Make the thing secure!!!

[mxmvncnt]

Bitsteward is not secure at all at the moment. Some help is definitely appreciated from someone who knows better about security than me

Current ideas to make it more secure at least:

• Use Unix Socket, this will prevent other devices on the network from accessing the web server and potentially the vault content
• Use the CLI utility directly, this will also prevent other devices on the network from accessing the vault content, but this exposes the vault contents to the rest of the processes
• In both cases, not using the session ID as it is basically a vault password would be a good start. Maybe prompting for the master password at the start of the app, and executing every command using the CLI utility by giving it the password every time. This kind of prevents the other apps from seeing the vault content. Could use the Keychain for this instead of storing the password in a variable and appending it
• Scrape the Web vault

[mxmvncnt]

Update on this, I found that if an account is logged in to BW, the session key is not required, and it simply asks for the master password instead, so this also prevents every process on the system from getting all the vault items. With this, I will be able to store the master password in the Keyring and automatically unlock the Bitwarden vault for every operation using the stored password in the Keyring. This will also allow for the Keyring to be able to unlock the vault, meaning it should be able to use the native GNOME keyring access thingy, and could also enable fingerprint unlock!

https://gnome.pages.gitlab.gnome.org/libsecret/index.html
https://gnome.pages.gitlab.gnome.org/libsecret/libsecret-python-examples.html