quexten / goldwarden Goto Github PK

View Code? Open in Web Editor NEW

528.0 8.0 18.0 800 KB

A feature-packed Bitwarden compatible desktop client

License: MIT License

Go 84.64% Shell 0.09% Python 15.14% CSS 0.13%

bitwarden linux linux-desktop password-manager autotype git-signing ssh-agent macos windows windows-desktop

goldwarden's People

Contributors

Stargazers

Watchers

Forkers

willjr c4tz anthony-fiddes baarkerlounger mufeedali mte90 gigaion csutcliff cnteng gooberpatrol66 vman45 sovamorco binlabnet patrick-braun olastor talal pocketappz

goldwarden's Issues

GPG Agent support

Since we already have SSH agent, git signing and ssh login can be done via the ssh agent. However, some actions (signing Goldwarden release packages ;) ) cannot be done with SSH keys.
Instead, we could implement: https://pkg.go.dev/github.com/prep/gpg/agent and add a GPG key encoding for secure notes.

Publish Flatpak on FlatHub

Needs more testing first

Vault login results in "Traffic from your network looks unusual"

$ goldwarden vault login --email [email protected]
Login failed: Could not login: could not pre-login: Bad Request: {"message":"Traffic from your network looks unusual. Connect to a different network or try again later. [Error Code 6]"}

I have no problems logging into the browser extension or anything else like that, nor have I ever seen a message like this from any other application.

Gui + Flatpak

A small GUI for setup + flatpak support would be nice, since it's fundamentally a desktop app and things should not have to be done through the CLI.

(Regardless, CLI will still be the main supported way).

Unable to complete FIDO2 2FA - SEGV/nil pointer dereference

I've completed all the setup steps and am attempting to login for the first time with goldwarden vault login. On my Vaultwarden instance I have both FIDO2 and TOTP configured for 2FA. After the password prompt I get a prompt Fido2 PIN: Enter your token's PIN, however I'm not able to complete this. I don't have a PIN set on my Yubikey for FIDO2, and I can't get past this prompt. I've tried submitting it blank (since there is no PIN) and with the actual FIDO2 payload but it crashes the same way. Looking at logs it's mentioning a segfault/nil pointer dereference:

 $ goldwarden vault login --email [email protected]
panic: interface conversion: interface {} is nil, not messages.IPCMessage

goroutine 1 [running]:
github.com/quexten/goldwarden/client.UnixSocketClient.SendToAgent({0x8e37a0?}, {0x8e37a0, 0xc00020c660})
	/home/runner/work/goldwarden/goldwarden/client/unixsocketclient.go:63 +0x269
github.com/quexten/goldwarden/cmd.glob..func7(0xc8ee20?, {0x927d03?, 0x2?, 0x2?})
	/home/runner/work/goldwarden/goldwarden/cmd/login.go:28 +0xd8
github.com/spf13/cobra.(*Command).execute(0xc8ee20, {0xc0001a2ea0, 0x2, 0x2})
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:987 +0xa91
github.com/spf13/cobra.(*Command).ExecuteC(0xc8b4a0)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1115 +0x425
github.com/spf13/cobra.(*Command).Execute(...)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1039
github.com/quexten/goldwarden/cmd.Execute({0x0, 0x0, {0x0, 0x0}, 0x0, {0xc0001a8bd0, 0x2c}, 0x0, 0x0, {0x0, ...}, ...})
	/home/runner/work/goldwarden/goldwarden/cmd/root.go:35 +0x1fb
main.main()
	/home/runner/work/goldwarden/goldwarden/main.go:83 +0x978

$ journalctl --user -u goldwarden

Dec 30 19:15:03 debian systemd[3395]: Started goldwarden.service - "Goldwarden daemon".
Dec 30 19:15:03 debian goldwarden[35621]: [INF] [19:15] [Goldwarden > Keyring] >>> Creating new memguard keyring
Dec 30 19:15:03 debian goldwarden[35621]: [INF] [19:15] [Goldwarden > SSH] >>> SSH Agent listening on /home/user/.goldwarden-ssh-agent.sock
Dec 30 19:15:03 debian goldwarden[35621]: [INF] [19:15] [Goldwarden > Agent] >>> Agent listening on /home/user/.goldwarden.sock...
Dec 30 19:15:03 debian goldwarden[35621]: Blocking, press ctrl+c to continue...
Dec 30 19:18:55 debian goldwarden[35621]: [INF] [19:18] [Goldwarden > Pinentry] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|
Dec 30 19:18:59 debian goldwarden[35621]: [INF] [19:18] [Goldwarden > Pinentry] >>> Got pin from user
Dec 30 19:19:02 debian goldwarden[35621]: [INF] [19:19] [Goldwarden > Pinentry] >>> Asking for pin |Bitwarden Password|Enter your Bitwarden password|
Dec 30 19:19:13 debian goldwarden[35621]: [INF] [19:19] [Goldwarden > Pinentry] >>> Got pin from user
Dec 30 19:19:13 debian goldwarden[35621]: [INF] [19:19] [Goldwarden > Pinentry] >>> Asking for pin |Fido2 PIN|Enter your token's PIN|
Dec 30 19:19:18 debian goldwarden[35621]: [INF] [19:19] [Goldwarden > Pinentry] >>> Got pin from user
Dec 30 19:19:19 debian goldwarden[35621]: panic: runtime error: invalid memory address or nil pointer dereference
Dec 30 19:19:19 debian goldwarden[35621]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x733830]
Dec 30 19:19:19 debian goldwarden[35621]: goroutine 278 [running]:
Dec 30 19:19:19 debian goldwarden[35621]: github.com/quexten/goldwarden/agent/bitwarden/twofactor.Fido2TwoFactor({0xc0000341e0, 0x2b}, {0xc0001a2120, 0x2, 0x88fd00?}, 0xc0003c0380?)
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/bitwarden/twofactor/fido2twofactor.go:80 +0x430
Dec 30 19:19:19 debian goldwarden[35621]: github.com/quexten/goldwarden/agent/bitwarden/twofactor.PerformSecondFactor(0xc000292068, 0x25a?)
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/bitwarden/twofactor/twofactor.go:26 +0x3e8
Dec 30 19:19:19 debian goldwarden[35621]: github.com/quexten/goldwarden/agent/bitwarden.Perform2FA(0x380?, 0xc0001a2080, 0xc000002180, {0x9ec098, 0xc0000280f0})
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/bitwarden/auth.go:233 +0xd3
Dec 30 19:19:19 debian goldwarden[35621]: github.com/quexten/goldwarden/agent/bitwarden.LoginWithMasterpassword({0x9ec098, 0xc0000280f0}, {0xc000290018, 0x14}, 0xc000002180, 0xe3a10cfb5cf091df?)
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/bitwarden/auth.go:109 +0xd97
Dec 30 19:19:19 debian goldwarden[35621]: github.com/quexten/goldwarden/agent/actions.handleLogin({0xc83190?, {0xc000414780?, 0x873b?, 0xeab?}}, 0xc000002180, 0xc00007e280, 0x4?)
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/actions/login.go:38 +0x245
Dec 30 19:19:19 debian goldwarden[35621]: github.com/quexten/goldwarden/agent/actions.ensureIsNotLocked.func1({0xc0002a69e4?, {0xc000414780?, 0xc00015a507?, 0xa?}}, 0xc0001129a7?, 0x4?, 0xc0000ebf20)
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/actions/actions.go:95 +0x1b7
Dec 30 19:19:19 debian goldwarden[35621]: github.com/quexten/goldwarden/agent.serveAgentSession({0x9ee470, 0xc0000be028}, {0xc0001a53f4?, 0x4?}, 0xc?, 0x4?)
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/unixsocketagent.go:67 +0x252
Dec 30 19:19:19 debian goldwarden[35621]: created by github.com/quexten/goldwarden/agent.StartUnixAgent.func8
Dec 30 19:19:19 debian goldwarden[35621]:         /home/runner/work/goldwarden/goldwarden/agent/unixsocketagent.go:282 +0x55
Dec 30 19:19:19 debian systemd[3395]: goldwarden.service: Main process exited, code=exited, status=2/INVALIDARGUMENT

I'm using Debian 12 Gnome/Wayland if it matters.

Cheers

Flatpak pinentry not working on Alpine

Quick Access menu like in 1Password

Hi! Something I really like about the 1Password desktop app that I miss a lot in Bitwarden is the ability to just click "Ctrl+Shift+Space" and search for the account I want and then click "Ctrl+Shift+C" to get its password. It's great when the regular autofill misbehaves or something like that or if you want enter any credentials in a terminal.

Btw, few unrelated questions:

I installed the RPM and set it up as per the Getting Started, everything works as expected from the terminal, but how do I access the GUI from the RPM package?
Is there any way to check if my Notifications URL is working as intended (self-hosted)?
Is the flatpak now the recommended way to install? If so, how do I uninstall the RPM?
This project means a lot to me. It's everything that I'm missing to move back fully to Bitwarden again. I want to donate to keep the project alive. Is there any way to do that?

Packages (aur/rpm/deb)

Right now goldwarden is only installable by direct download of the binary, or by compiling from source. Packages for at least arch / rpm / deb are needed.

Optional No-Pin Mode

In response to @mufeedali:

Polkit an the pin serve two different purposes (somewhat). Since we do not want to expose the vault to someone having access to the disk on boot (unencrypted main volume, etc), the pin is required to derive a key to decrypt the vault. If this were not the case, anyone with access to your (unencrypted) disk, or an unfortunate backup that captured the config, could access your vault.

Polkit only does authentication, no key derivation. Thus, it is only useful once the encryption key is already present in memory.

The two (not great) alternatives are: storing the key in libsecret - which makes the disk image unproblematic at least, but exposes the key to the user's other running processes. And alternatively, using no encryption, but this is just really not great, due to the mentioned attack above. Maybe I will introduce an environment variable such as GOLDWARDEN_NO_PIN_THIS_EXPOSES_YOUR_VAULT_TO_YOUR_DISK=true, so that way the user is aware of the risk.

Originally posted by @quexten in #46 (reply in thread)

Cipherkey Encryption

Bitwarden is migrating to individual cipher key encryption. Will need to rewrite the core to support this.

Firefox is not detected for setup browserbiometrics unless the native-messaging-hosts folder already exists.

Here is an example to illustrate the issue:

~/.mozilla ··········································································································································· 18:19:59
❯ goldwarden setup browserbiometrics
Found chrome-like browser: /home/anthonyfiddes/.config/google-chrome/NativeMessagingHosts
Found chrome-like browser: /home/anthonyfiddes/.config/thorium/NativeMessagingHosts
Done.

~/.mozilla ··········································································································································· 18:20:16
❯ mkdir native-messaging-hosts

~/.mozilla ··········································································································································· 18:20:17
❯ goldwarden setup browserbiometrics
Found chrome-like browser: /home/anthonyfiddes/.config/google-chrome/NativeMessagingHosts
Found chrome-like browser: /home/anthonyfiddes/.config/thorium/NativeMessagingHosts
Found mozilla-like browser: /home/anthonyfiddes/.mozilla/native-messaging-hosts
Done.

Maybe we could add instructions to the wiki page about this, since I'm not sure if goldwarden is supposed to create the folder, or if the folder is already supposed to exist and for some reason does not.

I personally use librewolf and cloned the repo to add .librewolf as a folder to search when I noticed this.

SSH keys not working

Ok I created an ssh key. Added the public key to the known_hosts. Made the change in .bashrc from the wiki. But it fails to login.
It is connecting to the agent but nothing happens. Am I missing something?

Jan 18 06:39:25 Archie goldwarden[1229]: [INF] [06:39] [Goldwarden > SSH] >>> SSH Agent connection accepted
Jan 18 06:41:54 Archie goldwarden[1229]: [INF] [06:41] [Goldwarden > SSH] >>> SSH Agent connection from kgx>bash>ssh

Ok something else I noticed when I do goldwarden ssh list I get a reply but when I do
ssh-add I get The Agent has no identities.

Fido2 when running the daemon inside the flatpak

At the moment you have to use an unsandboxed daemon, with the socket mapped into the flatpak in order to be able to use fido2 in the flatpak. This could be circumvented by granting the flatpak an all-devices permission, which has the downside of being too broad and also marking the flatpak as unsafe on FlatHub.

The best way forward is a portal, such as proposed in:
flatpak/xdg-desktop-portal#989

Autotype shortcut should not need explicit approval beyond polkit prompt

When using the global autotype shortcut, we shouldn't need to approve the listing of credentials.

Autotype not working on Garuda Linux

Sorry if this is another case of me not reading the documentation correctly, but from my understanding, once you select an entry in the autotype window, it's supposed to automatically type that out in the set text boxes, correct?

On my system, selecting and entering just closes the auto-type window. It does not type out anything.

I also noticed there are key shortcuts (by default, u for username and p for password) that can be used to copy either the username or password of the selected entry into the clipboard, but again, it does nothing on my system.

Video
https://youtu.be/VIrCcl2wDVs

Logs

flatpak

flatpak run com.quexten.Goldwarden
/app/bin/monitors/dbus_autofill_monitor.py:4: PyGIWarning: Gtk was imported without specifying a version first. Use gi.require_version('Gtk', '4.0') before import to ensure that the right version gets loaded.
  from gi.repository import Gtk
IS daemon running False
running daemon
Failed err None
Flatpak Config directory: /home/zany130/.var/app/com.quexten.Goldwarden/config/goldwarden.json

[INF] [19:49] [Goldwarden > Keyring] >>> Creating new memguard keyring

[INF] [19:49] [Goldwarden > Agent] >>> Agent listening on /home/zany130/.var/app/com.quexten.Goldwarden/data/goldwarden.sock...

Blocking, press ctrl+c to continue...

[INF] [19:49] [Goldwarden > SSH] >>> SSH Agent listening on /home/zany130/.var/app/com.quexten.Goldwarden/data/ssh-auth-sock

[WRN] [19:49] [Goldwarden > Agent] >>> Could not monitor idle: org.freedesktop.DBus.Error.ServiceUnknown

autostart enabled..!?
(':1.15', '/org/freedesktop/portal/desktop/request/1_468/com/quexten/Goldwarden/13804143', 'org.freedesktop.portal.Request', 'Response', GLib.Variant('(ua{sv})', (0, {'background': <true>, 'autostart': <true>})), None)
/app/bin/settings.py:34: DeprecationWarning: Adw.ActionRow.set_icon_name is deprecated
  self.ssh_row.set_icon_name("emblem-default")
[INF] [19:49] [Goldwarden > Pinentry] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|

[INF] [19:49] [Goldwarden > Pinentry] >>> Got pin from user

[INF] [19:49] [Goldwarden > Keyring] >>> Unlocking keyring with account key

[INF] [19:49] [Goldwarden > Auth] >>> Refreshing token

[INF] [19:49] [Goldwarden > Auth] >>> Refreshing using refresh token

[INF] [19:49] [Goldwarden > Auth] >>> Token refreshed

[INF] [19:49] [Goldwarden > Bitwarden API] >>> Performing full sync...

[INF] [19:49] [Goldwarden > Websocket] >>> Connected to websocket server...

[INF] [19:50] [Goldwarden > Bitwarden API] >>> Sync successful, initializing keyring and vault...

[INF] [19:50] [Goldwarden > Bitwarden API] >>> Reading  0 org keys...

[INF] [19:50] [Goldwarden > Bitwarden API] >>> Initializing keyring from user symmetric key...

[INF] [19:50] [Goldwarden > Keyring] >>> Unlocking keyring with account key

[INF] [19:50] [Goldwarden > Bitwarden API] >>> Clearing vault...

[INF] [19:50] [Goldwarden > Bitwarden API] >>> Adding 563 ciphers to vault...

[WRN] [19:50] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:50] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:50] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:50] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:50] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:50] [Goldwarden > Websocket] >>> Invalid message received, length too short

/app/bin/autofill.py:6: PyGIWarning: Notify was imported without specifying a version first. Use gi.require_version('Notify', '0.7') before import to ensure that the right version gets loaded.
  from gi.repository import Gtk, Adw, GLib, Notify
/app/bin/autofill.py:80: DeprecationWarning: Gtk.Widget.hide is deprecated
  self.history_list.hide()
/app/bin/autofill.py:108: DeprecationWarning: Gtk.Widget.get_style_context is deprecated
  self.history_list.get_style_context().add_class("boxed-list")
/app/bin/autofill.py:108: DeprecationWarning: Gtk.StyleContext.add_class is deprecated
  self.history_list.get_style_context().add_class("boxed-list")
[INF] [19:50] [Goldwarden > Systemauth] >>> Checking permission for goldwarden with session type com.quexten.goldwarden.accessvault

[INF] [19:50] [Goldwarden > Biometrics] >>> Checking biometrics for com.quexten.goldwarden.accessvault

[INF] [19:50] [Goldwarden > Biometrics] >>> Biometrics result: true

[INF] [19:50] [Goldwarden > Systemauth] >>> Permission granted, creating session

[INF] [19:50] [Goldwarden > Pinentry] >>> Asking for approval |Approve List Credentials|zany130 on main.py>python3>goldwarden is trying access all credentials|

[INF] [19:50] [Goldwarden > Pinentry] >>> Got approval from user

/app/bin/autofill.py:64: DeprecationWarning: Adw.ActionRow.set_icon_name is deprecated
  action_row.set_icon_name("dialog-password")
/app/bin/autofill.py:46: DeprecationWarning: Gtk.Widget.show is deprecated
  self.history_list.show()
copy username
Failed to connect to a Wayland server: No such file or directory
Note: WAYLAND_DISPLAY is set to wayland-0
Note: XDG_RUNTIME_DIR is set to /run/user/1000
Please check whether /run/user/1000/wayland-0 socket exists and is accessible.

(autofill.py:1320): libnotify-WARNING **: 19:51:03.787: Running in confined mode, using Portal notifications. Some features and hints won't be supported
copy username
Failed to connect to a Wayland server: No such file or directory
Note: WAYLAND_DISPLAY is set to wayland-0
Note: XDG_RUNTIME_DIR is set to /run/user/1000
Please check whether /run/user/1000/wayland-0 socket exists and is accessible.
copy password
Failed to connect to a Wayland server: No such file or directory
Note: WAYLAND_DISPLAY is set to wayland-0
Note: XDG_RUNTIME_DIR is set to /run/user/1000
Please check whether /run/user/1000/wayland-0 socket exists and is accessible.
copy password
Failed to connect to a Wayland server: No such file or directory
Note: WAYLAND_DISPLAY is set to wayland-0
Note: XDG_RUNTIME_DIR is set to /run/user/1000
Please check whether /run/user/1000/wayland-0 socket exists and is accessible.
copy password
Failed to connect to a Wayland server: No such file or directory
Note: WAYLAND_DISPLAY is set to wayland-0
Note: XDG_RUNTIME_DIR is set to /run/user/1000
Please check whether /run/user/1000/wayland-0 socket exists and is accessible.
enter
secure.hulu.com
[WRN] [19:51] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:51] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:51] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:51] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:52] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:52] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:52] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:52] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:52] [Goldwarden > Websocket] >>> Invalid message received, length too short

[WRN] [19:52] [Goldwarden > Websocket] >>> Invalid message received, length too short

Operating System: Garuda Linux 
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.114.0
Qt Version: 5.15.12
Kernel Version: 6.7.0-3-cachyos (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 5600X 6-Core Processor
Memory: 31.3 GiB of RAM
Graphics Processor: AMD Radeon RX 6700 XT

Unable to set pin in Plasma on EndeavourOS

I was trying to setup Goldwarden on my Plasma EndeavourOS setup.

The setup commands were successful:

$ goldwarden setup polkit
failed setting selinux context
exit status 1
Polkit setup successfully

$ goldwarden setup systemd
Systemd setup successfully

$ goldwarden setup browserbiometrics
Native messaging host directory already exists: /home/mufeed/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/
Native messaging host directory already exists: /home/mufeed/.mozilla/native-messaging-hosts/
Found mozilla-like browser: /home/mufeed/.mozilla/native-messaging-hosts
Done.

I setup my environment variables as I did on my Tumbleweed setup to work well with the Flatpak (which is working fine, but uses a Plasma 6 dev build):

$ set -Ux GOLDWARDEN_SOCKET_PATH ~/.var/app/com.quexten.Goldwarden/data/goldwarden.sock
$ set -Ux GOLDWARDEN_SSH_AUTH_SOCK ~/.var/app/com.quexten.Goldwarden/data/ssh-auth-sock
$ set -Ux SSH_AUTH_SOCK ~/.var/app/com.quexten.Goldwarden/data/ssh-auth-sock

So I rebooted before setting up the vault (because of updates) and then come back and try to setup my vault. I get a polkit prompt and then I get the following error:

$ goldwarden vault pin set
Pin updating failed: pinentry: unexpected response: "S ERROR gtk2.isatty 83918950 "

My immediate response was to check GitHub issues and found #38. So I checked the response you had, saw the comment regarding the DISPLAY variable.

$ echo $DISPLAY
:1

Okay, that should be the issue. So I edited the service to set DISPLAY to 1 instead. And then I tried restarting the service. It works!

I setup everything and was happy. But I just turned on my device again, tried to use Goldwarden and I just dont get the pin prompt. So I tried running the pin set command again. Same error.

But it gets weirder. I restarted the goldwarden service using systemctl and now it works again... So now I wanted to know if it would keep working or if it would break. So I tried doing a soft-reboot and the issue is back... But again, simply restarting the service fixes it again...

Very lost right now

system-wide autotype does not work

Installed goldwarden from the AUR

following https://github.com/quexten/goldwarden/wiki/System%E2%80%90wide-Autotype

I cant get dbus-send --type=method_call --dest=com.quexten.Goldwarden.autofill /com/quexten/Goldwarden com.quexten.Goldwarden.Autofill.autofill

tested trying to get my password for google with goldwarden logins get www.google.com and that works so Goldwarden seems to be accessing my bitwarden account fine

systemctl --user status goldwarden.service
● goldwarden.service - "Goldwarden daemon"
     Loaded: loaded (/home/zany130/.config/systemd/user/goldwarden.service; enabled; preset: enabled)
     Active: active (running) since Thu 2023-12-28 19:22:22 EST; 1min 24s ago
   Main PID: 796781 (goldwarden)
      Tasks: 17 (limit: 38363)
     Memory: 80.4M (peak: 2.0G)
        CPU: 7.039s
     CGroup: /user.slice/user-1000.slice/[email protected]/app.slice/goldwarden.service
             └─796781 /usr/bin/goldwarden daemonize

Dec 28 19:23:30 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Keyring] >>> Unlocking keyring with account key
Dec 28 19:23:30 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Bitwarden API] >>> Clearing vault...
Dec 28 19:23:30 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Bitwarden API] >>> Adding 560 ciphers to vault...
Dec 28 19:23:30 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Systemauth] >>> Checking permission for goldwarden with session type com.quexten.goldwarden.accessvault
Dec 28 19:23:30 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Systemauth] >>> Permission granted from cached session
Dec 28 19:23:30 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Pinentry] >>> Asking for approval |Approve Credential Access|zany130 on alacritty>fish>goldwarden is trying to access credentials for u>
Dec 28 19:23:30 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Websocket] >>> Connected to websocket server...
Dec 28 19:23:33 Garuda-Linux goldwarden[796781]: [WRN] [19:23] [Goldwarden > Websocket] >>> Invalid message received, length too short
Dec 28 19:23:33 Garuda-Linux goldwarden[796781]: [INF] [19:23] [Goldwarden > Pinentry] >>> Got approval from user
Dec 28 19:23:39 Garuda-Linux goldwarden[796781]: [WRN] [19:23] [Goldwarden > Websocket] >>> Invalid message received, length too short

Sync fails on unlock

Add support for logging in with api key

On the official servers, logins sometimes get blocked due to brute-force prevention (captcha). This can be circumvented by using the api key.

Support non-biometric auth

For testing (and because my desktop doesn't have biometrics), I'd like to set a non-biometric pin (password would be good enough for my case) using goldwarden vault pin set but I get this log:

Jan 13 20:48:09 HEPHAISTOS .goldwarden-wrapped[1385378]: [INF] [20:48] [Goldwarden > Systemauth] >>> Checking permission for .goldwarden-wra with session type com.quexten.goldwarden.accessvault
Jan 13 20:48:09 HEPHAISTOS .goldwarden-wrapped[1385378]: [INF] [20:48] [Goldwarden > Biometrics] >>> Checking biometrics for com.quexten.goldwarden.accessvault
Jan 13 20:48:09 HEPHAISTOS .goldwarden-wrapped[1385378]: [INF] [20:48] [Goldwarden > Biometrics] >>> Biometrics result: false

Installed under NixOS 24.05 (polkit enabled)

Windows & Mac Support

Windows

Mac

Settings for Daemon Autostart in Flatpak

Thanks understood. It might be nice to be able to configure from the UI whether the daemon continues to run in the background or stops with the UI and whether or not it's autostarted. (That might also help to make the default behaviour a bit more obvious).

Originally posted by @baarkerlounger in #47 (comment)

Browser Biometrics: Forever Waiting Confirmation from Desktop

Hello,
I've recently started switching to Linux and I really want to make this work, because I really enjoy using biometrics for Bitwarden on Windows. I'm running Fedora 39, and I installed both the Goldwarden rpm and flatpak. My browser of choice is Vivaldi. I setup browserbiometrics via the commandline, and it seemed to have found Vivaldi. The Goldwarden GUI shows that the SSH and Goldwarden Daemons are both running, and "Login with device" shows "Waiting for requests" and "DBUS Service" shows "Listening". The Wiki seems to tell me to just turn on browser biometrics on the browser extension from here, but it shows "Waiting confirmation from desktop" without any indication that the desktop is trying to connect. I'm unsure what to do from here.

setup systemd fails

setting up systemd fails

goldwarden setup systemd
panic: exit status 1

goroutine 1 [running]:
github.com/quexten/goldwarden/cmd.setupSystemd()
	github.com/quexten/goldwarden/cmd/setup.go:83 +0x26b
github.com/quexten/goldwarden/cmd.glob..func12(0xc0000e7a00?, {0x564fa2040320?, 0x4?, 0x564fa204020e?})
	github.com/quexten/goldwarden/cmd/setup.go:94 +0xf
github.com/spf13/cobra.(*Command).execute(0x564fa26de400, {0x564fa294aaa0, 0x0, 0x0})
	github.com/spf13/[email protected]/command.go:944 +0x863
github.com/spf13/cobra.(*Command).ExecuteC(0x564fa26ddb60)
	github.com/spf13/[email protected]/command.go:1068 +0x3a5
github.com/spf13/cobra.(*Command).Execute(...)
	github.com/spf13/[email protected]/command.go:992
github.com/quexten/goldwarden/cmd.Execute({0x0, 0x0, {0x0, 0x0}, 0x0, {0xc00034eed0, 0x25}, 0x0, 0x0, {0x0, ...}, ...})
	github.com/quexten/goldwarden/cmd/root.go:35 +0x165
main.main()
	github.com/quexten/goldwarden/main.go:65 +0x578
	```
	this is built from the latest git

sys info

inxi -b
System:
  Host: Garuda-Linux Kernel: 6.5.2-273-tkg-bore-eevdf arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.7 Distro: Garuda Linux
Machine:
  Type: Desktop Mobo: ASRock model: X470 Taichi serial: <superuser required>
    UEFI: American Megatrends v: P5.10 date: 10/20/2022
CPU:
  Info: 6-core AMD Ryzen 5 5600X [MT MCP] speed (MHz): avg: 4074
    min/max: 550/4651
Graphics:
  Device-1: AMD Navi 22 [Radeon RX 6700/6700 XT/6750 XT / 6800M/6850M XT]
    driver: amdgpu v: kernel
  Display: wayland server: X.org v: 1.21.1.8 with: Xwayland v: 23.2.0
    compositor: kwin_wayland driver: X: loaded: amdgpu
    unloaded: modesetting,radeon dri: radeonsi gpu: amdgpu resolution:
    1: 2048x864 2: 1536x864 3: 1536x864
  API: OpenGL v: 4.6 Mesa 23.1.7-arch1.1 renderer: AMD Radeon RX 6700 XT
    (navi22 LLVM 16.0.6 DRM 3.54 6.5.2-273-tkg-bore-eevdf)
Network:
  Device-1: Intel Dual Band Wireless-AC 3168NGW [Stone Peak] driver: iwlwifi
  Device-2: Intel I211 Gigabit Network driver: igb
Drives:
  Local Storage: total: 2.96 TiB used: 2.33 TiB (78.7%)
Info:
  Processes: 530 Uptime: 1h 30m Memory: total: 32 GiB available: 31.26 GiB
  used: 11.23 GiB (35.9%) Shell: fish inxi: 3.3.29

Browser biometrics sometimes not asking for polkit

From @alba4k in #62 (comment)_

SELinux preventing Polkit policy from loading

On Fedora 39, I've noticed that the polkit policy will not load when selinux is set to enforcing.
From the audit log:
type=AVC msg=audit(1697115971.173:129): avc: denied { open } for pid=1046 comm="polkitd" path="/usr/share/polkit-1/actions/com.quexten.goldwarden.policy" dev="dm-0" ino=559338 scontext=system_u:system_r:policykit_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0

No notifications in Flatpak

Pinentry error S ERROR curses.isatty 83918950

So I get the sudo prompt when trying to setup the pin. then I get the following error.
Pin updating failed: pinentry: unexpected response: "S ERROR curses.isatty 83918950 "

Autotype recognize active window title

Right now you have to type the entry that you are looking for. In wayland, there is no direct way to get the active window title, but goldwarden could make use of window-manager specific dbus APIs, in order to retreive the active window title.

Flatpak unable to access account

It used to be that the Flatpak would detect my account from the system installed in Goldewarden. However, it is no longer doing this.

Furthermore, I can't even log in using the flatpak as I get stuck in this window and the login button does nothing

System goldwarden (AUR)

Name            : goldwarden
Version         : 0.2.9-1

Flatpak

Goldwarden          com.quexten.Goldwarden        0.2.9            stable       flathub     user

System

Operating System: Garuda Linux 
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.114.0
Qt Version: 5.15.12
Kernel Version: 6.7.0-3-cachyos (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 5600X 6-Core Processor
Memory: 31.3 GiB of RAM
Graphics Processor: AMD Radeon RX 6700 XT

Libsecret Support

Hi,
I got the impression that goldwarden integrates with Secret service?
This is from it integrating with the desktop environment, and from a comment on bitwarden forum.

However, I don't see it on the dbus, so, is secret service/libsecret supported?

In that case, any suggestion on how to trouble shoot it missing?

And otherwise, I would like to add a feature request for it.

Re-bindable Keyboard Shortcuts

If you have a specific feature from the 1password quick access menu,

I guess it would be configurable shortcuts for copying the username, password and totp (which ig isn't present yet) just because I'm used to the 1Password shortcuts, but then again, I can see myself getting used to this too.

[...]

Originally posted by @mufeedali in #46 (comment)

Biometrics unlock not working with Brave

It is working as intended with Firefox, but not with Brave.

It says:
"Browser integration is not set up in the Bitwarden desktop application. Please set it up in the settings within the desktop application."

The NativeMessagingHosts directory is present and had a 1Password-generated json file. But nothing from Bitwarden.

Flatpak UI not scaled correctly on KDE+Wayland

it seems like the GUI in the flatpak doesn't like KDE display scaling settings

installed the flatpak from flatpak install --user https://dl.flathub.org/build-repo/72997/com.quexten.Goldwarden.flatpakref

Screens
=======
Active screen follows mouse:  yes
Number of Screens: 3

Screen 0:
---------
Name: DP-1
Enabled: 1
Geometry: 2932,677,2048x864
Scale: 1.25
Refresh Rate: 74991
Adaptive Sync: automatic
Screen 1:
---------
Name: DP-2
Enabled: 1
Geometry: 0,0,1396x785
Scale: 2.75
Refresh Rate: 120000
Adaptive Sync: always
Screen 2:
---------
Name: HDMI-A-2
Enabled: 1
Geometry: 1396,355,1536x864
Scale: 1.25
Refresh Rate: 74973
Adaptive Sync: automatic

Operating System: Garuda Linux
KDE Plasma Version: 5.27.10
KDE Frameworks Version: 5.113.0
Qt Version: 5.15.11
Kernel Version: 6.6.8-1-cachyos (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 5600X 6-Core Processor
Memory: 31.3 GiB of RAM
Graphics Processor: AMD Radeon RX 6700 XT

More Autotype Keyboard Layouts For Uinput Based Autotype

Right now I'm only maintaining dvorak & qwerty as layouts for autotype. Alternatively, the pasting option can be used (in some applications). If anyone needs additional layouts, feel free to clone the qwerty layout, make modifications, and submit it as a pull request.

Documentation on setting up development environment

Some documentation on how to get started with contributing would be great to have

Screencast Portal Based Autotype

It should be possible to use the screencast portal for autotype. This would enable autotype across X11 and Wayland, same as the current uinput based option, but also not require root (/ access to uinput) and handle keyboard layouts.

Sync Error when Token Expires

When the refresh token expires, goldwarden sends a sync error notification. Since this regularly occurs and is expected, the notification should only show after repeated sync errors.

Global Hotkey Portal for Autofill Shortcut

The global hotkey portal should be used to activate autofill, instead of requiring a dbus message.

Setup In Packages (RPM, Deb, AUR)

goldwarden setup should not be required, instead the package managers should take care of the setup.

Flatpak - Panic - cipher.NewCBCDecrypter

Hi,
tried goldwarden today and get following error:

/app/bin/monitors/dbus_autofill_monitor.py:4: PyGIWarning: Gtk was imported without specifying a version first. Use gi.require_version('Gtk', '4.0') before import to ensure that the right version gets loaded.
  from gi.repository import Gtk
IS daemon running False
running daemon
Failed err None
Flatpak Config directory: /home/#MYUSER#/.var/app/com.quexten.Goldwarden/config/goldwarden.json

[INF] [14:31] [Goldwarden > Keyring] >>> Creating new memguard keyring

[INF] [14:31] [Goldwarden > Agent] >>> Agent listening on /home/#MYUSER#/.var/app/com.quexten.Goldwarden/data/goldwarden.sock...

Blocking, press ctrl+c to continue...

[INF] [14:31] [Goldwarden > SSH] >>> SSH Agent listening on /home/#MYUSER#/.var/app/com.quexten.Goldwarden/data/ssh-auth-sock

[WRN] [14:31] [Goldwarden > Agent] >>> Could not monitor idle: org.freedesktop.DBus.Error.ServiceUnknown

autostart enabled..!?
(':1.55', '/org/freedesktop/portal/desktop/request/1_2174/com/quexten/Goldwarden/10748674', 'org.freedesktop.portal.Request', 'Response', GLib.Variant('(ua{sv})', (0, {'background': <true>, 'autostart': <true>})), None)
/app/bin/settings.py:34: DeprecationWarning: Adw.ActionRow.set_icon_name is deprecated
  self.ssh_row.set_icon_name("emblem-default")
[INF] [14:31] [Goldwarden > Pinentry] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|

[INF] [14:31] [Goldwarden > Pinentry] >>> Got pin from user

[INF] [14:31] [Goldwarden > Keyring] >>> Unlocking keyring with account key

[INF] [14:31] [Goldwarden > Auth] >>> Refreshing token

[INF] [14:31] [Goldwarden > Auth] >>> Refreshing using refresh token

[INF] [14:31] [Goldwarden > Auth] >>> Token refreshed

[INF] [14:31] [Goldwarden > Bitwarden API] >>> Performing full sync...

[INF] [14:31] [Goldwarden > Bitwarden API] >>> Sync successful, initializing keyring and vault...

[INF] [14:31] [Goldwarden > Bitwarden API] >>> Reading  1 org keys...

[INF] [14:31] [Goldwarden > Bitwarden API] >>> Initializing keyring from user symmetric key...

[INF] [14:31] [Goldwarden > Keyring] >>> Unlocking keyring with account key

[INF] [14:31] [Goldwarden > Bitwarden API] >>> Clearing vault...

[INF] [14:31] [Goldwarden > Bitwarden API] >>> Adding 282 ciphers to vault...

panic: cipher.NewCBCDecrypter: IV length must equal block size



goroutine 53 [running]:

crypto/cipher.NewCBCDecrypter({0x9f0510, 0xc0002ef8f0}, {0x0, 0x0, 0x0})

	/opt/hostedtoolcache/go/1.20.12/x64/src/crypto/cipher/cbc.go:122 +0xcc

github.com/quexten/goldwarden/agent/bitwarden/crypto.DecryptWith({0x0, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}}, ...)

	/home/runner/work/goldwarden/goldwarden/agent/bitwarden/crypto/encstring.go:159 +0x2df

github.com/quexten/goldwarden/agent/vault.(*Vault).isSSHKey(_, {0x2, 0xc0000c1130, {0x2, {0xc000366228, 0x10, 0x12}, {0xc000366240, 0x10, 0x12}, ...}, ...})

	/home/runner/work/goldwarden/goldwarden/agent/vault/vault.go:147 +0x338

github.com/quexten/goldwarden/agent/vault.(*Vault).AddOrUpdateSecureNote(_, {0x2, 0xc0000c1130, {0x2, {0xc000366228, 0x10, 0x12}, {0xc000366240, 0x10, 0x12}, ...}, ...})

	/home/runner/work/goldwarden/goldwarden/agent/vault/vault.go:82 +0x165

github.com/quexten/goldwarden/agent/bitwarden.DoFullSync({0x9f1248, 0xc0006a80f0}, 0xc0001b0230, 0xd04178?, 0xc00045bc48, 0x1)

	/home/runner/work/goldwarden/goldwarden/agent/bitwarden/sync.go:72 +0x6c5

github.com/quexten/goldwarden/agent/actions.handleUnlockVault({0xc00011a678?, {0x8?, 0xc0002b8005?, 0xa?}}, 0xc0001856c0, 0xc0001b0230, 0xc0002ba143?)

	/home/runner/work/goldwarden/goldwarden/agent/actions/vault.go:78 +0x42e

github.com/quexten/goldwarden/agent.serveAgentSession({0x9f35f0, 0xc000292018}, {0x0?, 0x0?}, 0x0?, 0x0?)

	/home/runner/work/goldwarden/goldwarden/agent/unixsocketagent.go:67 +0x252

created by github.com/quexten/goldwarden/agent.StartUnixAgent.func8

	/home/runner/work/goldwarden/goldwarden/agent/unixsocketagent.go:283 +0x55

quitting goldwarden daemon
daemon running
Exception in thread Thread-1 (unlock):
Traceback (most recent call last):
  File "/usr/lib/python3.11/threading.py", line 1045, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.11/threading.py", line 982, in run
    self._target(*self._args, **self._kwargs)
  File "/app/bin/goldwarden.py", line 83, in unlock
    raise Exception("Failed to initialize repository, err", result.stderr)
Exception: ('Failed to initialize repository, err', 'Flatpak Config directory: /home/#MYUSER#/.var/app/com.quexten.Goldwarden/config/goldwarden.json\npanic: interface conversion: interface {} is nil, not messages.IPCMessage\n\ngoroutine 1 [running]:\ngithub.com/quexten/goldwarden/client.UnixSocketClient.SendToAgent({0x0?}, {0x8ba120, 0xd04178})\n\t/home/runner/work/goldwarden/goldwarden/client/unixsocketclient.go:63 +0x269\ngithub.com/quexten/goldwarden/cmd.glob..func23(0xc95a60?, {0x92c626?, 0x0?, 0x0?})\n\t/home/runner/work/goldwarden/goldwarden/cmd/vault.go:24 +0x3a\ngithub.com/spf13/cobra.(*Command).execute(0xc95a60, {0xd04178, 0x0, 0x0})\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:987 +0xa91\ngithub.com/spf13/cobra.(*Command).ExecuteC(0xc93ac0)\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1115 +0x425\ngithub.com/spf13/cobra.(*Command).Execute(...)\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1039\ngithub.com/quexten/goldwarden/cmd.Execute({0x0, 0x0, {0x0, 0x0}, 0x0, {0xc000168140, 0x45}, 0x0, 0x0, {0x0, ...}, ...})\n\t/home/runner/work/goldwarden/goldwarden/cmd/root.go:35 +0x1fb\nmain.main()\n\t/home/runner/work/goldwarden/goldwarden/main.go:83 +0x978\n')

I use latest vaultwarden release as server.
OS: Manjaro Gnome

Enabled device=all for fido2 (nitrokey 3A)

Unlock fails due to pinentry in systemd service

while troubleshooting #35

I noticed I am unable to access my Bitwarden vault anymore.

goldwarden vault status
{
  "locked": false ,
  "loginEntries": 0 ,
  "noteEntries": 0 ,
  "lastSynced":	"1969-12-31 19:00:00 -0500 EST",
  "websocketConnected": false ,
  "pinSet": false ,
  "loggedIn": false
}
goldwarden vault login --email [email protected]
Login failed: No pin set. Set a pin first!

 ╭─zany130@garuda in ~ via  v3.11.6 took 4ms
 ╰─λ goldwarden vault pin set
Pin updating failed: pinentry: unexpected response: "S ERROR gtk2.isatty 83918950

pacman -Qi goldwarden
Name            : goldwarden
Version         : 0.2.6-1

flatpak info com.quexten.Goldwarden

Goldwarden - A Bitwarden compatible desktop client

          ID: com.quexten.Goldwarden
         Ref: app/com.quexten.Goldwarden/x86_64/test
        Arch: x86_64
      Branch: test
     Version: 0.2.5
     License: MIT
      Origin: goldwarden-origin
  Collection: org.flathub.Test.Build72997
Installation: user
   Installed: 9.5 MB
     Runtime: org.gnome.Platform/x86_64/45
         Sdk: org.gnome.Sdk/x86_64/45

      Commit: 193d26166b1d679d17ae26799cbbb9ef5c4a6e636d3b48b6014505088386adb5
     Subject: Update com.quexten.Goldwarden.yml to v0.2.5 (2a8452e2)
        Date: 2023-12-28 22:31:43 +0000

Login failed when using bitwarden provided instance

Great project would mostly solve https://community.bitwarden.com/t/support-for-libsecrets-dbus-api

However, when trying to get this setup, I got

goldwarden vault login --email ************
Login failed: Could not login: could not pre-login: Post "/accounts/prelogin": unsupported protocol scheme ""

goldwarden daemonize
[INF] [12:45] [Goldwarden > Agent] >>> Agent listening on /home/zany130/.goldwarden.sock...
[INF] [12:45] [Goldwarden > SSH] >>> SSH Agent listening on /home/zany130/.goldwarden-ssh-agent.sock
[INF] [12:47] [Goldwarden > Systemauth] >>> Asking for pin |Unlock Goldwarden|Enter the vault PIN|
[INF] [12:47] [Goldwarden > Systemauth] >>> Got pin from user
[ERR] [12:50] [Goldwarden > Bitwarden API] >>> Could not get auth request: Get "/auth-requests/": unsupported protocol scheme ""

built from latest git

some sys info

inxi -b
System:
  Host: Garuda-Linux Kernel: 6.5.2-273-tkg-bore-eevdf arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.7 Distro: Garuda Linux
Machine:
  Type: Desktop Mobo: ASRock model: X470 Taichi serial: <superuser required>
    UEFI: American Megatrends v: P5.10 date: 10/20/2022
CPU:
  Info: 6-core AMD Ryzen 5 5600X [MT MCP] speed (MHz): avg: 3602
    min/max: 550/4651
Graphics:
  Device-1: AMD Navi 22 [Radeon RX 6700/6700 XT/6750 XT / 6800M/6850M XT]
    driver: amdgpu v: kernel
  Display: wayland server: X.org v: 1.21.1.8 with: Xwayland v: 23.2.0
    compositor: kwin_wayland driver: X: loaded: amdgpu
    unloaded: modesetting,radeon dri: radeonsi gpu: amdgpu resolution:
    1: 2048x864 2: 1536x864 3: 1536x864
  API: OpenGL v: 4.6 Mesa 23.1.7-arch1.1 renderer: AMD Radeon RX 6700 XT
    (navi22 LLVM 16.0.6 DRM 3.54 6.5.2-273-tkg-bore-eevdf)
Network:
  Device-1: Intel Dual Band Wireless-AC 3168NGW [Stone Peak] driver: iwlwifi
  Device-2: Intel I211 Gigabit Network driver: igb
Drives:
  Local Storage: total: 2.96 TiB used: 2.33 TiB (78.7%)
Info:
  Processes: 556 Uptime: 1h 13m Memory: total: 32 GiB available: 31.26 GiB
  used: 11.46 GiB (36.7%) Shell: fish inxi: 3.3.29

Commands on the Getting Started page appear to be out of date

I noticed that the commands on the Getting Started page do not properly reference the vault command.

E.g.:

The page has goldwarden set pin, but the command that I had to use was goldwarden vault pin set.
The page has goldwarden login --email <email>, but I had to use goldwarden vault login --email <email>

Installed version:

Fido2 only login

Use prf for fido2 single sign on

Biometrics setup from flatpak

Detect And Notify Broken Polkit Setup

So, the workflow is - as far as I can tell - the same: Boot -> enter password/(pin) 1x -> use system auth (all the time)

Something must be wrong with my setup then. For me, whenever the vault auto locks, i have to type the pin again. I'll test more thoroughly and let you know

Originally posted by @mufeedali in #46 (reply in thread)

Browser Biometrics don't work

Hey, its me again!

I think the browser biometrics do not work in goldwarden (in contrast to bw-bio-handler, where they work flawlessly).

One part of the problem could be (just a guess, though) that you set the AppID to com.8bit.bitwarden here, but to com.quexten.bw-bio-handler here.

But sadly, this doesn't seem to fix it for me, the BW chromium addon always tells me that "the browser integration in the Bitwarden Desktop app has not been activated", which is why I didn't open a PR for this yet.

Do you maybe have an idea what else the underlying problem could be?

Local Vault Going into a Corrupted State

          I tried it out and it worked! The only problem I'm finding now is that my vault keeps getting corrupted like in this issue: https://github.com/quexten/goldwarden/issues/38. The vault purge and log in step fixed it, but I had to do it 2 or 3 times.

Originally posted by @Anthony-Fiddes in #37 (comment)

System Wide Passkeys

We could implement system wide passkey support using a virtual ctap2 authenticator such as:
https://github.com/r4gus/keylib