Faster loading of credentials from Bitwarden using rbw

7 points by milanaleksic

symgryph

Does this in any way decrease the security of the solution? Are the passwords cached locally? Or just temporarily stored in memory? I hope they’re not written to the file system.

adamcstephens

They should only be stored in memory.

minus

At work we use a lot of 1password cli, which suffers the same problem. Not much of a problem most of the time, since it’s not used in a direnv way. One of our tools (that sets Postgres passwords and other permissions) loads a lot of passwords and is executed repeatedly, so I looked for a solution. A daemon was my first thought, but then I found something better: The Linux Kernel Key Retention Service. I can create a new scope in a shell session withkeyctl to cache passwords there or cache them in my user session, and the tool runs in a second now instead of 20.

elikoga

rbw looks very very very nice but since it’s a password manager client that is third party, in theory you’d have to completely trust doy (author of rbw) or review the entire source which is a tall ask. It does look very very nice though and people seem to be using it as we can see

I’ve written a tiny integration with the 1password cli for my dayjob and there, performance on the order of seconds was not that relevant since the user needs to authenticate with biometrics anyways to access the secret. The author has a case where they unlock multiple secrets though and that changes things.