mrishu · February 19, 2026 10:11 · mrishu · Aug 28, 2025
diff --git a/bw-ssh-add b/bw-ssh-add
 #!/usr/bin/env bash

 # bw-ssh-add.sh
 # Load an SSH key stored in Bitwarden into ssh-agent
 # Must be sourced so BW_SESSION persists.
 # Add this in ~/.zshrc or ~/.bashrc:
 # bw-ssh-add() {
 #     source ~/bin/bw-ssh-add.sh "$@"
 # }

 # Prevent execution (must be sourced)
 if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
    echo "This script must be sourced:"
    echo "  source bw-ssh-add.sh [item name]"
    return 1 2>/dev/null || exit 1
 fi

 ITEM_NAME="${1:-Bitwarden SSH Key}"

 # Check dependencies
 if ! command -v bw >/dev/null 2>&1; then
    echo "Error: bitwarden-cli (bw) not installed."
    return 1
 fi

 if ! command -v jq >/dev/null 2>&1; then
    echo "Error: jq not installed."
    return 1
 fi

 STATUS_JSON=$(bw status 2>/dev/null) || {
    echo "Error: Unable to contact Bitwarden CLI."
    return 1
 }

 STATUS=$(echo "$STATUS_JSON" | jq -r '.status')

 case "$STATUS" in
    unauthenticated)
        echo "Not logged in. Logging in..."
        bw login || return 1
        echo "Unlocking vault..."
        export BW_SESSION=$(bw unlock --raw) || return 1
        ;;
    locked)
        echo "Vault locked. Unlocking..."
        export BW_SESSION=$(bw unlock --raw) || return 1
        ;;
    unlocked)  # Do nothing. BW_SESSION already exists
        ;;
    *)
        echo "Unknown Bitwarden status: $STATUS"
        return 1
        ;;
 esac

 echo "Fetching SSH key '$ITEM_NAME'..."

 ITEM_NAME="Bitwarden SSH Key"
 PRIVATE_KEY=$(bw get item "$ITEM_NAME" --session "$BW_SESSION" | jq -r '.sshKey.privateKey')

 if [[ -z "$PRIVATE_KEY" || "$PRIVATE_KEY" == "null" ]]; then
    echo "Failed to retrieve private key."
    return 1
 fi

 echo "$PRIVATE_KEY" | ssh-add - >/dev/null

 if [[ $? -eq 0 ]]; then
    echo "SSH key loaded into ssh-agent."
 else
    echo "Failed to load SSH key into ssh-agent."
    return 1
 fi
	#!/usr/bin/env bash

	# bw-ssh-add.sh
	# Load an SSH key stored in Bitwarden into ssh-agent
	# Must be sourced so BW_SESSION persists.
	# Add this in ~/.zshrc or ~/.bashrc:
	# bw-ssh-add() {
	# source ~/bin/bw-ssh-add.sh "$@"
	# }

	# Prevent execution (must be sourced)
	if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
	echo "This script must be sourced:"
	echo " source bw-ssh-add.sh [item name]"
	return 1 2>/dev/null \|\| exit 1
	fi

	ITEM_NAME="${1:-Bitwarden SSH Key}"

	# Check dependencies
	if ! command -v bw >/dev/null 2>&1; then
	echo "Error: bitwarden-cli (bw) not installed."
	return 1
	fi

	if ! command -v jq >/dev/null 2>&1; then
	echo "Error: jq not installed."
	return 1
	fi

	STATUS_JSON=$(bw status 2>/dev/null) \|\| {
	echo "Error: Unable to contact Bitwarden CLI."
	return 1
	}

	STATUS=$(echo "$STATUS_JSON" \| jq -r '.status')

	case "$STATUS" in
	unauthenticated)
	echo "Not logged in. Logging in..."
	bw login \|\| return 1
	echo "Unlocking vault..."
	export BW_SESSION=$(bw unlock --raw) \|\| return 1
	;;
	locked)
	echo "Vault locked. Unlocking..."
	export BW_SESSION=$(bw unlock --raw) \|\| return 1
	;;
	unlocked) # Do nothing. BW_SESSION already exists
	;;
	*)
	echo "Unknown Bitwarden status: $STATUS"
	return 1
	;;
	esac

	echo "Fetching SSH key '$ITEM_NAME'..."

	ITEM_NAME="Bitwarden SSH Key"
	PRIVATE_KEY=$(bw get item "$ITEM_NAME" --session "$BW_SESSION" \| jq -r '.sshKey.privateKey')

	if [[ -z "$PRIVATE_KEY" \|\| "$PRIVATE_KEY" == "null" ]]; then
	echo "Failed to retrieve private key."
	return 1
	fi

	echo "$PRIVATE_KEY" \| ssh-add - >/dev/null

	if [[ $? -eq 0 ]]; then
	echo "SSH key loaded into ssh-agent."
	else
	echo "Failed to load SSH key into ssh-agent."
	return 1
	fi
No results found