For additional protection of the Bitwarden session ID file, it will now
be stored in the directory specified by the `XDG_RUNTIME_DIR`
environment variable. On most systems, this is a tmpfs filesystem owned
and only accessible by the current user.
The curses-based pinentry defaults to using its standard input stream to
display the prompt, but this fails when stdin is a pipe. It does
provide a command-line argument to specify a specific file name, though.
If the cached session ID is not valid (e.g. `bw lock` has been run since
the cache file was written), `Vault.load()` will now attempt to unlock
the vault again and update the saved session ID.
Bitwarden can store multiple different types of items in the vault, such
as credit cards and "secure notes." These are not useful in the context
of `bwpass`, so they can be ignored when loading items from the vault.
The `bwpass` command attempts to replicate the main functionality of
`pass` on top of `bw`. Since `bw` is incredibly slow, it tries to avoid
spawning it whenever possible by caching the list of items. It also
manages the Bitwarden CLI session by reading the session token from a
file. If the file does not exist, it will prompt for the vault master
password using `pinentry`, unlock the session, and store the new token.
Dustin C. Hatch
Dustin