Skip to content

Latest commit

 

History

History
77 lines (52 loc) · 3.6 KB

README.md

File metadata and controls

77 lines (52 loc) · 3.6 KB

Extended Bitwarden REST API

This Node.js REST API extends the Bitwarden REST API. It works with Docker, Node.js Express and the Bitwarden-CLI.

The problem is that the default REST API does not contains the features to get and edit sensitive data.

The basic principle is that it spawns a docker container for each user, to provide session consistency for multiple users, and clears them on startup.

The principle is described in this Blog Post

Features:

  • Full Wrapper for all Bitwarden CLI Commands (excluding lock and unlock, because they are useless)
  • Session consistency
  • Multiple Users
  • Allways synced vault
  • Attachments

How does it work?

At startup it clears all old docker container and rebuilds the image. Then you can send different Requests to the REST API and it will provide you with the data needed. So first you want to login. The REST API will spawn a user specific Docker Container, logs you in and saves the bitwarden session key. The session key is given with every commmand so it is don´t exposed to environment variables to avoid abuse. When you want to search for a password for example you send your username and the search query to the REST API and the REST API will execute the specific bw-cli commands to get your data in your user specific docker container.

Warning

If you want to use this, watch out that you don´t make this server publicly available! For the best Security this REST API should be hosted on the same machine as your programm so your data is not delivered outside. You can also enable SSL/TLS on your web server to encrypt the requests.

Warning

This REST API concatenates your requests to shell commands, so this can cause remote code execution if you use it on a publicly available server!

This project is not associated with the Bitwarden project nor 8bit Solutions LLC. ⚠️IMPORTANT⚠️: When using this REST API, please report any bugs or suggestions to us directly (look at the bottom of this page for ways to get in touch), regardless of whatever clients you are using (mobile, desktop, browser...). DO NOT use the official support channels.

Requests

I will provide a detailed Documentation of all Requests and sample Code soon. If you want to use it just dig through the code and search the routes directory. You will recognice the routes are the same as the bw-cli commands to get started read the bw-cli docs and compare them with the node.js express routes

Tech

This REST API uses some dependencies to work:

  • Node.js - Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine.
  • Docker - A cool container tool

And of course this REST API itself is open source with a public repository on GitHub.

Installation

  • Install Docker
  • Install Node.js (Version has to be newer than 7.6 or use docker image)
git clone https://github.com/Y0ngg4n/Extended-Bitwarden-REST-API.git
cd Extended-Bitwarden-REST-API/
npm start

Request Documentation

Swagger.io

Development

Want to contribute? Great!

Just make a Pull Request or open an Issue!

Docker

You can find the docker images at Dockerhub


Thanks to @sutidor for his active engagement at this repository :)