Browser: Automatically unlock vault with native password manager

Created on 17 Jan 2019  路  13Comments  路  Source: bitwarden/browser

On Linux you've got Gnome Keyring and KDE Wallet (if not more), on MacOS you've got the MacOS Keychain, and on Windows I don't really know. Many of each OS' features plug into these along with Git, GPG, VS Code, etc. to store their credentials. So most of the time when you're logged in, your keyring/keychain is already unlocked because you either unlocked it during login or another application already unlocked it. That's why I think most people are still using a password manager like the one that's built into Google Chrome, or the iOS and MacOS keychain. So I came here to ask whether it's possible to use Google Chrome's (and perhaps others as well, I haven't looked that much into it) credentials API (which integrates with Gnome keyring, KDE Wallet...) to automatically unlock the vault.

I've also wondered whether the desktop app could offer this feature if it does not do so already: replace Gnome Keyring and KDE Wallet on Linux. (I'm unsure whether it's possible on MacOS, but I think it might be possible because it's possible on iOS). Though, a respective issue would have to be made there as well. Then, in the end we'd be able to use Bitwarden from end-to-end.

picture AndreasBackx
👍7

Most helpful comment

I would also love this feature. I'd like to urge the developers to implement it if possible

picture Famiu on 5 May 2020
👍3

All 13 comments

Hi,
Unfortunately such APIs do not exist for web extensions (at least none that I know of). We only have an unsecured storage API.

kspearrin picture kspearrin on 17 Jan 2019

I haven't looked that much into this, but I did find some resources that might allow you access to the password managers:

https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API
https://developers.google.com/web/updates/2018/03/webauthn-credential-management

AndreasBackx picture AndreasBackx on 17 Jan 2019

These are webauthn APIs, for authenticating using FIDO2. They are not related to secure storage .

kspearrin picture kspearrin on 17 Jan 2019

Are you sure?

https://w3c.github.io/webappsec-credential-management/#passwords
https://w3c.github.io/webappsec-credential-management/#credential-chooser
https://developers.google.com/web/updates/2016/04/credential-management-api

It even mentions extensions:

Can I integrate my password management Chrome extension with the Credential Management API? You may override navigator.credentials and hook it to your Chrome Extension to get() or store() credentials.

So if we can override it, shouldn't it be available as well?

AndreasBackx picture AndreasBackx on 17 Jan 2019

So after trying it out myself. It does seem like this interacts with Google Chrome's password storage:

Example

const credentials = new PasswordCredential({
    id: "username",
    password: "password",
});
navigator.credentials.store(credentials);

It requires to following setting to be enabled in chrome://settings/passwords:

Setting

You can then use get() instead of store() to retrieve the information, see docs for more information. I assume that we can also leverage this in the application. But I've been thinking about something myself.

Google Chrome currently provides support for Gnome Keyring and KDE Wallet. I haven't looked that deep into it yet, but I assume that both of these use a different protocol/API for communication. What if we could create a protocol for at least Linux (and perhaps other operating systems as well) so that BitWarden and other password storage platforms can be plugged into by any application like it is on iOS (and Android?)?

I'm personally interested in a project like this.

AndreasBackx picture AndreasBackx on 17 Jan 2019

Nice. I didn't know about some of these API.

Unfortunately, while this works in the main browser window, it appears that the API is blocked in extensions windows.

image

kspearrin picture kspearrin on 18 Jan 2019

I made a proposal for a feature request for BitWarden desktop on the forums. That proposal would still be valid. Maybe we can also start a conversation regarding the use of the Credentials API for extensions at Chromium and Firefox?

https://community.bitwarden.com/t/support-for-libsecrets-dbus-api/4006

AndreasBackx picture AndreasBackx on 18 Jan 2019
👍2

I'm also interrested in running Bitwarden as a replacement for kwallet or gnome-keyring. It would be neat :-D

kwaredk picture kwaredk on 26 Jun 2019

I'll second that. If bitwarden could replace KWallet underneath in Ubuntu/etc, that would be Awesome.

cpholt picture cpholt on 9 Dec 2019

Does building BW into KWallet mean that you can also have a local copy of data? That would make offline, different line, or surviving BW server outage a possibility :)

cies picture cies on 2 Apr 2020

Since bitwarden has an API, would it be possible to write an adapter so that GNOME keyring et al. synchronise their data with Bitwarden?

leonardehrenfried picture leonardehrenfried on 16 Apr 2020

Since bitwarden has an API, would it be possible to write an adapter so that GNOME keyring et al. synchronise their data with Bitwarden?

Yes, you'd either have to use https://github.com/bitwarden/jslib or use the API like you said.

AndreasBackx picture AndreasBackx on 17 Apr 2020

I would also love this feature. I'd like to urge the developers to implement it if possible

Famiu picture Famiu on 5 May 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ollieh picture ollieh  路  6Comments
madranet picture madranet  路  4Comments
jikamens picture jikamens  路  3Comments
arielf picture arielf  路  6Comments
iaremarkus picture iaremarkus  路  4Comments