- Basic shell completion for powershell, elvish, nushell, and fig (#271, jasonxue)
- TOTP entries with weak keys are supported again (#272, Maksim Karelov)
- Master password reprompt is no longer triggered for unrelated entries. (#268)
- Master password reprompt is always triggered even if no sync has happened.
rbw getwith a URL query can now return entries with multiple different URLs configured.
- Steam Guard TOTP secrets are now supported. (#250, nikp123)
- SSH Key vault entries are now supported. (#252, Peter Kaplan)
- Master Password Reprompt is now supported.
rbw listandrbw searchnow have a--rawoption similar torbw get.- Shell completion now allows autocompleting of entry names, usernames, and folders. (#245, Patrick Lenihan)
- Added functionality to allow
rbwto also act as an SSH agent by settingSSH_AUTH_SOCKappropriately. (#262, Peter Kaplan)
- The
--clipboardoption now has a short alias of-c. (#258, Kedap) - Sped up
rbw listandrbw searchby only decrypting fields that will actually be displayed. rbw searchnow displays results in the same format asrbw list, for consistency and easier parsing.
- We now automatically remove spaces from TOTP secrets, to handle different formatting or copy/pasting issues. (#247, foudil)
- If we create a new directory (for cache, sockets, etc), we now always ensure that its permissions are set correctly.
git-credential-rbwnow supports git'scredential.useHttpPath. (#244, FoxAmes)identity_url,ui_url, andnotifications_urlare now set properly when configuring thebase_urlto behttps://api.bitwarden.eu.rbw searchnow also searches configured URIs in entries.- All subcommands which select a single entry are now consistent in how they allow the entry to be specified.
- Fixed some inconsistencies in how entries are selected when they have the same name but some entries have no username specified.
- Always write a pidfile for the agent even if it is not being daemonized, to allow running the agent manually during debugging.
rbw getandrbw searchnow correctly return entries whose names are UUIDs.- Email 2FA on the official Bitwarden server should now work again.
- Try another clipboard backend to try to fix cross platform issues. (Mag Mell, #226)
rbw unlockedno longer starts the agent if it isn't running. (#223)- The cardholder_name field is now correctly populated for card entries. (#204)
- Fix ip address url matching when using the domain match type. (#211)
- Make the behavior of matching urls with no paths when using the exact match type more consistent. (#211)
- Moved clipboard support to a (default-enabled) feature, since not all platforms support it (disabling this feature should allow Android builds to work again).
- Fix preventing the password type selectors in
rbw generatefrom being used together. (antecrescent, #198) - Fix
--clipboardon Wayland (Maksim Karelov, #192) - Fix parsing vaults with entries that have non-null field types (Tin Lai, #212)
- Fix lock timeout being reset when checking version (aeber, #216)
- Update API request headers to pass new stricter validation on the official bitwarden.com server (Davide Laezza, #219)
- Make it possible to start the rbw agent process from a graphical session and then access it over SSH (Wim de With, #221)
- Fix decrypting folder names of entries with individual item encryption keys.
NOTE: If you were affected by issue #163 (getting messages like failed to decrypt encrypted secret: invalid mac when doing any operations on your
vault), you will need to rbw sync after upgrading in order to update your
local vault with the necessary new data.
- Support decrypting entries encrypted with invididual item encryption keys, which are now generated by default from the official Bitwarden clients. (#163)
- Correctly handle lowercased and padded base32 TOTP secrets. (owl, #189)
- Make locking agent memory to RAM optional, since it appears to not always be available. (#143)
- Updated the prelogin API endpoint to use the identity API instead of the base API, to correspond with upcoming changes to the official Bitwarden server (see bitwarden/server#4206)
- Support SSO login. (dezeroku, #174)
- Added
rbw search, which finds and displays the name of entries matching a given search term. - Added
--ignorecaseas an option to several subcommands. (Maximilian Götsch, #164) - The JSON output given by
--rawnow also includes the field type.
- Fixed the client id used when logging in, which was causing problems with the official Bitwarden server. (Merlin Marek, #186)
- Reworked
rbw-pinentry-keyringto support passwords with spaces and 2fa codes. (Henk van Maanen, #178) - Try less hard to parse input as a url (so that using
rbw geton an entry name containing a:works as expected).
- Fix logging into the official Bitwarden server due to changes on their end (Gabriel Górski, #175)
rbw codesupports TOTP codes which use a SHA256 or SHA512 hash (Jonas, #172)
- Fix
rbw codesearching by UUID (Robert Günzler, #169)
rbw getnow supports searching by URL as well (proxict, #132)rbw codenow supports--clipboard, and has an alias ofrbw totp(#127)
- Set a user agent for all API calls, not just logging in (#165)
- Also create runtime directories when running with
--no-daemonize(Wim de With, #155) - Fix builds on NetBSD (#105)
- Fix logging in when the configured email address differs in case from the email address used when registering (#158)
- Fix editing passwords inadvertently clearing custom field values (#142)
- Secure notes can now be edited (Tin Lai, #137)
- Piping passwords to
rbw editis now possible (Tin Lai, #138)
- More consistent behavior from
rbw get --field, and fix some panics (Jörg Thalheim, #131) - Fix handling of pinentry EOF (Jörg Thalheim, #140)
- Pass a user agent header to fix logging into the official bitwarden server (Maksim Karelov, #151)
- Support the official bitwarden.eu server (Edvin Åkerfeldt, #152)
- Fixed running on linux without an X11 context available. (Benjamin Jacobs, #126)
- Fixed several issues with notification-based background syncing, it should be much more reliable now.
rbw config set notifications_urlnow actually works
rbw get --clipboardto copy the result to the clipboard instead of displaying it on stdout. (eatradish, #120)- Background syncing now additionally happens when the server notifies the
agent of password updates, instead of needing to wait for the
sync_intervaltimer. (Bernd Schoolman, #115) - New helper script
rbw-pinentry-keyringwhich can be used as an alternate pinentry program (viarbw config set pinentry rbw-pinentry-keyring) to automatically read the master password from the system keyring. Currently only supports the Gnome keyring viasecret-tool. (Kai Frische, #122) - Yubikeys in OTP mode are now supported for logging into a Bitwarden server. (troyready, #123)
- Better error reporting when
rbw loginorrbw registerfail.
- argon2 actually works now (#113, Bernd Schoolmann)
rbwnow automatically syncs the database from the server at a specified interval while it is running. This defaults to once an hour, but is configurable via thesync_intervaloption- Email 2FA is now supported (#111, René 'Necoro' Neumann)
- argon2 KDF is now supported (#109, Bernd Schoolmann)
rbw --versionnow works again
rbw getnow supports a--rawoption to display the entire contents of the entry in JSON format (#97, classabbyamp)
- Support for authenticating to self-hosted Bitwarden servers using client certificates (#92, Filipe Pina)
- Support multiple independent profiles via the
RBW_PROFILEenvironment variable (#93, Skia) - Add
rbw get --field(#95, Jericho Keyne)
- Don't panic when not all stdout is read (#82, witcher)
- Fixed duplicated alias names in help output (#46)
- Restored packaged scripts to the crate bundle, since they are used by some downstream packages (no functional changes) (#81)
- Device id is now stored in a separate file in the local data directory instead of as part of the config (#74)
- Fix api renaming in official bitwarden server (#80)
bin/git-credential-rbwto be used as a git credential helper (#41, xPMo)
- Also disable swap and viminfo files when using
EDITOR=nvim(#70, Dophin2009)
- Properly handle a couple folder name edge cases in
bin/rbw-fzf(#66, mattalexx) - Support passing command line arguments via
EDITOR/VISUAL(#61, xPMo)
- Add
rbw registerto allowrbwto work with the official Bitwarden server again - see the README for details (#71)
- Use the system's native TLS certificate store when making HTTP requests.
- Correctly handle TOTP secret strings that copy with spaces (#56, TamasBarta, niki-on-github)
- Shell completion for bash, zsh, and fish (#18)
- Prebuilt binaries are now statically linked using musl, to prevent glibc version issues once and for all (#47)
- Standardize on RustCrypto in preference to ring or openssl
rbw generatecan now choose the same character more than once (#54, rjc)- Improved handling of password history for entries with no password (#51/#53, simias)
- Fix configuring base_url with a trailing slash when using a self-hosted version of the official bitwarden server (#49, phylor)
- Send warnings about failure to disable PTRACE_ATTACH to the agent logs rather than stderr
- Fix non-Linux platforms (#44, rjc)
- You can now
rbw config set pinentry pinentry-cursesto change the pinentry program used byrbw(#39, djmattyg007)
- On Linux, the
rbw-agentprocess can no longer be attached to by debuggers, and no longer produces core dumps (#42, oranenj) - Suggest rotating the user's encryption key if we see an old cipherstring type (#40, rjc)
- Prefer the value of
$VISUALwhen trying to find an editor to run, before falling back to$EDITOR(#43, rjc)
- Clarified the maintenance policy for this project in the README
- Stop hardcoding /tmp when using the fallback runtime directory (#37, pschmitt)
- Fix
rbw editclearing the match detection setting for websites associated with the edited password (#34, AdmiralNemo)- Note that you will need to
rbw syncafter upgrading and before runningrbw editin order to correctly update the local database.
- Note that you will need to
rbwshould once again be usable on systems with glibc-2.28 (such as Debian stable).
rbw codenow always displays the correct number of digits. (#25, Tyilo)- TOTP secrets can now also be supplied as
otpauthurls. - Logging into bitwarden.com with 2fa enabled now works again.
- Add support for cipherstring type 6 (fixes some vaults using an older format for organizations data). (Jake Swenson)
rbw get --fullnow displays URIs, TOTP secrets, and custom fields.- Add
rbw codefor generating TOTP codes based on secrets stored in Bitwarden. - Add
rbw unlockedwhich will exit with success if the agent is unlocked and failure if the agent is locked.
- Don't display deleted items (#22, GnunuX)
- Login passwords containing a
%now work properly (albakham).
- The pinentry window now no longer times out.
- Fix regression in
rbw getwhen not specifying a folder.
rbw getnow accepts a--folderoption to pick the folder to search in.
rbw get --fullnow also includes the username. (Jarkko Oranen)
rbwshould now be usable on systems with glibc-2.28 (such as Debian stable). (incredible-machine)
rbwnow no longer requires theXDG_RUNTIME_DIRenvironment variable to be set.
- More improved error messages.
- Authenticator-based two-step login is now supported.
- Correctly handle password retries when entering an invalid password on the official Bitwarden server.
- Fix hang when giving an empty string to pinentry.
- The error message from the server is now shown when logging in fails.
- Terminal-based pinentry methods should now work correctly (Glandos).
- Further error message improvements.
- Handle edge case where a URI entry is set for a cipher but that entry has a null URI string (Adrien CLERC).
- Set the correct default lock timeout when first creating the config file.
- Add a more useful error when
rbwis run without being configured first. - Don't throw an error when attempting to configure the base url before configuring the email.
- More improvements to error output.
- Improve warning and error output a bit.
- Fix option parsing for
rbw list --fieldsandrbw <add|generate> --uriwhich was inadvertently broken in the previous release.
- Better error message if the agent fails to start after daemonizing.
- Always automatically upgrade rbw-agent on new releases.
- Changing configuration now automatically drops in-memory keys (this should avoid errors when switching between different servers or accounts).
- Disallow setting
lock_timeoutto0, since this will cause the agent to immediately drop the decrypted keys before they can be used for decryption, even within a single run of therbwclient.
- Fix syncing from the official Bitwarden server (thanks the_fdw).
- Added a couple example scripts to the repository for searching using fzf and rofi. Contributions and improvements welcome!
- Properly maintain folder and URIs when editing an entry.
- Multi-server support - you can now switch between multiple different
bitwarden servers with
rbw config set base_urlwithout needing to redownload the password database each time. rbw config unsetto reset configuration items back to the defaultrbw listandrbw getnow support card, identity, and secure note entry types
rbwis now able to decrypt secrets from organizations you are a member of.rbw stop-agentnow waits for the agent to exit before returning.
- Move to the
ringcrate for a bunch of the cryptographic functionality. - The agent protocol is now versioned, to allow for seamless updates.
- Some packaging changes.
- Initial release