v0.1.0
Terminal UI for SSH connections, powered by your password managers.
Like sshs but pulls credentials from Bitwarden, Passbolt, and your local ~/.ssh/config — all in one searchable list.
No secrets are stored locally (except what's already in your SSH config). Credentials from password managers are fetched fresh every time you run snitch.
# Install
go install github.com/filipeneves/snitch@latest
# or build from source
go build -o snitch .Run it:
snitchOn first run a default config is created at:
| OS | Path |
|---|---|
| Linux | ~/.config/snitch/config.yaml |
| macOS | ~/Library/Application Support/snitch/config.yaml |
| Windows | %APPDATA%\snitch\config.yaml |
Other commands:
snitch setup # interactive configuration wizard
snitch version # print the versionproviders:
ssh_config:
enabled: true
# path: "~/.ssh/config" # optional, defaults to ~/.ssh/config
bitwarden:
enabled: false
# fields:
# host: "Hostname" # custom field name for the host/IP
# user: "SSH User" # custom field name for the SSH username
# port: "SSH Port" # custom field name for the port
# password: "SSH Password"
passbolt:
enabled: false
# server_url: "https://passbolt.example.com"
# private_key_file: "~/.config/snitch/passbolt_key.asc"
# passphrase: "" # GPG passphrase (direct)
# passphrase_env: "SNITCH_PASSBOLT_PASSWORD" # or load from env var
# search: "ssh" # filter resources by nameReads hosts from your standard ~/.ssh/config. Enabled by default.
Requires the Bitwarden CLI (bw) installed, logged in, and unlocked.
Store SSH entries as SSH Key items in Bitwarden. By default snitch recognises common custom field name aliases (e.g. host, hostname, server all map to the host). Use the fields block to pin exact names if your vault uses different ones.
| Field | Maps to |
|---|---|
| URI | Hostname / IP |
| Username | SSH user |
| Password | SSH password |
Custom field host / hostname / … |
Hostname / IP (overrides URI) |
Custom field port |
SSH port |
Custom field private_key / key / … |
Private key content |
Unlock your vault first:
bw unlock→ setBW_SESSIONto the printed token.
Requires a Passbolt server and your PGP private key.
| Field | Maps to |
|---|---|
| URI | Hostname / IP (supports host:port) |
| Username | SSH user |
| Password | SSH password or private key content |
| Description | Private key content (fallback) |
Set the GPG passphrase directly with passphrase, or use passphrase_env to read it from an environment variable.
| Key | Action |
|---|---|
↑ / ↓ or j / k |
Navigate |
/ |
Filter |
a |
Add a new local SSH config entry |
Enter |
Connect |
q / Ctrl+C |
Quit |
Press a to open the add form:
- Alias and HostName are required; everything else is optional.
- Port defaults to 22.
- The entry is appended to your SSH config file and appears immediately in the list.
- If a Password is provided, snitch stores it in a base64-encoded comment inside the SSH config host block.
If an entry has a password but no private key, snitch uses password authentication. Automatic password entry requires one of the following tools:
| Platform | Tool | Install |
|---|---|---|
| Linux | sshpass |
distro package manager |
| macOS | sshpass |
brew install hudochenkov/sshpass/sshpass |
| Windows | PuTTY plink |
winget install PuTTY.PuTTY |
Without these tools, OpenSSH falls back to an interactive password prompt.
- Create
src/provider/yourprovider/yourprovider.go - Implement the
provider.Providerinterface:
type Provider interface {
Name() string
Fetch() ([]SSHEntry, error)
}- Add config fields to
src/config/config.go - Register it in
main.go→buildProviders()
sshin your PATHbwCLI (only if Bitwarden is enabled)- Passbolt server access (only if Passbolt is enabled)
MIT
This project was built for personal use. A significant portion of the code was AI-generated. Use at your own risk.