A systemd integration for bitwarden-cli, handling bw login and bw unlock; with a bw wrapper to use the resulting session key.

Firstly, set your GPG signature key fingerprint(s) in $XDG_CONFIG_HOME/bw-systemd/.gpg-id (or $HOME/.config/bw-systemd/.gpg-id) for pass. (This can be a symlink to a .gpg-id in another pass store dir if you wish.)

then obtain your Bitwarden client ID & secret (for bw login --apikey) and password; then store them ([systemd-creds`](https://systemd.io/CREDENTIALS/)-encrypted) when prompted with:

bw-systemd-set-creds [--no-overwrite]

and finally:

systemctl --user enable --now /path/to/bw-login.service
systemctl --user enable --now /path/to/bw-session.service

On Arch, you can use the included PKGBUILD to makepkg -si, or install from the AUR.

• bw-systemd-set-creds is used to set credentials on first use, or API key/master password rotation;
• bw-login.service will provide bw login on user login, and bw logout on exit;
• bw-session.service manages a session key provided by bw unlock, until it bw locks the vault again on exit;
• bw-systemd is a wrapper around bw (the Bitwarden CLI) that uses the --session provided by bw-session.service.

You may like to ln -s $(which bw-systemd) /usr/local/bin/bw, in order that you can use bw as normal but pick up the managed session.