RGBCube (Jun 02 2024 at 15:45): RGBCube (Jun 02 2024 at 15:45):Has anyone used Bitwarden with a vaultwarden instance to sign git commits and store ssh keys?
Srid (Jun 02 2024 at 15:56):cc @Shivaraj B H
(Also, related: this topic)
Andreas (Jun 02 2024 at 17:54):I wanted to try out self-hosted vaultwarden soonishly. Does it have that kind of capability?
Shivaraj B H (Jun 02 2024 at 17:57):I use vaultwarden, but it’s only limited to my passwords at the moment. I don’t store my SSH keys there yet as I was looking for a better solution (related topic that srid linked ^). Bitwarden has Secrets manager, but the last I checked, it was proprietary.
I was planning to try this out myself with existing vaultwarden. Storing the keys and retrieving them using the “bw” CLI seems straightforward, but signing commits is what would be interesting to see.
Anyways, I will update this thread with my progress.
Andreas (Jun 02 2024 at 18:00):Storing the keys and retrieving them using the “bw” CLI seems straightforward
So you would store them as what in vaultwarden? As a secure note? I still use regular Bitwarden for my passwords, so I am not sure which capabilities vaultwarden actually has.
RGBCube (Jun 02 2024 at 18:08):Signing shouldn't be that hard, let me see
RGBCube (Jun 02 2024 at 18:09):@Shivaraj B H For storing SSH private keys I use https://github.com/charmbracelet/melt and store the melted key physically in my wallet. works well and is offline
RGBCube (Jun 02 2024 at 18:10):If everything goes wrong, I can use that key to redeploy everything and ssh into my servers which is great. it's not really possible for me to lose access this way
Shivaraj B H (Jun 02 2024 at 18:24):@RGBCube how do you manage the seed phrases used to create the melted key?
Shivaraj B H (Jun 02 2024 at 18:25):Andreas said:
Storing the keys and retrieving them using the “bw” CLI seems straightforward
So you would store them as what in vaultwarden? As a secure note? I still use regular Bitwarden for my passwords, so I am not sure which capabilities vaultwarden actually has.
Yes, I believe it should be secure note. I am guessing that’s what @RGBCube is doing with his melted keys
RGBCube (Jun 02 2024 at 18:29):No, it's not in any password manager, i wrote the melted key down on a piece of paper and put it in my physical wallet.
RGBCube (Jun 02 2024 at 18:30):And the melted key doesn't have a passphrase, when you unmelt it it asks you for a passphrase
RGBCube (Jun 02 2024 at 18:31):Asks you for a passphrase as in ssh-keygening on the melted key to add a passphrase to the restored one
Tim DeHerrera (Jun 02 2024 at 19:13):We have a vaultwarden at work to share passwords and some keys. I would say it's not really appropriate for our usecase.
It'd probably be better to use short lived ssh certs
Last updated: Nov 15 2024 at 12:33 UTC