional arguments are passed through to
ssh-addunchanged. Refer to thessh-addman page for details on available options.
The script sets an expiration time for the added key:
- Default: 17:00:00 (5:00 PM local time)
- If it's already past 5:00 PM: 3 hours
- Customize the end-of-day time using the
BW_SSH_ADD_EODenvironment variable (format: HH:MM:SS) - To remove the maximum lifetime, set
BW_SSH_ADD_EODto an empty string
bw-ssh-add "My SSH Key"
bw-ssh-add 99ee88d2-6046-4ea7-92c2-acac464b1412
bw-ssh-add "Work Laptop Key" -t 3600
BW_SSH_ADD_EOD="18:30:00" bw-ssh-add "Custom EOD Key"
BW_SSH_ADD_EOD="" bw-ssh-add "No Expiry Key"-
Ensure you have the required dependencies installed and configured:
- Bitwarden CLI (
bw) expectcommand- SSH agent
- Bitwarden CLI (
-
Add the bw-ssh-add script to your $PATH:
git clone https://github.com/elasticdog/bw-ssh-add.git cd bw-ssh-add/ sudo ln -s ${PWD}/bw-ssh-add /usr/local/bin/bw-ssh-add
bw-add-ssh is released under the Zero Clause BSD License (SPDX: 0BSD).
Copyright © 2024 Aaron Bull Schaefer and contributors