diff --git a/_articles/getting-started/releasenotes.md b/_articles/getting-started/releasenotes.md new file mode 100644 index 00000000..588e10f8 --- /dev/null +++ b/_articles/getting-started/releasenotes.md @@ -0,0 +1,32 @@ +--- +layout: article +title: Release Notes +categories: [release-notes] +featured: true +popular: true +hidden: false +tags: [release notes] +order: +--- + +Bitwarden believes source code transparency is an absolute requirement for security solutions like ours. View full, detailed Release Notes in GitHub using any of the following links: +- [Server Releases](https://github.com/bitwarden/server/releases){:target="\_blank"} +- [Web Releases](https://github.com/bitwarden/web/releases){:target="\_blank"} +- [Desktop Releases](https://github.com/bitwarden/desktop/releases){:target="\_blank"} +- [Browser Extension Releases](https://github.com/bitwarden/browser/releases){:target="\_blank"} +- [Mobile Releases](https://github.com/bitwarden/mobile/releases){:target="\_blank"} +- [CLI Releases](https://github.com/bitwarden/cli/releases){:target="\_blank"} +- [Directory Connector Releases](https://github.com/bitwarden/directory-connector/releases){:target="\_blank"} +- [jslib Releases](https://github.com/bitwarden/jslib/releases){:target="\_blank"} + +## Release Announcements + +## 11/12/2020: SSO Enhancements +The latest release of Bitwarden adds SSO-related enhancements to all client applications, including: +- **New Enterprise Policies:** The Single Organization and Single Sign-On Authentication polices are now available for use by Enterprise Organizations (see [here](https://bitwarden.com/help/article/policies/) for details). +- **API Key for CLI:** Authenticate into the Bitwarden CLI using an API Key newly available from your Web Vault (see [here](https://bitwarden.com/help/article/public-api-key/) for details). +- **Improvements to SSO Onboarding:** We've made some improvements to the way users are onboarded via SSO to prevent potential security risks (see [here](https://github.com/bitwarden/server/pull/945) for details). +- **GDPR Acknowledgement:** From now on, new users of Bitwarden will be asked to acknowledge a Privacy Policy on registration. + +## 09/30/2020: Login with SSO +The latest release of Bitwarden adds much-anticipated **Login with SSO** functionality for all client applications, and the Business Portal for Web Vaults. Read this [blog post](https://bitwarden.com/blog/post/bitwarden-launches-sso-authentication/) for more information about Login with SSO, and refer to our [documentation](https://bitwarden.com/help/login-with-sso). diff --git a/_articles/miscellaneous/cli.md b/_articles/miscellaneous/cli.md index 9fa935e8..464c7f65 100644 --- a/_articles/miscellaneous/cli.md +++ b/_articles/miscellaneous/cli.md @@ -7,18 +7,21 @@ popular: false tags: [cli, command, script, bash, shell, powershell, terminal] --- -Bitwarden provides a powerful, full-featured command-line interface (CLI) tool to access and manage your Bitwarden vault. All features that you find in other Bitwarden client applications (desktop, browser extension, etc) are also available through the CLI. The CLI can be used cross-platform on Windows, macOS, and Linux distributions. +Bitwarden provides a powerful, full-featured command-line interface (CLI) tool for accessing and managing your Bitwarden vault. All features that you find in other Bitwarden client applications (Desktop, Browser Extension, etc.) are also available through the CLI. + +The CLI can be used cross-platform on Windows, macOS, and Linux distributions. {% image cli.png %} -## Table of Contents +### In This Article - [Quick Start](#quick-start) -- [Download & Install](#download--install) +- [Download and Install](#download-and-install) - [Native executable](#native-executable) - [NPM](#npm) - [Other Package Managers](#other-package-managers) - [Session Management](#session-management) + - [Logging In](#logging-in) - [Environment Variable](#environment-variable) - [`--session ` Option](#--session-key-option) - [Locking](#locking) @@ -55,61 +58,82 @@ Bitwarden provides a powerful, full-featured command-line interface (CLI) tool t ## Quick Start -1. [Download and install](#download--install) the CLI for your platform. -2. Move `bw` to `/usr/local/bin` or another directory in your `$PATH`. Windows users can [add `bw.exe` to the current user's `PATH`](https://www.howtogeek.com/118594/how-to-edit-your-system-path-for-easy-command-line-access/){:target="_blank"}. If you installed the CLI with [NPM](https://www.npmjs.com/package/@bitwarden/cli){:target="_blank"} (or another package manager) you can skip this step since `bw` should automatically be added to your path. -3. Verify the `bw` command works in your terminal. +1. [Download and install](#download-and-install) the CLI for your platform. +2. Move `bw` to `/usr/local/bin` or another directory in your `$PATH`. Windows users can [add `bw.exe` to the current user's `PATH`](https://www.howtogeek.com/118594/how-to-edit-your-system-path-for-easy-command-line-access/){:target="_blank"}. + + **If you installed the CLI with [NPM](https://www.npmjs.com/package/@bitwarden/cli){:target="_blank"} or another package manager you can skip this step as `bw` will automatically be added to your path.** +3. Verify the `bw` command works in your terminal: bw --help -## Download & Install +## Download and Install -You can install the Bitwarden CLI multiple different ways: +You can install the Bitwarden CLI in a few different ways: ### Native executable -Natively packaged versions of the CLI for each platform have no dependencies. +Natively packaged versions of the CLI are available for each platform and have no dependencies: - {% icon fa-windows fa-lg fa-fw %} [Windows x64](https://vault.bitwarden.com/download/?app=cli&platform=windows) - {% icon fa-apple fa-lg fa-fw %} [macOS x64](https://vault.bitwarden.com/download/?app=cli&platform=macos) - {% icon fa-linux fa-lg fa-fw %} [Linux x64](https://vault.bitwarden.com/download/?app=cli&platform=linux) In UNIX systems you might get a `Permission denied` message. If you do, in order to grant permissions you can run -```bash -chmod +x +``` +bash chmod +x ``` ### NPM If you already have the Node.js runtime installed on your system, you can install the CLI using [NPM](https://www.npmjs.com/package/@bitwarden/cli){:target="_blank"}. NPM makes it easy to keep your installation updated and should be the preferred installation method if you are already using Node.js. - - npm install -g @bitwarden/cli +``` +npm install -g @bitwarden/cli +``` ### Other Package Managers - [Chocolatey](https://chocolatey.org/packages/bitwarden-cli){:target="_blank"} - - choco install bitwarden-cli + ``` + choco install bitwarden-cli + ``` - [Homebrew](https://formulae.brew.sh/formula/bitwarden-cli){:target="_blank"} - - brew install bitwarden-cli + ``` + brew install bitwarden-cli + ``` - [Snap](https://snapcraft.io/bw){:target="_blank"} - - sudo snap install bw + ``` + sudo snap install bw + ``` ## Session Management -You can log into your Bitwarden user account by using the `login` command: +### Logging In - bw login [email] [password] +There are a few ways to log into your Bitwarden user account from the command line, all using the `login` command: +``` +bw login [email] [password] +``` +where `email` is your account Email Address and `password` is your Master Password. +``` +bw login [email] [password] --method --code +``` +where `` is your Two-step Login method (see [Enums](#enums)), and `` is your Two-step Login code. +``` +bw login --apiKey +``` +where `--apiKey` will prompt you to enter your personal `client_id` and `client_secret`. For more information, see [Personal API Key for CLI Authentication](https://bitwarden.com/help/article/personal-api-key/). +``` +bw login --sso +``` +where `--sso` starts the SSO Authentication flow from a browser. +You can also pass the `--raw` option to *only receive the session key* from stdout. -After successfully logging into the CLI a *session key* will be returned. This session key is necessary to perform any commands that require your vault to be unlocked (`list`, `get`, `edit`, etc). You can pass the `--raw` option to `login` to receive *only the session key* from stdout. - - bw login [email] [password] --raw - -You should pass the session key to CLI commands by setting the `BW_SESSION` environment variable or by using the `--session ` option: +After successfully logging into the CLI a *session key* will be returned. This session key is necessary to perform any commands that require your vault to be unlocked (`list`, `get`, `edit`, etc.). ### Environment Variable +Pass the session key to CLI commands by setting the `BW_SESSION` environment variable or by using the `--session ` option: + {% icon fa-linux %} {% icon fa-apple %} Bash export BW_SESSION="5PBYGU+5yt3RHcCjoeJKx/wByU34vokGRZjXpSH7Ylo8w==" @@ -128,6 +152,12 @@ You should pass the session key to CLI commands by setting the `BW_SESSION` envi It is possible to persist your session key to your environment (for example, exporting it in `.bashrc`), however, we do not recommend doing this. Your active session key is the encryption key used to unlock all data associated with your Bitwarden vault and is not well-suited for persisting on an unprotected disk. {% endnote %} +### `--apiKey` Variables + +The Bitwarden CLI will look for non-empty environment variables `BW_CLIENTID` or `BW_CLIENTSECRET`. Save these environment variables with your `client_id` and `client_secret` to prevent Bitwarden from prompting you every time. + +You will still need to enter your Master Password to decrypt your Vault. + ### Locking If you do not pass the session key to commands that require it you will receive an error message that your vault is *locked*. You can unlock your vault and/or receive a new session key by using the `unlock` command: diff --git a/_articles/miscellaneous/personal-api-key.md b/_articles/miscellaneous/personal-api-key.md new file mode 100644 index 00000000..f3c7e9e0 --- /dev/null +++ b/_articles/miscellaneous/personal-api-key.md @@ -0,0 +1,53 @@ +--- +layout: article +title: Personal API Key for CLI Authentication +categories: [miscellaneous] +featured: false +popular: false +tags: [api key, cli] +--- + +Your Bitwarden Personal API Key can be used as an alternative method for authenticating into the Command Line Interface (CLI). + +{% note %} +Your Personal API Key is not the same as the API Key used to access the Bitwarden Public API for organization management. Personal API Keys will have a `client_id` with format `"user.clientId"`, while Organization API Keys will have a `client_id` with format `"organization.ClientId"`. +{% endnote %} + +### In This Article +- [Get your Personal API Key](#get-your-personal-api-key) + - [Rotate Your API Key](#rotate-your-api-key) +- [Authenticate using Your API Key](#authenticate-using-your-api-key) + +## Get Your Personal API Key + +Complete the following steps to get your Personal API Key: + +1. Login to your [Web Vault](https://vault.bitwarden.com){:target="_blank"} and select the **Settings** tab. +2. From the **My Account** screen, scroll down to the **API Key** section. +3. Select the **View API Key** button will prompt you to enter your Master Password. + + Once correctly entered, you will be provided the following: + - `client_id: "user.clientId"` (This value is unique to your account and does not change.) + - `client_secret: "clientSecret"` (This value is unique and can be rotated.) + - `scope: "api"` (This value will always be `"api"`.) + - `grant_type: "client_credentials"` (This value will always be `"client_credentials"`.) + +### Rotate Your API Key + +Select the **Rotate API Key** button to rotate your personal API Key. Rotating your Key will only change your `client_secret`. + +Rotating your key will invalidate your previous key and all active sessions using that key. + +## Authenticate using your API Key + +To use your API Key to authenticate into the CLI, enter the following command: +``` +bw login --apiKey +``` +which will prompt you to enter the obtained `client_id` and `client_secret` to authenticate. Once you enter these values, enter your Master Password to decrypt your Vault. For more information, see [Bitwarden command line tool (CLI)](https://bitwarden.com/help/article/cli/). + +### Environment Variables + +The Bitwarden CLI will look for non-empty environment variables `BW_CLIENTID` or `BW_CLIENTSECRET`. Save these environment variables with your `client_id` and `client_secret` to prevent Bitwarden from prompting you every time. + +You will still need to enter your Master Password to decrypt your Vault. diff --git a/_articles/organizations/policies.md b/_articles/organizations/policies.md index ec8db079..bb13235f 100644 --- a/_articles/organizations/policies.md +++ b/_articles/organizations/policies.md @@ -26,6 +26,8 @@ Bitwarden highly recommends setting Enterprise Policies prior to inviting users - [Two-Step Login Policy](#two-step-login) - [Master Password Policy](#master-password) - [Password Generator Policy](#password-generator) + - [Single Organization Policy](#single-organization) + - [Single Sign-On Authentication Policy](#single-sign-on-authentication) ## Setting Enterprise Policies @@ -38,7 +40,7 @@ Policies can be set in two locations: ### Two-Step Login -Enabling the **Two-step Login** policy will require users to use any two-step login method to access their Vaults. +Enabling the **Two-step Login** policy will require non-Owner/non-Admin users to use any two-step login method to access their Vaults. {% warning %} **Users in the Organization who do not have two-step login enabled will be removed from the Organization when you enable this policy.** @@ -82,3 +84,21 @@ Existing non-compliant passwords **will not** be changed when this policy is ena A banner will appear to users on the Password Generator screen indicating that a policy will affect their generator settings. {% endwarning %} + +### Single Organization + +Enabling the **Single Organization** policy will restrict non-Owner/non-Admin members of your Organization from being able to join other Organizations, or from creating other Organizations. + +{% warning %} +**Users in the Organization who are members of multiple Organizations will be removed from the Organization when you enable this policy.** + +Users who are removed as a result of this policy will be notified via email, and must be re-invited to the Organization. Users will not be able to be confirmed to the Organization until they have removed themselves from all other Organizations. +{% endwarning %} + +### Single Sign-On Authentication + +Enabling the **Single Sign-On Authentication** policy will require non-Owner/non-Admin users to log in with Enterprise Single Sign-On. For more information, see [Access Your Vault using SSO](https://bitwarden.com/help/article/sso-access-your-vault/). + +{% note %} +The **Single Organization** policy must be enabled before activating this policy. +{% endnote %} diff --git a/_categories/release-notes.md b/_categories/release-notes.md new file mode 100644 index 00000000..822fbcef --- /dev/null +++ b/_categories/release-notes.md @@ -0,0 +1,5 @@ +--- +layout: category +title: Release Notes +featured: true +---