kbialek · morph027 · Dec 17, 2022 · Dec 17, 2022 · Dec 22, 2022 · May 4, 2024
diff --git a/README.md b/README.md
@@ -4,117 +4,75 @@ A [Ulauncher](https://ulauncher.io/) extension to search your [Bitwarden](https:
 
 ## Features
 
+- Leverage [`bw`](https://bitwarden.com/help/cli/) in [RESTful API](https://bitwarden.com/help/cli/#serve) mode (much faster!)
 - Quickly search through the database entries by name, and copy passwords/usernames/URLs/TOTPs to the clipboard
 - Works also with self hosted Bitwarden servers.
-- Support vaults with a passphrase also with MFA codes. The extension does not keep the password in the memory.
-It rather uses SessionID generated by the Bitwarden CLI client.
 
 ## Requirements
 
-- Install a recent version of [Bitwarden CLI](https://github.com/bitwarden/clients/tree/master/apps/cli)
-- Make sure you can execute `bw` in a terminal
+- Install a recent version of [Bitwarden CLI](https://github.com/bitwarden/clients/tree/master/apps/cli) (e.g. via [3rd party apt repo](https://gitlab.com/packaging/bitwarden-cli/))
+- Install python requests module (e.g. `sudo apt-get install python3-requests`)
 
 ## Installation
 
-Open Ulauncher preferences window -> Extensions -> "Add extension" and paste the following url:
+### `bw` configuration
 
+```bash
+bw login
 ```
-https://github.com/kbialek/ulauncher-bitwarden
-```
-
-## Configuration
-
-- `Bitwarden Server Url`
-- `User e-mail address`
-- `Enable MFA login` - if you use MFA authentication with your Bitwarden account select `yes`, otherwise leave `no` 
-- `Inactivity lock timeout` - forces you to re-enter the passphrase after you haven't used the extension for a while. By default it's set to 300 seconds (5 minutes). If you'd rather not re-enter it, you can set the value to 0, but that's probably not a great idea. NOTE: The cached passphrase is only stored in memory, so you'll need to re-enter it if you reboot your computer or restart Ulauncher.
-- `Session store command` - optional command called after successful login or unlock. Bitwarden session key is passed over stdin. 
-You can use it to run a command which will store session key in "some" secure location, 
-and later read the session key when directly calling `bw` in the cli. 
-It's totally up to you how and where you will store the session key.
 
-## Usage
-
-Open Ulauncher and type in "bw " to start the extension. If your password database is locked with a passphrase, it'll ask you to enter it:
+self hosted (e.g. [vaultwarden](https://github.com/dani-garcia/vaultwarden/)):
 
-![Unlock Database](images/screenshots/unlock-database.png)
+```bash
+bw config server https://my-vault.example.com
+```
 
-Once unlocked, search the database for "mail" logins:
+### `bw serve` systemd service
 
-![Search](images/screenshots/search1.png)
+- Make sure `bw` works in a shell session (e.g. configuring server, e-mail, ...)
+- Create a user systemd directory: `mkdir -p ~/.config/systemd/user`
+- Create a user service in `~/.config/systemd/user/bw.service` with the following content
+  - Your `ExecStart` may vary (e.g. `%h/bin/bw serve` if you have it in your home directory)
 
-Look at the `GMail` entry:
-
-![Entry details](images/screenshots/details1.png)
+```
+[Unit]
+Description=Bitwarden CLI RESTful API
+After=network.target
 
-## Exporting Session Key
-The extension keeps the session key in memory. This is a problem when one wants to use `bw` directly from the
-command line. Vault must be unlocked and bw-cli creates a new session key and at this same time invalidates 
-the session key stored by the extension.
+[Service]
+ExecStart=/usr/bin/bw serve
+Restart=on-failure
 
-To overcome this problem the extension is now able to export the session key after a successful login or unlock.
-Please keep in mind, that this weakens your vault's security, as the session key is easier to intercept when
-it's stored outside of the extension memory.
+[Install]
+WantedBy=default.target
+```
 
-### Exporting session key into a file
-I do not recommend this solution because it leaves valid session key in the file until vault is explicitly locked.
+### Ulauncher
 
-To store session key in a file use the following script.
-```shell script
-#!/bin/bash
+- Open Ulauncher preferences window -> Extensions -> "Add extension" and paste the following url:
 
-BW_SESSION_FILE=$HOME/.bw-session
-touch $BW_SESSION_FILE
-chmod 600 $BW_SESSION_FILE
-cat /dev/stdin > $BW_SESSION_FILE
 ```
-`Session store command` property must be set to absolute path of the script.
-
-Now you can use it in the command line
-```shell script
-export BW_SESSION=$(cat ~/.bw-session)
-bw list items
+https://github.com/morph027/ulauncher-bitwarden
 ```
 
-### Exporting session key into Kernel Key Management
-Linux kernel comes with key management facility, that can be used to store user secrets.
-For more details read [this](https://github.com/jdukes/pykeyctl/blob/master/docs/Overview.org) page.
-
-To store session key in the kernel memory use this script. 
+## Configuration
 
-File `$HOME/bin/bw-store-session`
-```shell script
-#!/bin/bash
+- `Bitwarden CLI serve url`
 
-BW_SESSION_FILE=$HOME/.bw-session
-touch $BW_SESSION_FILE
-chmod 600 $BW_SESSION_FILE
-KEY_ID=$(cat /dev/stdin | keyctl padd user bw-session @u)
-keyctl timeout $KEY_ID 36000
-echo $KEY_ID > $BW_SESSION_FILE
-```
-Please note that it sets **key timeout**, therefore the key will expire, which is great from security perspective. 
-Key ID will be stored in `$HOME/.bw-session` file.
+## Usage
 
-`Session store command` property must be set to absolute path of the script.
+Open Ulauncher and type in "bw " to start the extension. If your password database is locked with a passphrase, it'll ask you to enter it:
 
-We need one more script to read the key from the kernel memory.
+![Unlock Database](images/screenshots/unlock-database.png)
 
-File `$HOME/bin/bw-read-session`
-```shell script
-#!/bin/bash
+Once unlocked, search the database for "mail" logins:
 
-BW_SESSION_FILE=$HOME/.bw-session
-KEY_ID=$(cat $BW_SESSION_FILE)
-keyctl print $KEY_ID
-```
+![Search](images/screenshots/search1.png)
 
-Now you can easily read the session key into an environment variable
-```
-export BW_SESSION=$(bw-read-session)
-```
+Look at the `GMail` entry:
 
+![Entry details](images/screenshots/details1.png)
 
 ## Inspiration and thanks
 
-This is a fork of well crafted [ulauncher-keepassxc](https://github.com/pbkhrv/ulauncher-keepassxc) extension. Thank you @pbkhrv! 
+This is a fork of well crafted [ulauncher-bitwarden](https://github.com/kbialek/ulauncher-bitwarden) extension. Thank you @kbialek!