faster persisted bitwarden session startup

docker-compose.yml

@@ -121,7 +121,7 @@ services:
       - PROXY_URL # http proxy to use. if USE_PROXY_HOST is enabled will be set to http://PROXY_CONTAINER_NAME:8080
       - PROXY_URL_SSL # https proxy to use. if USE_PROXY_HOST is enabled will be set to https://PROXY_CONTAINER_NAME:8080
       - PROXY_AUTO_EXPORT_ENV # auto export HTTP_PROXY and HTTPS_PROXY vars equal to PROXY_URL
-      - DEV_CONTAINER=1.10.5 # used to detect if running inside dev container
+      - DEV_CONTAINER=1.10.6 # used to detect if running inside dev container
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock # allow container to interact with host docker
       - "${GDC_DIR}:/root/gdc-host" # mount gdc folder inside container to get access to compose files

docs/bitwarden/readme.md

@@ -37,7 +37,7 @@ Copy the SSM scripts from this repo in the /root/bin/aws folder and put in your
 Add the following to your .bashrc or .zshrc file your home directory.  
 ```bash
 export AWS_PROFILE=YOUR-identity
-alias load_aliases="eval \`bw get item aws_bash_rc | jq -r '.notes'\`";
+alias load_aliases="eval \`bw get item bw_bash_rc | jq -r '.notes'\`";
 alias bw_reload="bw sync; load_aliases";
 alias unlock='export BW_SESSION="$(bw unlock --raw)"; bw sync; load_aliases; echo "export BW_SESSION=$BW_SESSION;load_aliases"'
 echo "unlock"
@@ -72,7 +72,7 @@ token to assume roles.
 
 You can then stretch the window bigger which will let you then stretch the note edit box bigger.**
 
-Using your browser log into your Bitwarden vault and create a secure note named **[company]_aws_bash_rc** with the following content:
+Using your browser log into your Bitwarden vault and create a secure note named **[company]_bash_rc** with the following content:
 ```bash
 alias [company]_aws_otp="bw get totp '[company]_aws_ident' | tr -d '\n'";
 alias [company]_aws_assume="AWS_IDENTITY_ACCOUNT=[AWS_IDENTITY_ACCOUNT] source assume-role.sh [YOUR_AWS_SSO_ACCOUNT] [YOUR-identity]";
@@ -108,7 +108,7 @@ such as:
 The above script block is soft wrapping some lines, when you enter them ensure they are on a single line.
 
 ### Additional companies (optional)
-Create a secure note named **[company2]_aws_bash_rc** with the following content:
+Create a secure note named **[company2]_bash_rc** with the following content:
 ```bash
 alias [company2]_aws_otp="bw get totp '[company2]_aws_ident' | tr -d '\n'";
 alias [company2]_aws_assume="AWS_IDENTITY_ACCOUNT=[AWS_IDENTITY_ACCOUNT] source assume-role.sh [YOUR_AWS_SSO_ACCOUNT] [YOUR-identity]";
@@ -122,10 +122,10 @@ echo "[company2] aliases loaded";
 ```
 
 ### Alias entrypoint
-Now create a secure note named **aws_bash_rc** with the following content:
+Now create a secure note named **bw_bash_rc** with the following content:
 ```bash
-eval `bw get item [company]_aws_bash_rc | jq -r '.notes'`;
-eval `bw get item [company2]_aws_bash_rc | jq -r '.notes'`; 
+eval `bw get item [company]_bash_rc | jq -r '.notes'`;
+eval `bw get item [company2]_bash_rc | jq -r '.notes'`; 
 echo "all aws aliases loaded";
 ```
 **_Omit company2 line if you are only using one company._**
@@ -137,7 +137,7 @@ company / org then eval them all from the notes you create.
 #### Core
 * unlock - unlocks your vault, syncs it with cloud, and calls load_aliases.
 * * if you are using the dev container and PERSIST_BITWARDEN_SESSION=yes then it will also write your session key to /root/persisted/.bw_session and this file will be sourced by any other shells you open to reduce need to unlock vault.
-* load_aliases - loads the secure note with name aws_bash_rc into your environment.
+* load_aliases - loads the secure note with name bw_bash_rc into your environment.
 * bw_reload - syncs vault with cloud and calls load_aliases.
 
 #### Custom

etc/skel/.bashrc

@@ -1,3 +1,4 @@
+START_TIME=$(date +%s)
 if [ "$FORCE_INTERACTIVE" != "yes" ]; then
   # If not running interactively, don't do anything
   case $- in
@@ -163,22 +164,23 @@ if [ "$USE_BITWARDEN" = "yes" ]; then
   if [ "$SHOW_VERSIONS_ON_LOGIN" = "yes" ]; then
     echo "bitwarden cli version $(bw --version)"
   fi
-  alias load_aliases="eval \`bw get item aws_bash_rc | jq -r '.notes'\`"
+  alias load_aliases="eval \`bw get item bw_bash_rc | jq -r '.notes'\`"
   alias bw_reload="bw sync; load_aliases"
 
   if [ "$PERSIST_BITWARDEN_SESSION" = "yes" ]; then
     alias unlock='export BW_SESSION="$(bw unlock --raw)"; bw sync; load_aliases; echo "export BW_SESSION=$BW_SESSION">/root/persisted/.bw_session'
     if [ -r ~/persisted/.bw_session ]; then
       echo "Attempting to load existing bitwarden session..."
       . "$HOME/persisted/.bw_session"
-      bw get item aws_bash_rc --nointeraction --quiet
-      if [ $? -ne 0 ] ; then
+      BW_RC=$(bw get item bw_bash_rc --nointeraction 2>/dev/null | jq -r '.notes' 2>/dev/null)
+      if [ -z "$BW_RC" ] ; then
         echo -e $bldred"Existing session invalid$txtrst. Please run '$bldgrn""unlock$txtrst'"
         rm -f ~/persisted/.bw_session
         bw sync --nointeraction --quiet
       else
-        eval `bw get item aws_bash_rc | jq -r '.notes'`
+        eval $BW_RC
       fi
+      unset BW_RC
     else
       echo -e $bldylw"No existing bitwarden session found$txtrst. Please run '$bldgrn""unlock$txtrst'"
     fi
@@ -274,4 +276,5 @@ if [[ -n "$PROXY_URL" && "$PROXY_AUTO_EXPORT_ENV" = "yes" ]]; then
   export HTTP_PROXY=$PROXY_URL
   export HTTPS_PROXY=$PROXY_URL
 fi
-
+END_TIME=$(date +%s)
+echo "Shell startup took $(($END_TIME - $START_TIME)) seconds"

k8s/etc/skel/.bashrc

@@ -158,7 +158,7 @@ fi
 
 if [ "$USE_BITWARDEN" = "yes" ]; then
   echo "bitwarden cli version $(bw --version)"
-  alias load_aliases="eval \`bw get item aws_bash_rc | jq -r '.notes'\`"
+  alias load_aliases="eval \`bw get item bw_bash_rc | jq -r '.notes'\`"
   alias bw_reload="bw sync; load_aliases"
 
   if [ "$PERSIST_BITWARDEN_SESSION" = "yes" ]; then