integrated bitwarden password manager into pivpn #794
Conversation
|
Please change the target branch to test. |
|
done |
|
I kindah like this a lot as I am a BW user myself ... need more time to take a look a tit .. as it has conflicts. |
There was a problem hiding this comment.
I think i managed to resolve the conflicts, and it looks good now,
@orazioedoardo @Giraffe1966 @devZer0
could you take a look? a second pair of eyes is always welcome since I have been somewhat away.
Hhm, I still I don't understand that. What is this ticket about? |
|
@muibusan Bitwarden is a "cloud" password manager, which has CLI features, therefore, you can store the certificate passwords in your bitwarden. with this, for example, you can share the password directly to whoever is going to use it instead of sending it through insecure means. I haven't tested it but it is even possible that you can even attach the certificates with your bitwarden new item. do you know @kiskisiit1131 if its possible to attach the .ovpn with CLI? I personally think this e a very cool feature to have that can make life easier especially for those to have used Pivpn to install OpenVPN in their company office or so. |
|
@4s3ti Ahh thanks a lot, that makes it clearer. I didn't know that CLI feature of Bitwarden. That's indeed nice. (I, however, switched to KeyPass to store my passwords 'on premise'.) |
|
@muibusan Bitwarden allows you to store your passwords on-premise as well |
|
@4s3ti Not really. I've looked into that but it's not suited for Raspberry Pi. Requirements are Docker and Docker Compose, an x64 processor, 1.4 GHz or faster CPU, 10 GB(!) storage and more ... that exceeds what a Raspberry offers. ;) Anyway, this is not meant to be a BW thread, thanks for your explanation. It's cool if PiVPN and BW can share some features. |
Officially, I don't see any OpenVPN support with Bitwarden. There is a place where you can import data to your bitwarden vault, but it's only for data from other password managers. In theory, I guess you could import the contents of the .ovpn file as a secure note to transfer it securely that way, I can try that out and see if it works. |
Sorry, to extend the tangent further...you sparked my curiosity because I do want to self host my Bitwarden with a Pi at some point. Two alternatives to self-host Bitwarden with the Pi: |
|
@kiskisiit1131 Thank you. Very interesting! If I knew it before ... ... I'm wondering tho what's the advantage of Bitwarden on-premise over KeyPass on-premise? I put the Keypass DB on my rPi, accessing it through SFTP. Works great. |
at this point, I'd say preference? or some specific features that one might have over another? @kiskisiit1131 what i meant is .. if you have BW premium (i think free version doesnt allow this), you can attach files to your vault items. Being able to attach them from the CLI would be great! Edit: @kiskisiit1131 Found it, here: https://help.bitwarden.com/article/cli/#create
https://help.bitwarden.com/article/attachments/
Maybe adding a prompt if user wants to attach the ovpn files? |
Good to know, I don't have the premium version (yet).
I saw this as well! Glad we're on the same page.
Yes, I think a prompt would be perfect for that. I'm currently in the process of moving, but I should be settled soon and can work on incorporating that into the script. |
|
I just added and tested the .ovpn file functionality, managed to send it as a secure note (no premium subscription needed). I added a screenshot snippet of how it looks in my vault below:
What's the general guidelines if something else is added? Make a new pull request? |
|
well that's something! =) |
|
I was just as shocked/pleasantly surprised as you were! Great, I pushed out the new addition. |
|
Great Stuff, Merging into Test branch! Thanks a lot for your contribution!! =) |
Install script not creating ovpns dir, and throwing error: ``` cp: cannot stat '/tmp/OLD_UFW': No such file or directory mkdir: cannot create directory ‘/root\n/usr/sbin\n/bin\n/dev\n/bin\n/usr/games\n/var/cache/man\n/var/spool/lpd\n/var/mail\n/var/spool/news\n/var/spool/uucp\n/bin\n/var/www\n/var/backups\n/var/list\n/var/run/ircd\n/var/lib/gnats\n/nonexistent\n/nonexistent\n/run/systemd\n/run/systemd\n/run/systemd\n/nonexistent\n/run/sshd\n/\n/home/pivpntest/ovpns’: No such file or directory chmod: cannot access '/root'$'\n''/usr/sbin'$'\n''/bin'$'\n''/dev'$'\n''/bin'$'\n''/usr/games'$'\n''/var/cache/man'$'\n''/var/spool/lpd'$'\n''/var/mail'$'\n''/var/spool/news'$'\n''/var/spool/uucp'$'\n''/bin'$'\n''/var/www'$'\n''/var/backups'$'\n''/var/list'$'\n''/var/run/ircd'$'\n''/var/lib/gnats'$'\n''/nonexistent'$'\n''/nonexistent'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/nonexistent'$'\n''/run/sshd'$'\n''/'$'\n''/home/pivpntest/ovpns': No such file or directory ``` Found incosistencies in instalation user var/files namings, to have it consistend and easy to understand and considering everyone is more familiar with INSTALL_USER Changed $pivpnUser to INSTALL_USER Changed pivpnUSR to INSTALL_USER Removed PiVPN Secure Notes from PiVPN ADD introduced with PR #794 - Notes not being pushed to BW Vault - OVPN files not going to ovpns dir - Needs investigation
First time contributing to an open source project, so apologies if I'm breaking some unspoken rules. I'm a big fan of this project and hope that this might be useful to some people.
I wanted to set up PiVPN by using my password manager Bitwarden and decided to add it into the installation script. I tested this on my Pi which runs Raspbian Buster and used the updated code from the pivpn test branch to test the Buster support.
Notes:
The screenshot below shows a successful test of the feature:
